JYphysiotherapy Privacy Notice


For the purposes of the Data Protection Act 1998 (“the DPA”), JYphysiotherapy (“the Company”) is the “data controller” of personal data.

This policy is intended to provide information about how the Company will use (or “process”) personal data about individuals including current, past and prospective clients, and employees.


In accordance with the Data Protection Act 1998 (‘the Act’), the Company has notified the Information Commissioner’s Office of its processing activities. The Companies ICO registration number is 8945581 and the registered address is: JYphysiotherapy Beacon House, South Road. Weybridge. Surrey, KT13 9DZ.

The Company has appointed Jehan Yehia as Data Protection Officer (“DPO”), for all registrations, who will endeavour to ensure that all personal data is processed in compliance with this policy and the Act.


The Company may process a wide range of personal data about individuals including current, past and prospective clients, customers and employees as part of its operation by way of example:

  • names, addresses, telephone numbers, e-mail addresses and other contact details;
  • bank details and other financial information, e.g. clients paying by Debit/Credit card for services received and/or equipment or aides sold to clients to be used as directed.
  • where appropriate, information about individuals’ health, and contact details for their next of kin;
  • references given or received by the Company about staff, and information provided by previous educational establishments and/or other professionals or organisations working with staff; and
  • images of clients engaging in Company activities (in accordance with the Companies policy on taking).

The Company has a process to store “medical data ” regarding individuals. This is stored in compliance with CSP guidelines. Sensitive personal data includes information about an individual’s physical health. Sensitive personal data is entitled to special protection under the Act, and will only be processed by the Company with the explicit consent of the appropriate individual, or as otherwise permitted by the Act.


The Company will use (and where appropriate share with third parties) personal data about individuals for a number of purposes as part of its operations, including as follows:

  • For the purposes of employee recruitment and selection and to confirm the identity of prospective employees;
  • For use of software that includes; diary management, exercise prescription, accounting.
  • We value your privacy and do not sell your information to any third parties under any circumstances.
  • To third parties who will help process or administer services or who will provide advice and take action in relation to the collection of debts.
  • Clients will be asked whether they agree to receive emails from JYphysiotherapy.

The only third parties who have access to the data you have provided us are:

  • Cliniko- diary management
  • Clinical Appointments- reception
  • Rehab works- exercise prescription
  • PaUK- accounts


The Company will use the contact details of clients and customers and other members of the Company community to keep them updated about the activities of the Company, including by sending updates and newsletters, by email.

We only send email or text messages to individuals who have requested that these mailings be sent to them, or as part of an ongoing relationship we have with an individual or business.

Your right to control what communications, if any, that you receive from JYphysiotherapy is important to us. The information below will assist you in understanding the different communications options you have, and how you can notify us of changes in your preferences, or to unsubscribe in general.

If we provide notifications to clients including, without limitation, class cancellations or bookings changes, these notifications may be made by telephone or sent by email, text message, mobile telephone application, post or any other appropriate means.

JYphysiotherapy maintains a list of people who have expressed an interest in receiving updates about special promotions and offers. These can be sent by email. You can subscribe to these updates at any time, and unsubscribe by following the instructions within any email you receive.

In addition, you may reply to email or text messages from JYphysiotherapy requesting that your address be unsubscribed. Any request will take approximately 5 working days to process.

You can update your communications preferences at any time by following the convenient links located within any electronic communication from JYphysiotherapy.


Individuals have the right under the Act to access personal data about them held by the Company, subject to certain exemptions and limitations set out in the Act. Any individual wishing to access their personal data should email their request to the DPO [email protected]

The Company will endeavour to respond to any such written requests (known as “subject access requests”) as soon as is reasonably practicable and in any event within statutory time-limits.

You should be aware that certain data is exempt from the right of access under the Act. This may include information which identifies other individuals, or information which is subject to legal professional privilege. The Company is also not required to disclose any reference given by the Company for the purposes of the education, training or employment of any individual.


The Rights under the Act belong to the individual to whom the data relates. However, the Company will in most cases rely on parental consent to process personal data relating to children (if consent is required under the Act) unless, given the nature of the processing in question, and the child’s age and understanding, it is more appropriate to rely on the child’s consent. Parents should be aware that in such situations they may not be consulted.

In general, the Company will assume that children’s consent to disclosure of their personal data to their parents, e.g. for the purposes of keeping parents informed about the child’s activities, progress and behaviour, and in the interests of the child’s welfare, unless, in the opinion of the Company, there is a good reason to do otherwise.

However, where a child seeks to raise concerns confidentially with a member of staff and expressly withholds their agreement to their personal data being disclosed to their parents, the Company will maintain confidentiality unless, in the opinion of the Company, there is a good reason to do otherwise; for example where the Company believes disclosure will be in the best interests of the child or other children.

Clients, customers and staff are required to respect the personal data and privacy of others, and to comply with the Company policies and the Company rules.


The Company will endeavour to ensure that all personal data held in relation to an individual is as up to date and accurate as possible. Individuals must notify the DPO of any changes to information held about them.

An individual has the right to request that inaccurate information about them is erased or corrected (subject to certain exemptions and limitations under the Act) and may do so by contacting the DPO by email at [email protected]

The Company will take appropriate technical and organisational steps to ensure the security of personal data about individuals. All staff will be made aware of this policy and their duties under the Act.


We reserve the right to update, modify and/or change this Privacy Policy at any time. Any such changes will be posted here. If you continue to use JYphysiotherapy after we have changed this Privacy Policy, you hereby consent to be bound by any such changes.


In order to comply with our obligations under the Data Protection Act 1998, we will protect your personal data from unauthorised access, misuse, alteration or loss by using commercially reasonable security measures. Any online payment transactions will be encrypted using SSL technology.

Nothing in this policy in any way excludes or limits our liability for negligence causing death or personal injury or for fraudulent misrepresentation.

The data that we collect from you will not be transferred to or stored at a destination outside the European Economic Area.

Unfortunately the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of any data transmitted to our site; any transmission will be at your own risk.

We are not responsible or liable to you for any loss or damage you may suffer or incur in connection with your use of our website which is caused by any event beyond our reasonable control including the electronic transmission of information, content, material and data over the internet and the interception and decryption of it by others.

We are not responsible to you for any losses or damage you may suffer caused by any distributed denial-of-service attack, or any viruses, trojans, worms, logic bombs or other material which is malicious or technologically harmful and which may infect, contaminate or damage your computer equipment or computer programs, or cause damage to software or damage to or loss of data unless caused by our negligence. You should ensure that you use appropriate virus checking software and firewalls.

Whilst we have taken reasonable steps to ensure the accuracy, currency, correctness and completeness of the information contained on the Site, we do not check, review, monitor, verify or endorse any information, content, material or data collected from, or provided by third parties, which is displayed on or is otherwise available from this Site, or any third party websites or services which you can access from the Site. We are not responsible to you for any loss, damage or injury you may suffer or incur in connection with such information, content, material or data. It is your responsibility to check that such information, content, material or data is accurate, current, correct and complete.

If your personal data is accessed by an unauthorised third party, we will not be responsible for any direct or indirect damage caused as a result of such unauthorised access.

Whilst we take all reasonable steps to ensure that the Site continues to be available there may be times when it is not available. This may be for reasons relating to the maintenance of, or alterations to, the Site or for reasons beyond our control. We are not responsible to you if the Site is unavailable.


Any comments or queries on this policy should be directed to the DPO using the following contact details: J Yehia, [email protected] The Canbury Medical Centre, 1 Elm Road, Kingston, KT2 6HR.

If an individual believes that the Company has not complied with this policy or acted otherwise than in accordance with the Act, they should first contact the DPO. The Company complaints / grievance procedure should be followed if a more formal complaint is warranted.

12th May 2018