Privacy Policy

Notice of Privacy Practices

Cornwall Physio is committed to protecting your personal information and this privacy policy relates to our use of your personal information collected from you either in person, via our online booking system or information you give us by letter, e-mail , SMS or over the telephone. You can visit our website without telling us who you are and without revealing any information about yourself. However, there may be occasions where we do ask you to provide certain information by which you can be identified.
You can be assured that we take all the appropriate steps within our power that any information you provide will only be used in accordance with this privacy notice and to ensure that your privacy is protected.

You may wish to provide your information when:

  • You choose to contact us for an appointment.
  • To request information from us.
  • To request subscription to our newsletter.

Data that we collect

  • Your name
  • Your contact information including a telephone number and e-mail address.
  • A brief reason for requesting an appointment.

What will we do with the data you provide?

It allows us to provide you with the information requested and / or to offer you an appointment and provision of service.

  • Your data will be used to enable us to contact you with your requested service.
  • Should you book and attend an appointment your data will be transferred to your clinical record. If you do not wish to make an appointment your original e-mail will be erased and any paper copy containing your data will be shredded.
  • If requested, we will occasionally send you our newsletter to your e-mail address.

Security of your data

We are committed to ensuring that your information data is securely protected. We have managerial, structural and state-of-the-art electronic security measures in place to ensure that your data is protected against unauthorised access, loss or destruction.

This website may contain links to other websites of interest. However, once you have used these links to leave our site, you should be aware that:

  • We don’t have any control over these websites and / or the content contained within those websites.
  • We cannot be responsible for the protection and privacy of any information which you provide whilst visiting other websites.
  • We strongly suggest that you read any privacy notice / policy attached to any individual website that you choose to visit.

Information which appertains to collection of your data

When you make an appointment and attend our clinic the Practitioner you visit will request and record specific data from you, which is required to establish your medical health care record. We have set out below the type of data that we require for your assessment and treatment in respect of physiotherapy, medical acupuncture, sports massage and gait analysis.

  • Data controller
  • Cornwall Physio
  • Data processor
  • TM3 Belfast, Northern Ireland

Lawful basis

Our lawful basis for collecting, recording, storing and using your data is “Legal obligation”. However, we access other lawful bases for certain criteria, as listed below.

Legal obligation

Our lawful basis for collecting, recording, storing and using your data is “Legal obligation”. However, we access other lawful bases for certain criteria, as listed below.

Performance of a contract

Should we be in a position to receive payment using a credit / debit card service then we will process your payment details via this lawful basis.

Legitimate interest

We use this lawful basis if you have requested our clinic newsletter.
Our newsletter informs you of current issues surrounding Physiotherapy, health and wellbeing, current practice and new methods of treatment including the occasional special offer.

Vital interest

In case the Practitioner has to access his second professional role as a HCPC Registered Paramedic in which he is required to provide lifesaving and / or critical care to you, your chaperone or a member of your family. Access to this data will be required to assist and provide the emergency services, you, your chaperone or your family member with the level of care as required.


Please note, that on your first appointment, you will be provided with a copy of our privacy notice and you will be required to read and sign a further two forms:

  1. 1
    Data consent form.
  2. 2
    Examination and Treatment consent form.

GDPR Article 9 – Processing of special categories of personal data

We collect your data specifically for your physical and mental health care and well-being and as such your data is considered as special category data.

What information is being collected?

Information provided by you and recorded by our Practitioners will consist of personal identifiable information and sensitive personal data appertaining to your health and wellbeing.

What information is being collected?

Personal details Name, date of birth, postal address, telephone numbers and your e-mail address.

Sensitive health related details
Presenting condition, general health history, medications and any allergies.
Your Doctors details and any other Professional involved in your care.
Health insurances and medico-legal intermediaries involved in your care.

Lifestyle activities
Sports, hobbies, accommodation details, employment details, sleeping and eating behaviours, pet ownership, smoking and alcohol consumption.

Assessment and treatment details:
Health related notes will be compiled of your assessment, treatment and your progress in respect of any professional treatment and / or therapy provision that you have requested and undertaken.

Payments history
Details of your payments and methodology are recorded on our Tax records for submission to our accountants and HMRC.

Who is collecting it?

The Practitioner looking after you will collect your data and this will be the Practitioner with whom you have requested a consultation. The clinic Practitioners are: Louise Nicholettos.

How is it collected?

Data which is freely and voluntarily provided by you will be stored on a software programme called TM3 Clinical Notes. Paper notes may also be collected, which are stored in a locked filing cabinet. Any Gait analysis measurements taken, but no medical information, are stored on a password protected laptop within a password protected software package ‘Motion Metrix’.

Why is it being collected?

To formulate a medical health care record including any clinical and / or therapeutic treatment interventions recorded in your treatment plan.

How will it be used?

Your records are stored solely for the purpose of maintaining a medical record. Your medical records are designed to keep a historical and up-to-date evidence-based report of your health care provision, progress and rehabilitation. Your telephone numbers and email address are used to contact you regarding upcoming and future appointments. We use an appointment reminder service provided by TM3, which sends a text or email reminder to notify you regarding the appointments you have booked. There is the option to opt-in to receive these when you complete your data consent form.

Who will it be shared with?

We provide our accountants and HMRC with our taxation records on a yearly basis. Information sent to these organisations will consist of your firstname initial and surname and your payment methodology such as: your bank, cheque number, cash payment, BACS and / or credit and debit card transaction.

Our Accountants

Details available on request

Your data will not be shared with any other party unless you request it to be shared and you provide your consent for us to do so.

With your consent, we may share your data with your G.P. (General Practitioner) and / or an additional allied Health Care Professional for consulting and referral purposes and for obtaining a second opinion. Any medico-legal organisation, health insurance provider and / or solicitor referring you will have obtained your consent for us to report certain data back to them on a standard medico-legal reporting template or a clinical letter.

If requested, we are legally bound to share your data with any lawful and / or Crown agency that requests access to your data via appropriate data release requests.

What will be the effect of this on the individuals concerned?

In communicating with your G.P., Health Care Professional, medico-legal intermediaries, health insurance provider and / or your solicitor we will be able:

  1. 1
    To promote and enhance your healthcare, improve the quality of your life and provide health care protection and safety.
  2. 2
    To comply with the health care reporting requirements of the above organisations.

Is the intended use likely to cause individuals to object or complain?

No, because the clients’ healthcare and wellbeing is the basis of our business and therefore, we always act in the best interests of the client.

If we need to write to your G.P. or Health Care Professional then we will discuss our clinical reasoning for this activity and request you to sign a third party consent form.

When we complete a medico-legal template supplied by the referring organisation then we will only report honest and factual information which is objective and supported with clinical reasoning.

How is my data protected?

Our software programmes are protected with security protection which is constantly updated by the software development company to meet any new cyber threats. Management policies and procedures are in place and a range of structural security is present.

Under the General Data Protection Regulations (GDPR) you have individual rights:

  1. 1
    The right to be informed
  2. 2
    The right of access
  3. 3
    The right of rectification
  4. 4
    The right of erasure
  5. 5
    The right to restrict processing
  6. 6
    The right to data portability
  7. 7
    The right to object
  8. 8
    Rights in relation to automated decision making and profiling

How is my data protected?

Personal information that we process for any purpose shall be not be kept for longer than is necessary for the duration of that purpose.

We are legally bound by statutory requirements to hold your data for:

Adults: We keep your medical and treatment records for a period of 8 years from the date of your last appointment.

Children: We keep your records until you reach the age of 25.

There may be occasions where we need to keep your records for an indefinite period of time and we may withhold personal information that you request to the extent permitted by law. We may also retain your personal information where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.

Controlling your personal information

We do not sell or distribute your information to any other organisation unless you have consented and / or contracted us to do so. If your personal and sensitive data should change then please inform us immediately in order for our Practitioners to update your personal records and clinical notes? We have a duty under GDPR to inform all other parties of any such changes.

If you wish to contact us for any aspect in regards to your data and / or you have subscribed to our newsletter and subsequently decide that you wish to withdraw your request then you may do so by contacting the clinic or the Practitioners in writing and / or by e-mail at the clinic address below.


Louise Nicholettos

Cornwall Physio, 20 Beach Road, Carlyon Bay, St Austell. PL25 3PH

Telephone: 07824 700934

If you wish to make a complaint

If you wish to complain about the manner in which we have handled, recorded, stored and / or used your data then you may do so by contacting:

Information Commissioners Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Telephone: 0303 123 1113, Fax: 01625 524510

Google Rating
Based on 83 reviews