Last updated: March 2026
GW Osteopathy Surrey Ltd is committed to protecting the privacy and security of your personal data. This policy explains how we collect, use, and protect your information when you interact with our website, book a consultation, or receive treatment.
1. Who we are
| Website: | www.gwosteopathy.co.uk |
| Company Name: | GW Osteopathy Surrey Ltd |
| Company Registration No.: | 13975332 (Registered in England and Wales) |
| Registered Address: | C/O Centora James Limited Jury Farm, Ripley Lane, West Horsley, Surrey, England, KT24 6JT |
| Data Protection Contact: | Gemma Ware |
| Email Address: | info@gwosteopathy.co.uk |
2. The data we collect about you
Due to the nature of osteopathic care, we collect “Special Category Data” which requires a higher level of protection:
- Identity & Contact Data: Name, date of birth, address, email, and phone number.
- Health & Clinical Data: Medical history, symptoms, lifestyle details, physical assessment findings, and clinical notes. This is required by law to provide safe and effective treatment.
- Technical Data: IP address and browsing patterns when you use our website.
- Transaction Data: Details about payments for services rendered.
3. Lawful basis for processing
We process your data under the following legal grounds:
- Contractual Necessity: To manage your appointments and provide the osteopathic services you have requested.
- Legal Obligation: To maintain medical records in accordance with the standards set by the General Osteopathic Council (GOsC).
- Health & Social Care: Under Article 9(2)(h) of the UK GDPR, we process health data for the provision of health or social care treatment.
- Legitimate Interests: For the effective management of our clinical practice.
4. How we use your data
Your information is used to:
- Conduct clinical consultations and physical assessments.
- Create and maintain your patient record.
- Send appointment confirmations and reminders.
- Process secure payments.
- With your consent, send you exercises or health-related updates.
5. Sharing your data
We do not sell your data. We only share information with:
- Practice Management Software: GDPR-compliant platforms used for secure electronic records and bookings.
- Other Healthcare Providers: Only with your explicit consent (e.g., providing a report to your GP or consultant).
- Professional Advisers: If necessary for insurance or legal purposes.
6. Data security & retention
We implement robust technical and organizational measures to ensure your health records are kept private and secure.
- Retention: In line with UK clinical standards, adult records are typically retained for 8 years after your last treatment. For minors, records are kept until their 25th birthday.
7. Your legal rights
Under the UK GDPR, you have the right to:
- Access: Request a copy of your clinical notes and personal data.
- Correction: Ask us to rectify inaccurate information.
- Erasure: Request deletion of data (subject to our legal requirement to maintain medical records).
- Withdraw Consent: Opt-out of any marketing communications at any time.
To exercise these rights, please contact Gemma Ware at info@gwosteopathy.co.uk.
8. Complaints
If you have concerns about our data usage, please contact us first. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at www.ico.org.uk.