Privacy Notice

1. Who I am

Cameron The Clinical Physio is operated by Cameron Ainge, a self-employed, HCPC-registered Physiotherapist providing mobile physiotherapy and sports massage services.

  • HCPC Registration Number: PH122221

  • Email: Camerontheclinicalphysio@gmail.com

For the purposes of data protection law, I am the Data Controller.

2. What personal data I collect

I may collect and store the following information:

Personal details

  • Name

  • Address

  • Date of birth

  • Telephone number

  • Email address

Health and clinical information

  • Medical history

  • Details about your injury or condition

  • Assessment findings

  • Treatment records and progress notes

Appointment and payment information

  • Booking details

  • Payment records processed via Square

Health information is classed as special category data under UK GDPR and is handled with additional care.

3. How I collect your data

Your data may be collected:

  • When you book an appointment via my website or Square booking system

  • When you contact me by email, phone, or message

  • During your assessment and treatment sessions

  • When you complete assessment or consent forms

4. Why I collect your data

Your personal data is collected and used in order to:

  • Assess and treat you safely and effectively

  • Maintain accurate clinical records

  • Communicate with you about appointments and treatment

  • Process payments

  • Meet legal, regulatory, and professional obligations

5. Lawful basis for processing your data

Under UK GDPR, the lawful bases I rely on are:

  • Article 6(1)(b) – processing is necessary for the performance of a contract (providing physiotherapy services)

  • Article 6(1)(f) – legitimate interests in running my practice safely and effectively

  • Article 9(2)(h) – processing is necessary for the provision of health care and treatment

Clinical data is not processed on the basis of consent under data protection law (this is separate from clinical consent for treatment).

6. How your data is stored and protected

I take appropriate steps to keep your data secure.

  • Paper clinical records are stored in a locked cabinet at my home address

  • Digital booking and payment data is stored securely via Square

  • Any electronic data is password-protected

  • Access to your data is restricted to me only

7. Who I share your data with

Your data is kept confidential and is not sold or shared for marketing purposes.

Your information may be shared:

  • With other healthcare professionals involved in your care (with your consent)

  • With your GP or consultant (with your consent)

  • With Square, who provide booking and payment processing services and act as a data processor

  • With regulatory or legal bodies where required by law

8. How long I keep your data

In line with professional guidance:

  • Adult clinical records are kept for 7–8 years after your last appointment

  • Records for children are kept until they reach 25 years of age

After this period, records are securely destroyed.

9. Your rights

Under UK GDPR, you have the right to:

  • Access the personal data I hold about you

  • Request correction of inaccurate data

  • Request restriction of processing in certain circumstances

  • Request erasure of your data (where legally appropriate)

  • Lodge a complaint with the Information Commissioner’s Office (ICO)

Please note that health records cannot usually be deleted before the minimum retention period.

10. How to contact me about your data

If you have any questions or concerns about how your data is handled, please contact:

Cameron Ainge
Email: Camerontheclinicalphysio@gmail.com

I am registered with the Information Commissioner’s Office (ICO).

11. Changes to this privacy notice

This privacy notice may be updated from time to time.
The most recent version will always be available on my website.