Privacy Policy

Last updated: January 2026

1. Introduction

DT Chiropractic (“we,” “us,” or “our”) is committed to protecting your privacy and handling your personal data responsibly and lawfully.

This Privacy Policy explains how we collect, use, store, and protect personal data when you:

  • Visit our website

  • Book appointments online

  • Receive chiropractic care from us

We operate as an independent chiropractic practice within a shared clinic. We are responsible for our own patient records and data processing and comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and professional standards set by the General Chiropractic Council (GCC).

2. Data Controller

The data controller is:

David Thomas/ DT Chiropractic
Address: DT Chiropractic, One 2 One Therapy and Wellbeing, Red Dragon Court, South Road, Bridgend, CF31 3PT
Email: davidtchiro@gmail.com
Phone: 07740101518

3. Personal Data We Collect

a. Personal Information

  • Name

  • Email address

  • Phone number

  • Postal address

  • Emergency contact details

b. Special Category Data (Health Data)

  • Medical history and health questionnaires

  • Clinical notes and treatment records

  • Appointment history

  • Correspondence relating to your care

c. Online Booking & Website Data

When you book online or interact with our website, we may collect:

  • Booking details

  • IP address

  • Device and browser information

  • Date and time of access

4. Online Booking System (Cliniko)

We use Cliniko, a secure practice management and online booking system, to manage appointments and clinical records.

Cliniko processes personal and health data on our behalf as a data processor and complies with UK GDPR requirements. Your data is stored securely and only accessed by authorised individuals involved in your care or practice administration.

Cliniko’s privacy information can be found on their website.

5. How We Use Your Personal Data

We use your personal data to:

  • Provide safe and effective chiropractic care

  • Manage appointments and reminders

  • Maintain accurate clinical records in line with GCC standards

  • Communicate with you regarding your care

  • Process payments

  • Meet legal, regulatory, and insurance requirements

  • Improve our services and website

6. Lawful Basis for Processing

Under UK GDPR, we rely on the following lawful bases:

  • Consent – for online forms, marketing (if applicable), and optional communications

  • Contract – to provide chiropractic services you request

  • Legal obligation – to meet regulatory, insurance, and record-keeping requirements

  • Vital interests – where necessary to protect your health

  • Legitimate interests – for practice administration and service improvement

Health data is processed as special category data for the purposes of healthcare provision under Article 9(2)(h) UK GDPR.

7. Sharing Your Information

We do not sell or rent your personal data.

Your information may be shared only where lawful and necessary, including:

  • With other healthcare professionals involved in your care (with your consent)

  • With service providers such as Cliniko, accountants, or insurers

  • With regulatory bodies such as the GCC if required by law

  • Where required by legal or safeguarding obligations

Although we operate within a shared clinic, your personal and health information is not shared with other practitioners or clinic staff unless you have provided consent or it is required for your care.

8. Data Retention

We retain clinical records in accordance with:

  • GCC guidance

  • RCC and BCA best practice

  • Professional indemnity insurer requirements

Typically, adult clinical records are retained for a minimum of 8 years from the date of last treatment, or longer where legally required.

9. Data Security

We take appropriate technical and organisational measures to protect your personal data, including:

  • Secure, password-protected systems

  • Restricted access to clinical records

  • Encrypted digital storage where appropriate

No system is completely secure, but we take reasonable steps to protect your data from unauthorised access or disclosure.

10. Your Rights

Under UK GDPR, you have the right to:

  • Access your personal data

  • Request correction of inaccurate data

  • Request erasure of data (where applicable)

  • Restrict or object to processing

  • Request data portability

  • Withdraw consent at any time

  • Lodge a complaint with the Information Commissioner’s Office (ICO)

ICO website: https://ico.org.uk

11. Cookies

Our website may use cookies to improve functionality and user experience. You can manage cookies through your browser settings.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Any updates will be posted on this page with a revised date.

13. Contact Us

If you have any questions about this Privacy Policy or how your data is handled, please contact:

David Thomas, DT Chiropractic
Email: davidtchiro@gmail.com
Phone: 07740101518