PRIVACY POLICY — ACTIVE SPORTS THERAPY

Last updated: June 2026

1. WHO WE ARE

Active Sports Therapy is a private sports performance and injury rehabilitation clinic based in Rowledge, Surrey, UK. We provide one-to-one clinical services including sports therapy, injury rehabilitation, and sports massage.

Data controller: Mike Edwards, Active Sports Therapy

Contact: mike@activesportstherapy.rehab

Address: ActiveSportsTherapy, Rowledge, Surrey GU10 4DS

2. WHAT INFORMATION WE COLLECT

We collect and process the following categories of personal information:

- Contact details — name, email address, phone number, and address

- Health and medical information — injury history, medical background, symptoms, treatment notes, and rehabilitation progress (special category data under UK GDPR)

- Booking information — appointment dates, times, and session history

- Payment information — billing records (we do not store card details directly)

- Website usage data — cookies and analytics data when you visit our website

- Communications — messages sent via our contact form, email, or other channels

3. WHY WE COLLECT YOUR INFORMATION

We use your personal information for the following purposes:

- To provide clinical assessment, treatment, and rehabilitation services

- To manage appointments and send booking confirmations or reminders

- To maintain accurate clinical records as required by professional standards

- To process payments for services

- To respond to enquiries made via our website or contact channels

- To comply with legal and regulatory obligations

Our lawful basis for processing your data is:

- Contract — processing necessary to deliver the services you have requested

- Legitimate interests — managing our business, maintaining records, and communicating with clients

- Legal obligation — retaining clinical records as required by professional guidelines

- Explicit consent — for the processing of special category health data

4. SPECIAL CATEGORY DATA (HEALTH INFORMATION)

Health and medical information is classified as special category data under UK GDPR and receives the highest level of protection. We process this data solely to provide you with clinical care and maintain appropriate treatment records. We will always obtain your explicit consent before collecting health information, and you may withdraw this consent at any time.

5. WHO WE SHARE YOUR INFORMATION WITH

We do not sell, rent, or trade your personal information. We may share data with:

- Acuity Scheduling — our online booking platform, which processes your name, contact details, and appointment information

- Squarespace — our website provider, which may collect analytics and cookie data

- Payment processors — to facilitate secure payment transactions

- Other healthcare professionals — only with your explicit consent

- Legal or regulatory authorities — if required by law

6. HOW LONG WE KEEP YOUR INFORMATION

- Clinical records — retained for a minimum of 8 years following the last appointment

- Booking and contact information — retained for as long as you are an active client, plus a reasonable period thereafter

- Financial records — retained for 6 years in line with HMRC requirements

7. COOKIES AND WEBSITE DATA

Our website uses cookies including essential cookies and analytics cookies. You can manage your preferences via our cookie banner or your browser settings.

8. YOUR RIGHTS UNDER UK GDPR

You have the right to: access your data, rectification, erasure, restrict processing, data portability, object to processing, and withdraw consent. Contact us to exercise any of these rights. We will respond within one calendar month.

9. DATA SECURITY

We use appropriate technical and organisational measures to protect your information against unauthorised access, loss, or disclosure.

10. INTERNATIONAL DATA TRANSFERS

Some third-party providers may process data outside the UK. Where this occurs, we ensure appropriate safeguards are in place in accordance with UK GDPR requirements.

11. COMPLAINTS

If you are unhappy with how we handle your personal data, please contact us first. You also have the right to complain to the Information Commissioner's Office (ICO): ico.org.uk | 0303 123 1113

12. CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time. The current version will always be available on our website.