Privacy Notice (UK GDPR Compliant)

Data Controller

Brightlingsea Osteopathy t/a Ben Sibbons Osteopath is the Data Controller responsible for your personal data.

Information We Collect

We collect personal details (name, address, DOB, contact details), medical history, treatment records, and appointment information. Health information is special category data under UK GDPR.

Lawful Basis for Processing

Article 6(1)(b) – Contract (provision of healthcare services).
Article 6(1)(c) – Legal obligation.
Article 9(2)(h) – Provision of healthcare (medical diagnosis and treatment).

How We Use Your Data

To provide safe osteopathic care, maintain accurate records, communicate regarding appointments, and comply with professional/legal obligations. We do not sell your data.

Data Retention

Clinical records are retained in line with professional guidance (typically 8 years after last treatment for adults; longer for children).

Your Rights

You have the right to access, rectify, erase (where applicable), restrict processing, object to processing, and lodge a complaint with the Information Commissioner's Office (ICO).

Contact & Complaints

If you have concerns about your data, please contact the clinic directly. You may also contact the ICO (www.ico.org.uk | 0303 123 1113).