Privacy Policy

Last Updated: 28 November 2025

1. Introduction

We are Medella Home Physio & OT. We take the privacy of our patients and website visitors very seriously. As a provider of healthcare services, we adhere to the highest standards of data security, complying with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the confidentiality standards of the Health and Care Professions Council (HCPC).

2. Who We Are (Data Controller)

  • Business Name: Naomi Patrick, trading as Medella Home Physio & OT
  • Clinical Director: Naomi Patrick
  • Address: 22 Fairlie, Ringwood, Hampshire, BH24 1TS
  • Website: private-physio.co.uk
  • Phone: 01425 490151

3. The Data We Collect

We collect data in two distinct ways: via our website (usage data) and during the provision of our therapy services (clinical data).

A. Website & Enquiry Data

When you use this website, we may collect:

  • Contact Information: Name, email address, phone number, and message content when you use our contact forms or email us.
  • Analytics: We use Google Analytics and Google Search Console to understand how visitors use our site. This data is anonymised and aggregated.

B. Clinical & Patient Data

If you become a patient, or if you are enquiring on behalf of a family member, we process “Special Category Data” (health information). This includes:

  • Medical history and current health conditions.
  • GP and Consultant details.
  • Treatment notes and rehabilitation progress.

We process this data under the lawful basis of provision of health or social care (Article 9(2)(h) of the UK GDPR).

4. How We Store and Protect Your Data

We do not store patient clinical notes on this website. Instead, we use industry-leading, secure third-party platforms to ensure your data is safe:

  • Clinical Notes: We use WriteUpp, a secure, ISO27001-accredited practice management system used widely by UK healthcare professionals.
  • Invoicing: Financial data is processed via Xero.
  • Payments: We accept payments via Stripe and GoCardless. We do not store your credit or debit card details ourselves.
  • Communication: Emails are processed using secure services including Microsoft 365.

5. Cookies

Our website uses cookies to improve your experience and gather anonymous analytics. Cookies are small text files placed on your device. We do not use cookies for re-marketing or aggressive advertising tracking.

You can manage your cookie preferences at any time via the consent banner on our website (managed by Complianz) or through your browser settings.

6. Sharing Your Data

We never sell your data.

We only share medical information with other healthcare professionals involved in your direct care (such as your GP, Consultant, or Case Manager) and only with your knowledge or explicit consent, unless we are required to do so by law or to protect a person’s safety.

7. Data Retention

We retain personal and clinical data only for as long as necessary to provide our services and to meet our legal obligations. For medical records, we follow the retention schedules recommended by the Chartered Society of Physiotherapy (CSP) and the Royal College of Occupational Therapists (RCOT), typically 8 years after the last treatment for adults.

8. Your Rights

Under UK data protection law, you have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Ask us to correct data that is inaccurate.
  • Erasure: Request that we delete your data (though this right is limited regarding medical records required for legal reasons).
  • Complaint: Raise a concern with the Information Commissioner’s Office (ICO) if you are unhappy with how we have handled your data.

To exercise any of these rights, please contact our team via our contact page.