Website Privacy Policy 

Version 1.0
Effective Date: Feb 2026

OH One Physiotherapy is a trading division of Health 2 Employment (H2E) CIC.

1. Who We Are

OH One Physiotherapy is a trading division of Health 2 Employment (H2E) CIC, a Community Interest Company committed to improving health and wellbeing.

Health 2 Employment (H2E) CIC is the Data Controller for the purposes of UK data protection law.

If you have any questions about this policy or how we use your information, you can contact us at:

Email: [Insert contact email]
Address: [Insert registered address]

We are registered with the Information Commissioner’s Office (ICO).
(Insert ICO registration number if available.)

2. The Information We Collect

We collect different types of information depending on how you interact with us.

Website Visitors

When you visit our website, we may collect:

• IP address
• Browser type and device information
• Pages visited and time spent
• Referring website

This data is collected through:

  • Google Analytics

  • Meta Pixel

  • Google Ads tracking

  • Microsoft Bing tracking

  • Squarespace cookies

This helps us understand how visitors use our website and improve our services.

Contact Forms

When you complete a contact form on our website, we collect:

• Name
• Email address
• Phone number
• Message details

Form submissions are sent securely to us via email.

Online Bookings

Appointments are booked through TM3 practice management software.
When you book online, we collect:

• Contact details
• Appointment preferences
• Health-related information where relevant

TM3 acts as a data processor on our behalf.

Payments

Payments are processed using SumUp.
We do not store your full card details.

SumUp processes payment data securely in accordance with their own privacy policy.

Newsletter Subscriptions

If you sign up to receive updates, your details are stored securely via Mailchimp.

You may unsubscribe at any time by clicking the unsubscribe link included in every marketing email.

Telephone Calls

Telephone calls may be recorded via our phone system provider, 3CX, for:

• Training and quality monitoring
• Dispute resolution
• Service improvement

3. Special Category Data (Health Information)

As a physiotherapy provider, we collect health information in order to:

• Assess and treat your condition
• Maintain clinical records
• Provide reports (where appropriate and with consent)

Health information is classified as special category data under UK GDPR and is processed lawfully for the provision of healthcare services.

4. How We Use Your Information

We use your information to:

• Provide physiotherapy treatment
• Manage bookings and payments
• Respond to enquiries
• Send service-related communications
• Provide reports to insurers, solicitors, employers or funded programmes (only with your explicit consent)
• Improve our website and services
• Send marketing communications where you have opted in

5. Sharing Your Information

We only share your information when necessary and lawful.

Your information may be shared with:

• Insurers
• Solicitors
• Employers
• Funded programme providers

This is done only with your prior consent and in line with GDPR data protection obligations.

We also work with trusted third-party processors who handle data securely on our behalf, including:

• TM3
• SumUp
• Mailchimp
• Microsoft 365
• Squarespace
• 3CX

We ensure all processors meet appropriate data protection standards.

We do not sell your data.

6. Lawful Basis for Processing

We process personal data under the following lawful bases:

• Contract – to provide physiotherapy services
• Legal obligation – where required by law
• Legitimate interests – to improve our services and website
• Consent – for marketing and sharing reports

Special category health data is processed under the provision of healthcare services.

7. Data Retention

We retain personal and clinical records in accordance with professional and legal requirements.

If you would like further information about our data retention periods, please contact us directly.

8. Children’s Data

We provide physiotherapy services to young people aged 12–17.

Parental or guardian consent is required and confirmed through attendance and agreement at the appointment.

We do not knowingly collect personal data from children without appropriate consent.

9. Cookies

Our website uses cookies to:

• Analyse traffic and usage
• Improve performance
• Deliver relevant advertising

Cookies may be placed by:

• Google Analytics
• Meta (Facebook)
• Google Ads
• Microsoft Bing
• Squarespace

You can control cookies through your browser settings.

10. Your Rights

Under UK GDPR, you have the right to:

• Access your personal data
• Request correction of inaccurate data
• Request erasure (where applicable)
• Restrict processing
• Object to processing
• Data portability
• Withdraw consent (where applicable)

To exercise any of these rights, please contact us.

If you are not satisfied with how we handle your data, you have the right to complain to the Information Commissioner’s Office (ICO).

11. Data Security

We take appropriate technical and organisational measures to protect your information, including:

• Secure clinical systems
• Password-protected accounts
• Encrypted devices
• Access controls
• Secure cloud storage via Microsoft 365

12. Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will always be available on our website.