Privacy Policy
Denovo Physio & Rehab Limited
Who We Are
Denovo Physio & Rehab Limited
Company Registration Number: 16465888
Registered Address: 5 Meadow Street, Preston, PR1 1TR
Contact Email: info@denovophysio.co.uk
1. Introduction
At Denovo Physio & Rehab Limited, we are committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your personal data in line with the UK General Data Protection Regulation (UK GDPR) and other relevant laws.
2. What Information We Collect
We may collect and process the following types of personal data:
Full name
Contact details (email, phone number, address)
Date of birth
Medical history and clinical notes (with your consent)
Appointment and treatment information (including virtual consultations)
Communications between you and the clinic
Payment information (if applicable)
Website usage data (see Cookie section below)
This data may be collected when you:
Contact us directly
Book an appointment
Complete a registration or consent form
Use our website or online booking system
Participate in virtual consultations
Interact with us by phone, email, or in person
3. How We Use Your Information
We use your personal data to:
Provide in-person and virtual physiotherapy and rehabilitation services
Manage appointments and treatment records
Send appointment confirmations and reminders
Communicate important information about your care
Comply with legal and regulatory obligations
Improve our services and patient experience
We process your data on the basis of consent, contract, legitimate interest, or legal obligation, depending on the context.
Messaging & Live Chat (WhatsApp & HubSpot)
We provide booking and general enquiry messaging via WhatsApp Business and HubSpot Live Chat. These channels are intended for non-clinical queries only—please do not share medical information. We process the content of your message, your contact details and basic technical data to respond to your enquiry.
Lawful basis: legitimate interests (responding to your request).
Retention: up to 90 days for operational/audit purposes (non-clinical messages only), after which messages are deleted unless needed for legal reasons. WhatsApp messages are end-to-end encrypted between you and us.
4. Data Security
We take appropriate technical and organisational measures to protect your data against unauthorised access, alteration, disclosure, or loss. This includes:
Secure clinical record systems
Encrypted data storage
Access control for authorised personnel only
Regular system updates and reviews
5. Sharing Your Information
We do not sell or share your personal data for marketing purposes. We may share data:
With your GP or other healthcare providers (with your consent)
With service providers (e.g., clinic software providers, email/SMS systems, secure video conferencing platforms) under strict confidentiality
When required by law (e.g., for safeguarding, insurance claims, or legal compliance)
All third-party providers are GDPR-compliant and only process data as necessary to deliver their services.
6. International transfers
Some of our service providers (e.g., HubSpot and WhatsApp/Meta) may process your personal data outside the UK/EEA. When this happens, we use approved safeguards—such as the EU Standard Contractual Clauses with the UK Addendum or the UK International Data Transfer Agreement (IDTA)—to keep your data protected. You can contact us for more details about these safeguards.
7. Your Rights
You have the following rights under UK data protection law:
To access the personal data we hold about you
To correct or update inaccurate data
To request deletion of your data (where applicable)
To object to or restrict certain types of data processing
To withdraw consent (where consent is the basis for processing)
To lodge a complaint with the Information Commissioner’s Office (ICO)
To exercise any of these rights, please contact us at:
info@denovophysio.co.uk
8. Cookies & Website Tracking
Our website uses cookies to enhance your experience and analyse website traffic. Cookies are small text files stored on your device.
We use:
Essential cookies – required for the website and booking system to function properly
Analytical cookies – such as Google Analytics, to understand how visitors use the site and improve performance
Third-party cookies – used by services such as booking widgets or embedded maps
When you visit our site, a cookie banner allows you to accept or manage non-essential cookies. You can also disable cookies via your browser settings. Blocking some cookies may affect functionality.
For more detail, please see our [Cookie Policy].
9. Use of Automated Tools & Systems
We use digital tools to improve efficiency and support your care, including:
Online booking and clinic management software
Automated appointment reminders (email or SMS)
Feedback and patient experience tools
Website analytics (e.g., Google Analytics)
Secure messaging or email services
Secure video conferencing platforms for virtual consultations
These tools may collect technical or usage data. Importantly, no automated decision-making or profiling is used for clinical diagnosis or treatment. All medical decisions are made by qualified healthcare professionals.
10. Data Retention
We retain your personal data only as long as necessary:
Medical records are typically retained for 8 years after the end of treatment (or until age 25 for children), as required by UK healthcare regulations
Non-clinical data (e.g., email inquiries) may be retained for up to 12–24 months for business or legal purposes
After this period, data will be securely deleted or anonymised.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Any changes will be posted on our website, with the most recent revision date.
Last updated: 10-october-2025
12. Contact Us
If you have any questions about this Privacy Policy or how your data is handled, please get in touch:
