BOOK NOW

Privacy Policy

Last updated: 26 December 2025

Ola Chiropractic (“we”, “us”, “our”) is committed to protecting and respecting your privacy.
This policy explains how we collect, use, store, and protect your personal data when you use our services or visit our website.
We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are
Practice name: Ola Chiropractic
Address: Totnes, Devon, UK
Email: olachiropractic@gmail.com
Telephone: 01803862565
Data Controller: Ola Chiropractic

2. What Personal Data We Collect
We may collect and process the following information:
a) Identity & Contact Data
  • Name
  • Address
  • Email address
  • Phone number
  • Date of birth
b) Health & Clinical Data (Special Category Data)
  • Medical history
  • Symptoms and diagnoses
  • Treatment notes and progress
  • Imaging or referrals (if applicable)
c) Administrative & Booking Data
  • Appointment history
  • Payment and invoice records
  • Correspondence
  • Online booking data
d) Website & Technical Data
  • IP address
  • Browser type
  • Pages visited
  • Cookie data
3. How We Collect Your Data
We collect data when you:
  • Register as a patient
  • Book or attend appointments (online or in person)
  • Complete medical intake forms
  • Contact us by phone, email, or website
  • Subscribe to our mailing list
  • Use our website (via cookies)
4. Lawful Basis for Processing
Purpose
Providing healthcare
Clinical record keeping
Appointment management
Newsletters & updates
Website analytics
Practice administration
Lawful Basis
Article 9(2)(h) – Health or social care
Legal obligation
Contract
Consent
Consent
Legitimate interests
5. How We Use Your Data
We use your data to:
  • Provide chiropractic treatment safely and effectively
  • Maintain accurate clinical records
  • Manage bookings and payments
  • Send appointment reminders
  • Send newsletters or updates (only if you opt in)
  • Comply with legal and regulatory obligations
6. Third-Party Services We Use
We use trusted third-party systems to run our practice:
Provider
Practice Hub
Mailchimp
Payment providers
Website hosting provider
Purpose
Practice management, online bookings, clinical records
Email newsletters and communications
Processing payments
Hosting and security
These providers process data on our behalf under GDPR-compliant data processing agreements. Some providers (such as Mailchimp) may store data outside the UK. Where this happens, appropriate safeguards such as Standard Contractual Clauses are in place.

7. How We Store and Protect Your Data
  • Data is stored securely within encrypted digital systems (including Practice Hub and Mailchimp) or in locked physical files.
  • Access is restricted to authorised staff only.
  • We use appropriate technical and organisational security measures.
8. Data Retention
  • Adult clinical records: retained for 8 years after last treatment
  • Children’s records: retained until age 25 (or 26 if treated at 17)
  • Marketing data: retained until you unsubscribe
9. Your Rights You have the right to:
  • Access your data
  • Correct inaccurate data
  • Request erasure where applicable
  • Restrict or object to processing
  • Data portability
  • Withdraw consent at any time
You can exercise these rights by contacting us.

10. Cookies
Our website uses cookies to improve your experience. You can manage cookies via your browser or cookie banner.

11. Complaints
If you have concerns, please contact us.
You also have the right to complain to:
Information Commissioner’s Office (ICO)
www.ico.org.uk
0303 123 1113

12. Changes to This Policy
We may update this policy from time to time. The latest version will always be available on our website.