Privacy Policy

Clifton Chiro (“we”, “us”, “our”) is committed to protecting your privacy and ensuring your personal data is handled securely in compliance with the UK GDPR and the Data Protection Act 2018.

1. Controller Details

We are the data controller.

You can contact us at:
Clifton Chiro,
81 Whiteladies Road,
Bristol,
BS8 2NT

Phone: 0117 486 9480
Email: hello@cliftonchiro.co.uk

For any data protection queries or to withdraw consent, please contact our Data Protection Officer using the details above.

2. Data We Collect

We may collect and process the following types of personal data:

  • Identification: name, date of birth, contact details

  • Health and treatment information: medical history, appointment records, clinical notes

  • Communication records: phone calls, emails, and messages

  • Technical data: IP address, browser type, device information, and website usage data (via cookies)

3. Lawful Basis for Processing

We rely on the following lawful bases:

  • Contract: to schedule and provide chiropractic services

  • Legal Obligation: to retain clinical records in accordance with healthcare regulations

  • Consent: for sending newsletters, promotional offers, or marketing communications

  • Legitimate Interests: for analytics and marketing (where minimal impact on your rights is determined)

4. Use of Your Data

Your data is used to:

  • Provide and manage chiropractic services

  • Manage appointments and communications

  • Comply with legal obligations

  • Monitor website performance and user behaviour (via analytics)

  • Deliver marketing campaigns (with your consent)

5. Sharing Your Data

We may share your personal data with trusted third parties, including:

  • PracticeHub: our online booking system

  • Google Analytics and Google Ads: to collect aggregated data about how users interact with our website and to help improve our marketing. This includes your IP address and technical identifiers through cookies or tracking pixels.

  • Legal or regulatory bodies when required
    All third-party data processors are subject to appropriate safeguards and contracts to ensure GDPR compliance.

6. Retention Period

We retain clinical and contact records for a minimum of eight years, in line with healthcare regulations. Marketing and website analytics data are retained only for as long as necessary and are anonymised where appropriate.

7. Your Rights

You have the right to:

  • Access, correct, or delete your personal data

  • Restrict or object to processing

  • Withdraw marketing consent at any time

  • Lodge a complaint with the Information Commissioner’s Office: www.ico.org.uk

8. Data Security

We implement secure systems and access controls to protect your personal data from unauthorised access or loss.

9. Automated Decision-Making

We do not use automated decision-making or profiling in our services.

10. Updates to This Policy

This policy may be updated periodically. The latest version will always be published on our website.