Maria Elliott Physiotherapy Services (MEPS)
This Privacy Policy explains how PelvicAngels Ltd, trading as Maria Elliott Physiotherapy Services (“MEPS”, “we”, “us” or “our”), collects, uses, shares and protects your personal data when you visit our website, contact us, book or attend an appointment or event, receive treatment at our clinic, buy products from us, apply for a job, or otherwise interact with us. It also explains your rights under data protection law and how to exercise them.
As a healthcare provider we take particular care with your health information. We handle all personal data in line with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 and our professional obligations as regulated healthcare professionals.
Please read this policy carefully. By using our website and services you confirm you have read and understood it.
PelvicAngels Ltd, trading as Maria Elliott Physiotherapy Services, is the “controller” responsible for your personal data.
Our clinicians are regulated healthcare professionals (for example physiotherapists registered with the Health and Care Professions Council (HCPC) and members of the Chartered Society of Physiotherapy (CSP), and osteopaths registered with the General Osteopathic Council (GOsC)). We follow the standards and record-keeping requirements set by these bodies.
If you have any questions about this policy or about how we handle your personal data, please contact us using the details above.
This policy applies to:
Depending on how you interact with us, we may collect the following categories of personal data.
This is “special category” data and is given extra protection — see section 6.
We do not knowingly collect more data than we need for the purposes described in this policy.
We collect personal data:
Under UK GDPR we must have a lawful basis for using your personal data. We rely on the following:
| What we use your data for | Lawful basis |
|---|---|
| Assessing, treating and caring for you, and keeping clinical records | Performance of a contract; compliance with our professional and legal obligations (plus a special category condition — see section 6) |
| Managing appointments, classes, events and bookings | Performance of a contract; our legitimate interests in running the clinic |
| Taking payment, processing insurance claims, and keeping financial records | Performance of a contract; compliance with a legal obligation (e.g. tax and accounting) |
| Communicating with your GP, consultants or other healthcare professionals about your care | Performance of a contract; our legitimate interests in providing safe, joined-up care (plus a special category condition) |
| Responding to your enquiries and providing customer support | Our legitimate interests in helping you; performance of a contract |
| Sending you appointment reminders and service messages | Performance of a contract; our legitimate interests |
| Sending you marketing about our services, classes, events and products | Your consent, or our legitimate interests where you are an existing patient/customer and have not opted out |
| Improving and securing our website and services, analytics and understanding usage trends | Our legitimate interests in improving and protecting our services |
| Recruitment and assessing job applications | Our legitimate interests; taking steps to enter into a contract; compliance with a legal obligation |
| Complying with legal, regulatory and professional obligations and dealing with disputes or claims | Compliance with a legal obligation; our legitimate interests |
| Handling a sale, merger or reorganisation of our business | Our legitimate interests |
Where we rely on legitimate interests, we have considered the impact on you and do not use your data where your interests and rights override ours. You can ask us about our legitimate interests assessments at any time.
Most of the information we hold about patients is health information, which is “special category” data under UK GDPR and is given extra protection.
We only process health data where we have both a lawful basis (section 5) and an additional condition for special category data. We usually rely on:
In limited circumstances we may also rely on other conditions, such as protecting your or someone else’s vital interests in an emergency, or the establishment, exercise or defence of legal claims.
All of our clinicians and staff are bound by a duty of confidentiality. We apply additional safeguards to health data and limit access to those involved in your care or the administration of it.
We may send you marketing about our services, classes, events and products where you have consented, or where you are an existing patient or customer and we are permitted to do so by law. We use a third-party email platform (Mailchimp) to manage our mailing list.
You can opt out of marketing at any time by:
Opting out of marketing will not stop us sending you essential service messages, such as appointment confirmations and reminders.
Our website uses cookies and similar technologies (such as web beacons, tags and scripts) to make the site work, remember your preferences, understand how the site is used, and support our marketing.
We use a mix of essential, functionality, analytics and (where you consent) advertising cookies. Some content embedded on our site — for example maps and videos — is provided by third parties (such as Google) who may set their own cookies.
You can control cookies through your browser settings and through the cookie controls on our website. Please note that blocking some cookies may affect how the website works.
For full details, please see our Cookie Policy.
We do not sell your personal data. We treat your health information as confidential and share it only where necessary, and with appropriate safeguards in place, with the following categories of recipient:
We require all our processors to keep your data secure and to use it only for the purposes we specify.
We are based in the UK and aim to store and process personal data within the UK or the European Economic Area (EEA) where possible. However, some of our service providers may process data outside the UK/EEA.
Where we transfer personal data outside the UK, we make sure it is protected by an appropriate safeguard recognised under UK data protection law, such as:
You can contact us for more information about the safeguards we use.
We keep your personal data only for as long as we need it for the purposes set out in this policy, including to provide your care, to meet our legal, regulatory, professional, tax and accounting obligations, to resolve disputes, and to defend legal claims.
Retention periods vary depending on the type of data. In particular:
When we no longer need your personal data, we securely delete or anonymise it.
We take the security of your personal data seriously and use appropriate technical and organisational measures to protect it against unauthorised access, loss, misuse or alteration, and to limit access to those who need it. Our staff are trained in confidentiality and data protection.
However, no method of transmission over the internet or method of electronic storage is completely secure. While we strive to protect your personal data, we cannot guarantee its absolute security, and any transmission is at your own risk.
Under UK data protection law you have the following rights in relation to your personal data:
To exercise any of these rights, please contact us at info@meps.org.uk or by post at 16 Glentworth Street, London, NW1 5PG. We will respond within the time limits set by law (normally one month). We may need to verify your identity before acting on your request, and in some cases we may be entitled to retain certain information where we have a legal or professional obligation to do so.
There is normally no charge for exercising your rights.
If you have a concern about how we handle your personal data, please contact us first so we can try to put things right.
You also have the right to lodge a complaint with the UK’s data protection regulator:
Information Commissioner’s Office (ICO)
Website: https://ico.org.uk
Helpline: 0303 123 1113
If your concern is about your clinical care, you can also raise it with us directly or with the relevant professional regulator (such as the HCPC or GOsC).
Our website may contain links to third-party websites and services that we do not operate or control (for example booking systems, payment providers, social media platforms and our mailing-list provider). This policy does not apply to those third parties. We encourage you to read the privacy policy of every website you visit.
We may update this Privacy Policy from time to time. When we do, we will post the updated version on this page and update the “Last updated” date at the top. Where changes are significant, we will provide a more prominent notice, which may include notifying you by email.
We encourage you to review this policy periodically.
If you have any questions about this Privacy Policy or about how we handle your personal data, you can contact us:
Connect with us!
Lets get started