Privacy Policy

Last updated: October 2025

This Privacy Policy explains how Nicola Louise Osteopathy (“we”, “our”, “us”) collects, uses, stores, and protects your personal information. We are committed to safeguarding your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who we are

Nicola Louise Osteopathy
Website: www.nicolalouiseosteopathy.com
Email: nicolalouisestt@gmail.com
ICO Registration Number: ZB225982

We provide professional healthcare and wellbeing treatments, including Osteopathy, Manual Lymphatic Drainage (MLD), ScarWork, Oncology Massage, and Sports Massage, to patients in the United Kingdom.

2. Information we collect

We collect and process personal information necessary to provide safe and effective care, manage appointments, and meet our legal obligations. This may include:

  • Identification and contact details – name, date of birth, address, phone number, and email address.

  • Health and medical information – relevant medical history, symptoms, lifestyle factors, medications, treatment notes, and consent forms.

  • Payment information – processed securely via third-party providers (e.g. Stripe, LoPay).

  • Appointment and communication records – booking details, confirmations, and correspondence.

  • Mailing list information – your name and email address (where you have opted in).

3. How we collect information

We may collect personal information when you:

  • Book an appointment or complete a contact form via our website.

  • Communicate with us by email, phone, or in person.

  • Provide health details during consultations or treatments.

  • Join our mailing list or consent to receive updates.

4. How we use your information

Your information is used to:

  • Provide appropriate assessment, treatment, and ongoing care.

  • Manage bookings, confirmations, and payment processing.

  • Maintain accurate clinical, administrative, and financial records.

  • Communicate regarding your appointments, follow-ups, or practice updates.

  • Comply with professional, legal, and regulatory obligations.

  • Send newsletters or updates (only with your explicit consent).

5. Lawful basis for processing

We process your personal data under the following lawful bases (as defined by UK GDPR):

  • Contract: to deliver treatment and manage your appointments.

  • Legal obligation: to maintain health records as required by law and professional regulation.

  • Consent: for inclusion in our mailing list or non-essential communications.

  • Legitimate interests: to manage practice operations and ensure continuity of care.

6. How we store and protect your information

  • Patient records are stored securely within our practice management system (currently Acuity, moving to Cliniko) which complies with GDPR standards.

  • Payment data is processed securely by Stripe (for online bookings) and LoPay (for in-person payments). We do not store full card details.

  • Access to data is restricted to authorised personnel only.

  • We use appropriate technical and organisational measures to prevent unauthorised access, loss, or misuse.

  • Health records are retained for at least 8 years after the last appointment (or until a child turns 25, whichever is later), in line with statutory requirements.

7. Sharing your information

We do not sell or share your personal information.
Your data may be shared only with:

  • Secure service providers that support our operations (e.g. Cliniko, Acuity, Stripe, LoPay).

  • Regulatory or legal authorities, if required by law.

All third-party processors are GDPR-compliant and process data only on our instructions.

8. Your rights

Under UK GDPR, you have the right to:

  • Request access to your personal data.

  • Request correction of any inaccurate information.

  • Request erasure of your data (where legally appropriate).

  • Restrict or object to certain types of processing.

  • Withdraw consent for non-essential communications at any time.

  • Lodge a complaint with the Information Commissioner’s Office (ICO) if you believe your data has been mishandled.

You can contact the ICO at www.ico.org.uk.

9. Cookies and website analytics

Our website may use cookies or basic analytics to improve performance and user experience.
You can adjust your browser settings to manage or disable cookies at any time.

10. Updates to this policy

We may update this Privacy Policy periodically.
Any changes will be posted on this page with an updated revision date.

11. Contact

If you have any questions, concerns, or requests about how your data is handled, please contact:

Nicola Louise Osteopathy
Email: nicolalouisestt@gmail.com
Website: www.nicolalouiseosteopathy.com