Privacy Policy

Last updated: January 2026

1. Purpose

This Privacy Policy explains how The London Road Chiropractic Clinic collects, uses, stores, and protects personal data, and how individuals can exercise their rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

The clinic is committed to handling personal data lawfully, fairly, and transparently.

2. Data Controller Details

The London Road Chiropractic Clinic is the data controller responsible for your personal data.

Address:
220 London Road, Leicester, LE2 1NE

Telephone:
0116 254 2380

Email:
admin@lrcc.uk

Data protection enquiries should be directed to the Clinic Manager using the contact details above.

3. Scope

This Privacy Policy applies to:

  • Patients and former patients

  • Individuals making enquiries

  • Carers and family members where relevant

It covers all personal data processed in connection with the provision of chiropractic care and clinic operations.

4. Personal Data We Collect

4.1 Personal and Contact Information

  • Name

  • Address

  • Telephone number

  • Email address

  • Date of birth

4.2 Clinical (Health) Information

  • Medical history

  • Presenting complaints

  • Examination findings

  • Diagnoses and treatment records

  • Clinical notes relating to care provided

This information is classed as special category data under UK GDPR.

4.3 Financial Information

  • Payment records

  • Card payments processed via Clover and Stripe

The clinic does not store full card details. Payment information may be securely stored by Stripe within the booking and diary system in accordance with their security standards.

5. How We Collect Personal Data

Personal data may be collected:

  • Directly from you (in person, forms, email, or telephone)

  • Through the electronic diary and practice management system

  • During the course of providing chiropractic care

6. Website Use and Online Enquiries

If you contact the clinic via the website or online enquiry forms, personal data will be used to respond to your enquiry and, where appropriate, arrange appointments.

The clinic website may use cookies and analytics tools to help improve website performance and user experience. Further information is available in the clinic’s Cookie Policy.

7. How We Use Personal Data

Personal data is used to:

  • Provide chiropractic assessment and treatment

  • Maintain accurate clinical records

  • Manage appointments and reminders

  • Process payments

  • Communicate with you about your care

  • Meet legal, regulatory, and professional obligations

Personal data is not used for marketing without your explicit consent.

8. Lawful Basis for Processing

8.1 General Personal Data (Article 6 UK GDPR)

Processing is based on:

  • Performance of a contract (providing chiropractic care)

  • Legal obligations (record keeping and regulation)

  • Legitimate interests (safe and effective clinic management)

8.2 Special Category (Health) Data (Article 9 UK GDPR)

Processing is based on:

  • Article 9(2)(h): provision of health care and treatment by regulated professionals

Consent is not the primary lawful basis for processing clinical data, as care is provided under healthcare and contractual grounds. Consent may be used for optional services or communications, such as marketing.

9. Storage and Security of Data

Personal data may be stored:

  • In paper format

  • In electronic format using secure systems

Electronic systems may include:

  • Third-party diary and practice management software

  • Cloud-based storage services

  • Email services managed by external IT providers

Access to personal data is restricted to authorised clinicians and staff only.

10. Sharing Personal Data

Personal data is shared only where lawful and necessary, including with:

  • Third-party service providers supporting clinic systems

  • Payment processors such as Clover and Stripe

  • Other healthcare professionals involved in your care (e.g. GPs and imaging providers)

  • Regulatory or legal authorities where required

Clinical Referrals and Shared Care

Where required for your care, relevant clinical information may be shared with other healthcare professionals. This will be discussed with you and, where necessary, consent will be obtained.

All third parties are required to comply with UK GDPR and appropriate data protection agreements are in place.

11. International Data Transfers

Some third-party service providers used by the clinic (such as cloud storage, email services, and payment processors) may process or store personal data outside the UK.

Where this occurs, the clinic ensures appropriate safeguards are in place, such as International Data Transfer Agreements (IDTAs) or UK adequacy regulations, to protect your personal data.

12. Data Retention

Clinical records are retained in line with professional and legal guidance:

  • Adults: Minimum of 8 years from the date of last treatment

  • Children and young people: Until the patient’s 25th birthday (or 26th if treatment ended at age 17)

Records may be retained for longer where required for legal, regulatory, or indemnity purposes.
Once retention periods expire, records are securely deleted or destroyed.

13. Individual Rights

Under UK GDPR, you have the right to:

  • Access your personal data

  • Request correction of inaccurate or incomplete data

  • Request erasure (where applicable)

  • Restrict processing

  • Object to processing

  • Request data portability

  • Withdraw consent where consent is the lawful basis

Requests can be made using the contact details above.

14. Data Security Measures

The clinic uses appropriate technical and organisational measures to protect personal data, including:

  • Secure storage of paper records in locked or controlled-access areas

  • Electronic access controls and system protections

  • Staff confidentiality obligations

15. Data Breaches

In the event of a personal data breach that poses a risk to individual rights and freedoms:

  • Affected individuals will be informed where required

  • The Information Commissioner’s Office (ICO) will be notified in line with legal requirements

16. Complaints About Data Protection

If you are unhappy with how your personal data is handled, please contact the clinic in the first instance so we can address your concerns.

You also have the right to complain to the Information Commissioner’s Office (ICO):
Website: https://www.ico.org.uk

17. Automated Decision-Making

The clinic does not use automated decision-making or profiling as defined under Article 22 of UK GDPR.

The London Road Chiropractic Clinic