Privacy Policy

Version Date: January 1st 2026

Maria Elliott Physiotherapy Services (MEPS)

This Privacy Policy explains how PelvicAngels Ltd, trading as Maria Elliott Physiotherapy Services (“MEPS”, “we”, “us” or “our”), collects, uses, shares and protects your personal data when you visit our website, contact us, book or attend an appointment or event, receive treatment at our clinic, buy products from us, apply for a job, or otherwise interact with us. It also explains your rights under data protection law and how to exercise them.

As a healthcare provider we take particular care with your health information. We handle all personal data in line with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 and our professional obligations as regulated healthcare professionals.

Please read this policy carefully. By using our website and services you confirm you have read and understood it.


1. Who we are

PelvicAngels Ltd, trading as Maria Elliott Physiotherapy Services, is the “controller” responsible for your personal data.

Our clinicians are regulated healthcare professionals (for example physiotherapists registered with the Health and Care Professions Council (HCPC) and members of the Chartered Society of Physiotherapy (CSP), and osteopaths registered with the General Osteopathic Council (GOsC)). We follow the standards and record-keeping requirements set by these bodies.

If you have any questions about this policy or about how we handle your personal data, please contact us using the details above.


2. Who this policy applies to

This policy applies to:

  • Patients who enquire about, book, or receive any of our treatments, assessments or classes (including the Mummy MOT, Pregnancy MOT, Menopause MOT, pelvic health and musculoskeletal physiotherapy, osteopathy and related services);
  • Website visitors who browse our site, complete a form, or contact us;
  • Event and class attendees (for example antenatal classes, Pilates, menopause workshops and breathwork sessions);
  • Customers who buy products, packages or vouchers from our shop;
  • Job applicants who apply to work with us; and
  • Anyone who subscribes to our communications or engages with us on social media.

3. The personal data we collect

Depending on how you interact with us, we may collect the following categories of personal data.

Identity and contact details

  • First and last name
  • Email address
  • Telephone number
  • Postal address and billing address
  • Date of birth and, where relevant, emergency contact and next-of-kin details
  • GP details, where you provide them

Health and clinical information (special category data)

  • Information about your medical history, symptoms, pregnancy and birth history, menopause and pelvic health, and the reason for your visit
  • Pre-screening questionnaires and consent forms you complete
  • Assessment findings, clinical notes, diagnoses, treatment and rehabilitation plans, progress notes and outcomes
  • Correspondence with you, your GP, consultants or other healthcare professionals about your care

This is “special category” data and is given extra protection — see section 6.

Booking, purchase and payment data

  • Appointment, class and event bookings and attendance records
  • Details of products, packages and services you buy
  • Payment and transaction records (note: card payments are processed by our payment providers — we do not store full card numbers)
  • Insurance details, where you are paying through private medical insurance

Enquiry and communications data

  • Information you give us through our contact, enquiry or free-trial forms (such as your name, email, phone number and your message)
  • Your marketing and communication preferences
  • Records of your correspondence with us

Job applicant data

  • Where you apply for a role with us, the information in your CV, application and covering letter, your references, qualifications and right-to-work information

Technical and usage data

  • IP address, browser type and version, device type and identifiers, operating system
  • Pages you visit, time and date of your visit, time spent on pages, referring website, and other diagnostic and analytics data
  • Cookie and similar tracking data (see our Cookie Policy)

We do not knowingly collect more data than we need for the purposes described in this policy.


4. How we collect your personal data

We collect personal data:

  • Directly from you — when you book or attend an appointment, complete a pre-screening questionnaire or consent form, fill in a form on our website, make a purchase, subscribe to our communications, apply for a job, or contact us by phone, email or in person.
  • During the course of your care — clinical information generated by our practitioners as they assess and treat you.
  • Automatically — when you use our website, through cookies and similar technologies (see section 8 and our Cookie Policy).
  • From third parties — for example your GP, consultant or another healthcare professional who refers you; your insurer; payment providers; our booking and communications platforms; and (where you choose to engage with us through them) social media platforms.

5. How we use your personal data and our lawful bases

Under UK GDPR we must have a lawful basis for using your personal data. We rely on the following:

What we use your data forLawful basis
Assessing, treating and caring for you, and keeping clinical recordsPerformance of a contract; compliance with our professional and legal obligations (plus a special category condition — see section 6)
Managing appointments, classes, events and bookingsPerformance of a contract; our legitimate interests in running the clinic
Taking payment, processing insurance claims, and keeping financial recordsPerformance of a contract; compliance with a legal obligation (e.g. tax and accounting)
Communicating with your GP, consultants or other healthcare professionals about your carePerformance of a contract; our legitimate interests in providing safe, joined-up care (plus a special category condition)
Responding to your enquiries and providing customer supportOur legitimate interests in helping you; performance of a contract
Sending you appointment reminders and service messagesPerformance of a contract; our legitimate interests
Sending you marketing about our services, classes, events and productsYour consent, or our legitimate interests where you are an existing patient/customer and have not opted out
Improving and securing our website and services, analytics and understanding usage trendsOur legitimate interests in improving and protecting our services
Recruitment and assessing job applicationsOur legitimate interests; taking steps to enter into a contract; compliance with a legal obligation
Complying with legal, regulatory and professional obligations and dealing with disputes or claimsCompliance with a legal obligation; our legitimate interests
Handling a sale, merger or reorganisation of our businessOur legitimate interests

Where we rely on legitimate interests, we have considered the impact on you and do not use your data where your interests and rights override ours. You can ask us about our legitimate interests assessments at any time.


6. Special category (health) data

Most of the information we hold about patients is health information, which is “special category” data under UK GDPR and is given extra protection.

We only process health data where we have both a lawful basis (section 5) and an additional condition for special category data. We usually rely on:

  • the provision of health or social care or treatment and the management of healthcare services, carried out by, or under the responsibility of, a health professional bound by a duty of confidentiality; and/or
  • your explicit consent, where appropriate.

In limited circumstances we may also rely on other conditions, such as protecting your or someone else’s vital interests in an emergency, or the establishment, exercise or defence of legal claims.

All of our clinicians and staff are bound by a duty of confidentiality. We apply additional safeguards to health data and limit access to those involved in your care or the administration of it.


7. Marketing and your choices

We may send you marketing about our services, classes, events and products where you have consented, or where you are an existing patient or customer and we are permitted to do so by law. We use a third-party email platform (Mailchimp) to manage our mailing list.

You can opt out of marketing at any time by:

  • Clicking the “unsubscribe” link in any marketing email; or
  • Contacting us at info@meps.org.uk.

Opting out of marketing will not stop us sending you essential service messages, such as appointment confirmations and reminders.


8. Cookies and tracking technologies

Our website uses cookies and similar technologies (such as web beacons, tags and scripts) to make the site work, remember your preferences, understand how the site is used, and support our marketing.

We use a mix of essential, functionality, analytics and (where you consent) advertising cookies. Some content embedded on our site — for example maps and videos — is provided by third parties (such as Google) who may set their own cookies.

You can control cookies through your browser settings and through the cookie controls on our website. Please note that blocking some cookies may affect how the website works.

For full details, please see our Cookie Policy.


9. Who we share your personal data with

We do not sell your personal data. We treat your health information as confidential and share it only where necessary, and with appropriate safeguards in place, with the following categories of recipient:

  • Our clinicians and staff involved in your care or its administration.
  • Other healthcare professionals — such as your GP, consultants, or other practitioners — where this is necessary for your care and, where appropriate, with your consent.
  • Insurers, where you are paying for treatment through private medical insurance and we need to process your claim.
  • Service providers and processors who help us run our business, including website hosting, IT and security providers, our clinic/booking and patient-records system, email and communications platforms (including Mailchimp), analytics providers, and customer support tools. These providers act on our instructions under contract.
  • Payment providers who process payments for appointments, packages and products on our behalf.
  • Technology and platform providers such as Google (for example analytics, maps and security tools) and social media platforms where you choose to engage with us through them.
  • Professional advisers such as accountants, auditors, insurers and lawyers.
  • Regulators and authorities, where we are required to disclose information by law, to comply with a legal, regulatory or professional obligation, to respond to a valid request from a public authority, to protect our rights or property, to prevent or investigate wrongdoing, or to protect the safety of individuals (including safeguarding concerns).
  • Buyers or successors, if we sell, transfer or reorganise our business or assets, in which case personal data may be transferred as part of that transaction.

We require all our processors to keep your data secure and to use it only for the purposes we specify.


10. International transfers

We are based in the UK and aim to store and process personal data within the UK or the European Economic Area (EEA) where possible. However, some of our service providers may process data outside the UK/EEA.

Where we transfer personal data outside the UK, we make sure it is protected by an appropriate safeguard recognised under UK data protection law, such as:

  • a transfer to a country covered by UK “adequacy” regulations; or
  • the use of the UK’s International Data Transfer Agreement (IDTA) or the International Data Transfer Addendum to the EU Standard Contractual Clauses, together with any additional measures needed.

You can contact us for more information about the safeguards we use.


11. How long we keep your personal data

We keep your personal data only for as long as we need it for the purposes set out in this policy, including to provide your care, to meet our legal, regulatory, professional, tax and accounting obligations, to resolve disputes, and to defend legal claims.

Retention periods vary depending on the type of data. In particular:

  • Clinical records are kept in line with professional guidance and our legal obligations. As a guide, adult health records are generally retained for a minimum of 8 years after your last treatment, while records relating to children and to maternity care are kept for longer.
  • Financial and transaction records are kept for the period required by tax and accounting law.
  • Unsuccessful job applicant data is kept for a limited period after the recruitment process ends.
  • Usage and analytics data is generally kept for a shorter period.

When we no longer need your personal data, we securely delete or anonymise it.


12. How we keep your personal data secure

We take the security of your personal data seriously and use appropriate technical and organisational measures to protect it against unauthorised access, loss, misuse or alteration, and to limit access to those who need it. Our staff are trained in confidentiality and data protection.

However, no method of transmission over the internet or method of electronic storage is completely secure. While we strive to protect your personal data, we cannot guarantee its absolute security, and any transmission is at your own risk.


13. Your rights

Under UK data protection law you have the following rights in relation to your personal data:

  • Access — to request a copy of the personal data we hold about you, including your health records.
  • Rectification — to ask us to correct inaccurate or incomplete data.
  • Erasure — to ask us to delete your data in certain circumstances. Please note this right is limited for clinical records, which we are required to retain for set periods.
  • Restriction — to ask us to limit how we use your data in certain circumstances.
  • Portability — to receive certain data in a structured, commonly used, machine-readable format, or to have it transferred to another controller.
  • Objection — to object to our processing based on legitimate interests, and to object to direct marketing at any time.
  • Withdraw consent — where we rely on your consent, to withdraw it at any time (this will not affect the lawfulness of processing before withdrawal).
  • Rights relating to automated decision-making — we do not make decisions about you based solely on automated processing that produce legal or similarly significant effects.

To exercise any of these rights, please contact us at info@meps.org.uk or by post at 16 Glentworth Street, London, NW1 5PG. We will respond within the time limits set by law (normally one month). We may need to verify your identity before acting on your request, and in some cases we may be entitled to retain certain information where we have a legal or professional obligation to do so.

There is normally no charge for exercising your rights.


14. Your right to complain

If you have a concern about how we handle your personal data, please contact us first so we can try to put things right.

You also have the right to lodge a complaint with the UK’s data protection regulator:

Information Commissioner’s Office (ICO)
Website: https://ico.org.uk
Helpline: 0303 123 1113

If your concern is about your clinical care, you can also raise it with us directly or with the relevant professional regulator (such as the HCPC or GOsC).


15. Links to other websites

Our website may contain links to third-party websites and services that we do not operate or control (for example booking systems, payment providers, social media platforms and our mailing-list provider). This policy does not apply to those third parties. We encourage you to read the privacy policy of every website you visit.


16. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will post the updated version on this page and update the “Last updated” date at the top. Where changes are significant, we will provide a more prominent notice, which may include notifying you by email.

We encourage you to review this policy periodically.


17. Contact us

If you have any questions about this Privacy Policy or about how we handle your personal data, you can contact us: