Skip to main content
Medella

Privacy Policy

Last Updated: 5 April 2026

1. Introduction

We are Medella Home Physio & OT. We take the privacy of our patients and website visitors very seriously. As a provider of healthcare services, we adhere to the highest standards of data security, complying with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the confidentiality standards of the Health and Care Professions Council (HCPC).

2. Who We Are (Data Controller)

  • Company: Medella Home Physio & OT Ltd (Company No. 16340488)
  • Clinical Director: Naomi Patrick
  • Registered Address: 22 Fairlie, Ringwood, Hampshire, BH24 1TS
  • Website: private-physio.co.uk
  • Phone: 01425 490151

3. The Data We Collect

We collect data in two distinct ways: via our website (usage data) and during the provision of our therapy services (clinical data).

A. Website & Enquiry Data

When you use this website, we may collect:

  • Contact Information: Name, email address, phone number, and message content when you use our contact forms or email us.
  • Analytics: We use Google Analytics 4 (GA4) to understand how visitors find and use our site — pages visited, approximate location (country/region only), device type, and how people arrive (search engine, link, direct). We use Google Search Console for search-performance data; this does not set cookies in your browser.

B. Clinical & Patient Data

If you become a patient, or if you are enquiring on behalf of a family member, we process "Special Category Data" (health information). This includes:

  • Medical history and current health conditions.
  • GP and Consultant details.
  • Treatment notes and rehabilitation progress.

We process this data under the lawful basis of provision of health or social care (Article 9(2)(h) of the UK GDPR).

4. How We Store and Protect Your Data

We do not store patient clinical notes on this website. Instead, we use industry-leading, secure third-party platforms to ensure your data is safe:

  • Clinical Notes: We use WriteUpp, a secure, ISO27001-accredited practice management system used widely by UK healthcare professionals.
  • Invoicing: Financial data is processed via Xero.
  • Payments: We accept payments via Stripe and GoCardless. We do not store your credit or debit card details ourselves.
  • Communication: Emails are processed using secure services including Microsoft 365.

5. Cookies and Analytics

We use Google Analytics 4 (GA4), which sets cookies on your device to identify your browser session for analytics purposes only. We use this data to understand which pages are useful and to improve the site.

We do not use cookies for advertising, retargeting, or for sharing your activity with third-party advertisers.

Data retention: GA4 data is retained for 14 months, then automatically deleted by Google.

How to opt out: You can stop Google Analytics from collecting data by:

  • installing the Google Analytics Opt-out Browser Add-on;
  • using your browser's cookie-blocking or privacy settings;
  • using a privacy-focused browser extension such as uBlock Origin or Privacy Badger.

Other essential cookies may be set by services we use to deliver the site, such as Cloudflare (bot protection) and Cloudflare Turnstile (contact-form anti-spam). These do not track you across sites.

6. Sharing Your Data

We never sell your data.

We only share medical information with other healthcare professionals involved in your direct care (such as your GP, Consultant, or Case Manager) and only with your knowledge or explicit consent, unless we are required to do so by law or to protect a person's safety.

7. Data Retention

We retain personal and clinical data only for as long as necessary to provide our services and to meet our legal obligations. For medical records, we follow the retention schedules recommended by the Chartered Society of Physiotherapy (CSP) and the Royal College of Occupational Therapists (RCOT), typically 8 years after the last treatment for adults.

8. Your Rights

Under UK data protection law, you have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Ask us to correct data that is inaccurate.
  • Erasure: Request that we delete your data (though this right is limited regarding medical records required for legal reasons).
  • Complaint: Raise a concern with the Information Commissioner's Office (ICO) if you are unhappy with how we have handled your data.

To exercise any of these rights, please contact our team via our contact page.