Last updated: 10 February 2026
ICO Registration Number: ZC090014
Spine: Posture and Performance (“we”, “us”, “our”) is committed to protecting your privacy and handling your personal data in a safe and responsible way. This Privacy Policy explains what information we collect, why we collect it, how we use it and your rights in relation to your personal data. You should read this Policy alongside any other privacy notices we may provide on specific occasions when collecting or processing personal data about you.
1. Who We Are
We are Spine: Posture and Performance, a chiropractic and musculoskeletal care provider based in the UK. Our contact details are:
Spine: Posture and Performance
17 Church Street
Epsom
KT17 4PF
Email: info@spineepsom.co.uk
Phone: 01372 877 400
We are the data controller for the personal information you provide to us or that we collect in the course of providing services to you.
Some of our practitioners are independent contractors who may process personal information in order to provide care. They are contractually and legally required to keep your data confidential and cannot use it for any purpose other than delivering treatment.
2. Information We Collect
We collect different types of personal data depending on your relationship with us:
- Personal Information: Your name, date of birth, contact details (address, email, telephone).
- Health and Treatment Information: Medical history, current conditions, diagnosis, treatment plans, clinical notes and imaging data.
- Insurance and Payment Information: Insurance provider details, policy numbers, invoicing and payment information.
- Website Usage Information: We may collect non-identifiable data such as IP address, pages visited and browsing patterns.
We collect this information to provide care, manage appointments, process payments and insurance claims and communicate with you.
3. Why and How We Use Your Data
We use your personal information for the following purposes:
- To Provide Chiropractic Services: This includes assessing, planning and delivering care and keeping clinical records.
- To Manage Operations: Processing payments, insurance claims and coordinating appointments.
- To Communicate With You: For treatment information, appointment reminders, newsletters, blog updates and practice news (with your consent where required).
- To Improve Our Services: Analysing anonymised site usage and service delivery to continually improve patient experience.
We will only process your data where we have a lawful basis to do so, including where it is necessary to perform our contract with you, to comply with legal obligations or where we have a legitimate interest which does not outweigh your rights (such as improving our services). Health information is classed as special category data under UK GDPR and is processed on the basis of providing healthcare and fulfilling statutory requirements.
4. Cookies and Website Tracking
We use cookies on our website to help enhance user experience and collect statistical data about how visitors use the site. Cookies themselves do not collect personal information that identifies you. If you prefer, you can disable cookies in your browser settings, though this may affect some site functionality.
5. Who We Share Your Data With
We may share your personal data with:
- Insurance Providers: For claims related to treatment or billing, where you have provided details.
- Healthcare Providers: Other clinicians involved in your care when necessary.
- Trusted Service Providers: Third parties who support practice operations on our behalf and who must keep your data confidential.
- Legal Authorities: If required by law, for example in response to a court order.
We do not sell or rent your personal data to third parties and we do not share your data for marketing purposes without your consent.
6. How Long We Keep Your Data
Your records are retained in line with UK legal requirements:
- For adults: 8 years from the date of last treatment.
- For patients under 18: Until age 25 (or 26 if the patient was 17 at the end of treatment).
7. How We Protect Your Information
We have implemented appropriate safeguards to protect your personal data, including restricted access controls, encryption and secure electronic health record systems. We regularly review our security procedures to prevent unauthorised access, loss or theft.
8. Your Rights
Under data protection law, you have certain rights:
- Access: You can request a copy of the personal data we hold about you.
- Correction: You can ask us to correct information you believe is inaccurate.
- Restriction: You can ask to limit how your personal data is used.
- Erasure: You can request deletion, subject to legal retention requirements.
- Communication Preferences: You can choose how we communicate with you, including whether you receive marketing information.
- Complaints: You have the right to complain if you believe your data has been misused.
To exercise any of these rights, please contact us at the details above. You can also raise concerns with the Information Commissioner’s Office (ICO) via their website at www.ico.org.uk.
9. Updates to This Policy
We may update this Privacy Policy periodically to reflect changes in legal or operational requirements. The last updated date at the top of this page will reflect when such changes were made.
10. Contact Us
Spine: Posture and Performance
17 Church Street
Epsom
KT17 4PF
Phone: 01372 877 400
Email: info@spineepsom.co.uk
ICO Registration Number: ZC090014