Rachel Shepton Physiotherapy

Privacy Notice

UK GDPR — April 2026

I am committed to protecting your personal data and respecting your privacy. This privacy notice explains how I collect, use, and protect your information in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Who I Am

  • Data Controller: Rachel Shepton — Private Physiotherapist, BSc, MCSP, HCPC
  • Email: rachelshepton@gmail.com
  • Phone: 07875 607663
  • Address: Duror and Kentallen Community Centre, Duror, Argyll, PA38 4BS

What Information I Collect

I may collect and process the following personal data:

  • Personal details (name, address, date of birth, contact information)
  • Medical information (health history, treatment notes, GP details)
  • Appointment and attendance records
  • Payment and billing information

How I Use Your Information

I use your personal data to:

  • Provide safe and effective physiotherapy treatment
  • Maintain accurate clinical records
  • Communicate with you about appointments and care
  • Process payments and manage accounts
  • Comply with legal and professional obligations

Legal Basis for Processing

I process your data under the following lawful bases:

  • Provision of healthcare (contract)
  • Legal obligation (e.g., medical record keeping)
  • Legitimate interests (running my practice efficiently)
  • Special category data: processed for healthcare purposes under UK GDPR Article 9(2)(h)

How Your Data Is Stored

  • Records may be stored securely in electronic and/or paper format
  • I take appropriate measures to protect your data from unauthorised access, loss, or misuse

How Long I Keep Your Data

I retain your records in line with professional guidelines (typically 8 years after your last appointment, or longer if required).

Sharing Your Information

I may share your data with:

  • Your GP or other healthcare professionals (with your consent where required)
  • Insurers or legal representatives (if applicable)
  • Regulatory or legal authorities if required by law

Your Rights

You have the right to:

  • Access your personal data
  • Request correction of inaccurate data
  • Request erasure (where applicable)
  • Restrict or object to processing
  • Lodge a complaint with the Information Commissioner's Office (ICO)

Cookies and Website Data

If you use my website, it may collect basic technical data such as IP address or cookies.

Contact and Complaints

If you have any questions or concerns about your data, please contact me using the details above.

You also have the right to complain to the Information Commissioner's Office (ICO) at www.ico.org.uk.

This site uses cookies to improve your experience. By continuing to browse, you agree to our use of cookies.