Trish Formby Physio

Privacy Policy · Terms & Conditions · Cookie Policy

Privacy Policy

Last updated: 09/05/2026

This Privacy Policy explains how Trish Formby Physio (“we”, “us”, “our”) collects, uses and protects personal data when you visit trishformbyphysio.co.uk or use any of our services. We are committed to handling your data responsibly and transparently in accordance with UK GDPR and the Data Protection Act 2018.

1. Who we are

Trish Formby Physio is the data controller for the personal information we collect through this website.

Address: Southwood Farm, Shore Rd, Bosham, PO188QL

Email: hello@trishformbyphysio.co.uk

ICO registration number: ZC142986

2. The information we collect

We collect personal information when you choose to share it with us. This may include:

•  Identity & contact data: name, email address, phone number.

•  Newsletter & waitlist data: email address (and optionally name) when you join the mailing list.

•  Membership data (when our online membership launches): username, password, billing address, and subscription history.

•  Health information: where you choose to share it through enquiry forms, intake forms, or 1:1 consultations. This is treated as special category data and given additional protection.

•  Payment data: handled by our payment provider (currently Square; Stripe in future). We do not store your full card details.

•  Usage data: IP address, browser type, device type, pages visited, referral source. Collected automatically by Squarespace and any analytics tools — see our Cookie Policy.

3. How we use your information and the legal basis for processing

Under UK GDPR we must have a lawful basis for processing your data. We rely on the following:

•  To respond to enquiries you send us (legitimate interest).

•  To send you the newsletter or waitlist updates you have signed up for (consent — you can withdraw at any time using the unsubscribe link in any email).

•  To provide and administer 1:1 physiotherapy services (performance of a contract; for health information, your explicit consent and our professional duties as a Chartered Physiotherapist).

•  To deliver and manage online membership access when launched (performance of a contract).

•  To take payment and prevent fraud (legitimate interest and legal obligation).

•  To comply with legal, regulatory and professional obligations including HCPC and CSP standards (legal obligation).

•  To improve the website (legitimate interest, with cookies handled per our Cookie Policy).

4. Special category (health) data

Where you share information about your health, injuries, or medical history — for example through enquiry forms, intake questionnaires, or 1:1 sessions — this is treated as “special category data” under UK GDPR. We process it only with your explicit consent and only for the purposes for which you provided it (typically to assess and deliver appropriate physiotherapy care). It is stored securely and access is restricted to those who need it to provide your care.

5. Who we share your data with

We do not sell your personal data. We share data only with trusted service providers who help us run the business, including:

•  Squarespace, Inc. — our website and hosting platform.

•  Our email/newsletter provider — to send marketing emails you’ve consented to receive.

•  Our payment processor (Square; Stripe when the membership launches) — to process payments.

•  Professional bodies (HCPC, CSP) and regulators where we are required by law or professional duty.

•  Our accountant, legal advisers and insurers, where appropriate.

Each of these providers acts as a data processor on our behalf and is bound by data protection obligations.

6. International transfers

Some of our service providers (including Squarespace) are based in the United States. Where personal data is transferred outside the UK, we ensure appropriate safeguards are in place — typically the UK International Data Transfer Agreement, the EU Standard Contractual Clauses, or transfers to countries deemed adequate by the UK government.

7. How long we keep your data

•  Newsletter / waitlist data: until you unsubscribe.

•  1:1 patient records: retained for the period required by professional and legal obligations (typically a minimum of 8 years from last contact for adult records; longer for paediatric records). This is in line with CSP and HCPC guidance.

•  Membership account data: for the duration of your membership and for up to 6 years after cancellation, for accounting and legal purposes.

•  Enquiry data: up to 2 years after our last contact unless you become a client, in which case the patient-records retention applies.

8. Your rights

Under UK GDPR you have the right to:

•  Access the personal data we hold about you.

•  Ask us to correct inaccurate or incomplete data.

•  Ask us to erase your data (subject to legal and professional retention obligations).

•  Restrict or object to certain processing.

•  Receive a copy of your data in a portable format.

•  Withdraw consent at any time, where processing is based on consent.

•  Lodge a complaint with the Information Commissioner’s Office (ICO) — ico.org.uk — though we’d appreciate the chance to address any concerns first.

To exercise any of these rights, email hello@trishformbyphysio.co.uk

9. Cookies

Our website uses cookies and similar technologies. For details, see our Cookie Policy.

10. Children

Our services are not directed at children under 16. We do not knowingly collect personal data from children. If you believe we have collected data about a child, please contact us at hello@trishformbyphysio.co.uk.

11. Changes to this policy

We may update this policy from time to time. The “last updated” date at the top will reflect any changes. Material changes will be communicated via email if appropriate.

12. Contact

For any privacy question or to exercise your rights, contact us at hello@trishformbyphysio.co.uk.