Privacy Policy for Clients


Like other organisations we need to keep your information safe, up-to-date, only use it for what we said we would, destroy it when we no longer need it and, most importantly, treat the information we obtain fairly. In accordance with the General Data Protection Regulation (GDPR) we have implemented this privacy policy to provide you, our client, with details of how we collect and process your personal data through your use of our website,, including any information you may provide. We also include within this policy the reasons for processing your data, the lawful basis that permits us to process it, how long we keep your data and your rights regarding your data.


Rehab Beyond Cancer is the data controller and we are responsible for your personal data (referred to as “we”, “us” or “our” in this privacy notice). The appointed Data Protection Officer who is in charge of privacy-related matters for us is Lynn de Dombal. If you have any questions about this privacy policy, then please telephone Lynn on 07864 538025 or via email at

If you are not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), or the UK supervisory authority for data protection issues ( We should be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you.

It is very important that the information we hold about you is accurate and up-to-date. Please let us know if at any time your personal information changes by emailing us at


Personal data means any information capable of identifying an individual. It does not include anonymised data. It is mandatory to provide us with this information. The different types of personal data may include the following:

Identity Data may include your first name, maiden name, last name, marital status, title, date of birth and gender.

Contact Data may include your address, next of kin, email address and telephone numbers.

Financial Data may include your Health Insurance, bank account and payment card details. Your payment information (e.g. credit card details) provided when you make a payment is not received or stored by us.

Profile Data may include feedback and survey responses.

Marketing and Communications Data may include your preferences in receiving marketing communications from us and your communication preferences.

External medical records may include records we collect from you such as records from GPs, consultants and other healthcare professionals. It also may include the responses to medical questions asked to ensure you are safe for treatment and exercise. These will always be collected with your consent.

Treatment notes may include notes written during and following your consultations.

Analytical and statistical data monitor details of your visits to our website and the resources that you access including, but not limited to, traffic data, location data, weblogs and other communication data (but this data will not identify you personally).

We may also process Aggregated Data from your personal data, but this data does not reveal your identity and, as such, in itself is not personal data. An example of this is where we review your Profile Data to give us statistics on feedback received from clients. If we link the Aggregated Data with your personal data so that you can be identified from it, then it is treated as Personal data.

We collect Sensitive Data about your health to help us assess and treat you appropriately. We do not collect any other Sensitive Data about you. Sensitive Data refers to data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We do not collect any information about criminal convictions and offences.


Personal Data is kept within secure IT systems using Cookies. We collect data about you through a variety of different methods including:

  • Direct interactions provided by filling in forms on our website or at your consultation
  • By booking an appointment with us
  • By buying products from us
  • When you give us feedback
  • During your consultation.


The law on data protection allows us to process your data for certain reasons only. In the main, we process your data to comply with legal requirements or in order to manage your treatment.

We will use your data for the sole use of the purposes of the business. The only occasion your data may be shared with a third party would be with another health professional such as a GP, occupational therapist, dietician or fitness instructor (see signposting). This would only be done with your consent.


Set out below is a description of the ways we intend to use your Personal Data and the legal grounds on which we will process such data. We have also explained what our legitimate interests are where relevant.

Purpose/activity Type of data Lawful basis for processing
To register you as a new client Identity Contact   Legal obligation
To provide effective physiotherapy treatment using external medical notes and treatment notes Identity Contact Treatment notes External medical notes   Legal obligation
To manage our relationship with you which will include: Notifying you about changes to our terms or privacy policy Asking you to leave a review or take a survey   Identity Contact Profile Marketing and Communications Legal obligation
To ensure we receive payment for treatments and products Identity Contact Financial Transaction   Legal obligation
To administer and protect our business and our site (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) Identity Contact Technical Necessary for our legitimate interests for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise Legal obligation  
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences   Technical Usage Our legitimate interests. To develop our business and inform our marketing strategy


We will only use your Personal Data for the purposes for which we have collected it unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.

If we need to use your Personal Data for a purpose unrelated to the purpose for which we collected the data, we will notify you and we will explain the legal ground of processing.

We may process your Personal Data without your knowledge or consent where this is required or permitted by law. 


The protection and security of your data is very important to us and we have procedures in place to ensure your data is well protected and in accordance with UK and EU legislation

We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know such data. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality.


We are required to retain your information as an adult for up to 8 years after conclusion of treatment or death. We have to retain data for this period due to our legal obligations under healthcare regulations.

In some circumstances we may anonymise your Personal Data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.


From May 2018 data protection legislation gives you a number of rights regarding your information. Some of these are new rights whilst others build on your existing rights. Your rights are as follows:

  • Request access to your Personal Data and request a copy. This is commonly known as making a subject access request
  • Request correction of your Personal Data
  • Request erasure of your Personal Data. For example, where we no longer need that specific information
  • Object to processing of your Personal Data
  • Request restriction of processing your Personal Data. For example, if you tell us that the information is inaccurate, we can only use it for limited purposes while we check its accuracy
  • Request transfer of your Personal Data. This can be in a format that can be read by computer
  • Right to withdraw consent

You can see more about these rights at:

If you wish to exercise any of the rights set out above, please email us

You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.


This website may include links to third party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third party websites and are not responsible for their privacy statements. When you leave our website we encourage you to read the privacy notice of every website you visit. 


Our website uses cookies to gather information about your computer for our services and to provide statistical information regarding the use of our website. Such information will not identify you personally. You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For more information about the cookies we use, please see


If you wish to lodge a complaint in relation to our security policy, you can do so by sending an email to Alternatively, if you wish to contact the supervisory authority of data, you can contact the Information Commissioners Office (IOC) whose contact details can be found at: