Privacy Policy
CR Physiotherapy Clinic
Last updated: 28 June 2026
CR Physiotherapy Clinic is committed to protecting your privacy and handling your personal information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
This Privacy Policy explains how we collect, use and protect your personal information when you visit our website or use our physiotherapy services.
Who We Are
CR Physiotherapy Clinic
Website: www.crphysiotherapy.com
Email: info@crphysiotherapy.com (change if required)
Clinical Director: Chris Royston
HCPC Registered Physiotherapist
Chartered Society of Physiotherapy Member
What Information We Collect
We may collect:
Personal Information
-
Name
-
Email address
-
Telephone number
-
Address (where required)
-
Date of birth (during assessment)
Health Information
When you become a patient we may collect:
-
Medical history
-
Injury history
-
Medication
-
GP details
-
Imaging reports
-
Treatment notes
-
Exercise programmes
-
Clinical outcomes
This information is classed as Special Category Health Data under UK GDPR.
Information Collected Through Our Website
When you use our website we may collect:
-
IP address
-
Browser type
-
Device information
-
Pages visited
-
Time spent on pages
-
Referral source
-
Cookies
This information helps us improve our website and understand how visitors use it.
How We Use Your Information
We use your information to:
-
Arrange appointments
-
Provide physiotherapy assessment and treatment
-
Maintain accurate clinical records
-
Process payments
-
Respond to enquiries
-
Send appointment reminders
-
Improve our services
-
Comply with legal and professional obligations
We only collect information that is necessary.
Online Booking
Appointments may be managed using Cliniko.
Cliniko securely stores patient information on encrypted servers and complies with UK GDPR requirements.
You can view Cliniko's Privacy Policy on their website.
Payments
Payments may be processed using Square.
CR Physiotherapy Clinic does not store your payment card details.
Square securely processes all card payments in accordance with industry security standards.
Artificial Intelligence
CR Physiotherapy Clinic may use Heidi AI to assist with the preparation of clinical documentation.
Heidi AI is used only as a clinical support tool.
Clinical decisions are always made by your treating physiotherapist.
Patient information processed through Heidi AI is handled in accordance with UK data protection legislation and healthcare confidentiality requirements.
Google Analytics
We use Google Analytics to understand how visitors use our website.
Google Analytics collects anonymous information such as:
-
Pages visited
-
Time spent on the website
-
Device type
-
General location
This information helps improve our website.
Google Analytics does not identify individual users.
Google Search Console
We use Google Search Console to monitor the performance of our website in Google Search.
No personally identifiable patient information is collected through Search Console.
Cookies
Our website uses cookies to:
-
Improve website performance
-
Understand visitor behaviour
-
Monitor website traffic
-
Improve user experience
You can manage or disable cookies through your browser settings.
How We Store Your Information
We take reasonable steps to keep your information secure.
This includes:
-
Secure password-protected systems
-
Encrypted clinical records
-
Secure cloud-based software
-
Restricted access to patient information
How Long We Keep Your Information
Clinical records are retained in accordance with professional guidance and legal requirements.
Records are normally retained for the period recommended by UK healthcare record retention guidance.
Sharing Your Information
We will never sell your personal information.
We may share information only when necessary:
-
With your GP (with your consent unless legally required)
-
With consultants or other healthcare professionals involved in your care
-
Where required by law
-
With secure service providers who help us operate our business (such as Cliniko or Square)
Your Rights
Under UK GDPR you have the right to:
-
Access your personal information
-
Correct inaccurate information
-
Request deletion where appropriate
-
Restrict processing
-
Object to processing in certain circumstances
-
Request a copy of your information
Requests should be made in writing using the contact details above.
Data Security
We take appropriate technical and organisational measures to protect your information against:
-
Loss
-
Unauthorised access
-
Misuse
-
Disclosure
Third-Party Websites
Our website may contain links to third-party websites.
CR Physiotherapy Clinic is not responsible for the privacy practices of external websites.
Changes to This Policy
This Privacy Policy may be updated from time to time.
The latest version will always appear on this website.
Contact
If you have any questions regarding this Privacy Policy or how your personal information is handled, please contact:
CR Physiotherapy Clinic
Website: www.crphysiotherapy.com
Email: info@crphysiotherapy.com
