Privacy Policy for Function Therapy

Last updated: 18.2.26

Website: https://functiontherapy.co.uk

Controller: Function Therapy

1. Introduction

Function Therapy (“we”, “us”, “our”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, disclose and protect your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This Policy applies to personal data collected through our website functiontherapy.co.uk and through our clinical practice systems (including Cliniko).

By using our website or providing us with your personal data, you agree to the collection and use of information in accordance with this policy.

2. Data We Collect

a) Website Visitors

Technical and Usage Data: IP address, browser type, device information, pages visited, time spent on pages, and general usage patterns.

Contact Form Data: Name, email address, telephone number, and any message content you submit.

b) Patients / Clients

When you book appointments or receive therapy services, we may collect:

  • Contact and Identity: Name, address, phone number, email.
  • Health and Clinical Data: Medical history, treatment records, assessment notes, progress notes.
  • Booking & Payment Data: Appointment details, payment information as required (note: payment details may be stored by third‑party payment processors and not by us).

This clinical data is stored in Cliniko, a secure cloud‑based practice management system.

3. Legal Basis for Processing

We process personal data on the following UK GDPR legal bases:

  • Contract: To provide therapy services and manage appointments.
  • Legitimate Interests: To improve our services, manage our website, and communicate with you where appropriate.
  • Legal Obligations: To comply with clinical record‑keeping requirements and UK law.
  • Consent: Where you have expressly agreed (e.g., marketing communications, newsletters).

4. How We Use Your Data

We use your data to:

  • Provide, personalise and improve therapy services.
  • Manage appointments and clinical records via Cliniko.
  • Respond to enquiries from the website.
  • Communicate with you about your treatment and administrative matters.
  • Send marketing emails if you have opted in.
  • Comply with legal and professional obligations.

5. Cliniko and Third‑Party Processors

Your clinical records are stored and processed in Cliniko, operated by Wave‑point Pty Ltd.

Cliniko acts as a Data Processor on our behalf and has appropriate security measures to protect data and comply with UK GDPR requirements.

Your personal and clinical data may also be processed by third‑party providers for:

  • Email communication (e.g., MailChimp, Gmail/Workspace)
  • Website hosting and analytics (e.g., hosting providers, Google Analytics – see Section 11A)

We do not sell your personal data to third parties.

6. Access to Data by Therapists and Staff

A small number of authorised therapists and administrative staff working with Function Therapy may have access to Cliniko to:

  • View and update clinical records
  • Manage appointments
  • Communicate with patients where appropriate

All authorised users are bound by professional confidentiality obligations and required to follow our data protection policies.

7. Data Sharing and Transfers

We may disclose your information:

  • To Cliniko as our practice management service provider.
  • To healthcare professionals involved in your care (with your consent, where required).
  • If required by law or to protect rights, safety, or property.

We do not transfer your personal data outside the UK / EEA except where Cliniko or other processors have appropriate safeguards (e.g., UK‑EU adequacy, Standard Contractual Clauses).

For details on Cliniko’s international data transfers and GDPR compliance, see Cliniko’s privacy documentation.

8. Data Retention

We retain your personal and clinical data only as long as necessary to fulfil the purposes outlined and to comply with legal, professional, and regulatory obligations.

Clinical records are retained in accordance with professional guidelines (typically for a minimum period required by law or regulatory bodies).

Website technical and analytics data are retained according to our systems’ default retention settings unless you request deletion earlier.

9. Your Rights Under UK GDPR

You have the right to:

  • Access your personal data (Subject Access Request)
  • Request correction of inaccurate data
  • Request erasure of data (in certain circumstances)
  • Restrict or object to processing
  • Request data portability (where applicable)
  • Withdraw consent at any time

To exercise your rights, please contact us at pete.nicholl@gmail.com.

If you believe your data protection rights have been violated, you can lodge a complaint with the UK Information Commissioner’s Office (ICO): https://ico.org.uk

10. Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or alteration. This includes secure systems, access controls, and staff training.

11. Cookies and Tracking

Our website may use cookies and tracking technologies to enhance user experience and analyse site usage. Details are in our Cookie Policy, available on the website.

11A. Google Analytics (GA4)

We use Google Analytics 4 (GA4) to help us understand how visitors use our website and to improve its performance and content.

Google Analytics collects anonymised information such as:

  • Pages visited
  • Time spent on each page
  • Links clicked
  • Browser and device type
  • General location (city‑level only)

IP Anonymisation

We have enabled IP anonymisation, meaning your IP address is truncated before being processed by Google. This prevents Google from identifying you personally.

Cookies

Google Analytics uses cookies to collect standard internet log information and visitor behaviour data. You can control or disable cookies through your browser settings.

Data Processing by Google

Google may process data on servers outside the UK/EU. Google states that all transfers are protected by appropriate safeguards, including Standard Contractual Clauses.

Google does not receive any identifiable personal data from us, and we do not use Google Analytics to track or collect sensitive information.

For more information on how Google processes data, see Google’s Privacy Policy.

You can opt out of Google Analytics by adjusting your cookie preferences or using Google’s opt‑out browser add‑on.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will be published on this website with the date of revision.

13. Contact Information

Email: pete.nicholl@gmail.com
Address: 3 Millar Court, Station Road, Kenilworth, CV8 1JD