Sports Injury & Physiotherapy Clinic

Privacy Notice

MacFarlane PhysiotherapyPrivacy Notice

Privacy Policy

MacFarlane Physiotherapy Ltd

Effective date: 21 May 2018

Last reviewed: 15 April 2026

MacFarlane Physiotherapy Ltd (“we”, “us”, or “our”) is committed to protecting your privacy and handling your personal data in a lawful, fair, and transparent way.

This Privacy Policy explains how we collect, use, store, and share personal data when you:

  • visit our website;
  • contact us by phone, email, or online form;
  • book or attend an appointment;
  • receive physiotherapy or related services from us; or
  • interact with our systems and service providers.

For the purposes of UK data protection law, MacFarlane Physiotherapy Ltd is the data controller of your personal data.

Who We Are

MacFarlane Physiotherapy Ltd

65 Barnton Street, Stirling, United Kingdom

Phone: 01786 583259

Email: [email protected]

If you have any questions about this Privacy Policy or about how we use your information, please contact us using the details above.

What Information We Collect

We may collect and process the following categories of personal data:

  • your name, date of birth, and other identifying information;
  • your contact details, including phone number, email address, and postal address;
  • appointment and booking information;
  • information you provide in enquiries or messages to us;
  • clinical and health information where relevant to your care;
  • billing and payment information where applicable;
  • technical information such as IP address, browser type, and device data;
  • website usage information collected through cookies and analytics tools.

Special Category Data

As a physiotherapy clinic, we may process health information in order to provide care and manage your treatment. Health information is treated as special category personal data under UK data protection law and is handled with additional care and protection.

How We Use Your Information

We use personal data for the following purposes:

  • to respond to enquiries and requests;
  • to arrange, confirm, change, or cancel appointments;
  • to provide physiotherapy and related services;
  • to maintain accurate patient and clinical records;
  • to communicate with you about your appointment or care;
  • to take payment and manage accounts where relevant;
  • to support administrative and clinical processes using secure software tools, including AI-assisted systems, to improve efficiency, documentation accuracy, and patient communication;
  • to monitor and improve our website and services;
  • to maintain the security of our systems;
  • to comply with legal, regulatory, professional, and insurance obligations.

Legal Basis for Processing

We process personal data only where we have a lawful basis to do so. Depending on the circumstances, we may rely on one or more of the following:

  • Contract – where processing is necessary to provide services to you or to take steps at your request before providing those services;
  • Legal obligation – where processing is necessary to comply with applicable laws or regulatory requirements;
  • Legitimate interests – where processing is necessary for the effective operation of our clinic and does not override your rights and freedoms;
  • Consent – where we ask for your consent for a specific use of your information.

Where we process health information, we also rely on an additional condition for processing special category data under UK data protection law.

Retention of Data

We retain personal data only for as long as necessary for the purposes for which it was collected, including to meet legal, regulatory, clinical, insurance, and accounting requirements.

Different categories of information may be kept for different periods depending on the purpose and our legal obligations. Website usage data is generally retained for shorter periods than patient or clinical records.

Sharing Your Information

We may share your personal data where necessary with:

  • members of our team involved in your care or in clinic administration;
  • your GP, consultant, insurer, or other healthcare professionals where appropriate and lawful;
  • payment providers and professional advisers where relevant;
  • regulators, courts, law enforcement agencies, or other authorities where required by law.

Service Providers and Data Processors

We use a number of trusted third-party service providers to support the operation of our clinic. These providers process personal data on our behalf and are required to do so securely and in accordance with UK data protection laws.

These providers may include:

  • practice management and booking systems used for appointment scheduling, reminders, and patient administration;
  • online form providers (such as JotForm) used to collect enquiry details, appointment requests, and other information you submit through our website;
  • telecommunications providers (such as RingCentral) used to manage phone calls, voicemail, and communication with patients;
  • email and productivity platforms (such as Google Workspace, including Gmail) used to communicate with patients and manage internal operations;
  • website and analytics providers (such as Google Analytics) to help us understand website usage and improve our services;
  • payment and billing providers (such as PayPal Zettle and Stripe) used to securely process payments;
  • AI-assisted administrative tools, for example tools that support clinical note-taking, communication handling, or reception services.

Where you submit information through forms on our website, this data may be processed by our form provider (such as JotForm) on our behalf. This information is securely transmitted and used only for the purpose of responding to your enquiry or managing your care.

Where you contact us by telephone, your call may be handled through our telecom provider (such as RingCentral). This may include call routing, voicemail, and, where enabled, call recording for training, quality, and administrative purposes.

Where you make a payment to us, your payment details are processed securely by our payment providers (such as PayPal Zettle or Stripe). We do not store full card details on our own systems.

Where AI-assisted tools are used, including providers such as Heidi Health or BookedSolid, they are used to support administrative, documentation, and communication processes. These providers act as data processors under contract and are not permitted to use your personal data for their own independent purposes.

We take reasonable steps to ensure that all third-party providers:

  • process data only on our instructions;
  • maintain appropriate confidentiality and security measures;
  • comply with applicable UK data protection requirements.

Further details about specific providers can be made available upon request.

Analytics and Cookies

Our website may use cookies and similar technologies to operate effectively, remember your preferences, and help us understand how visitors use the site.

This may include analytics tools such as Google Analytics. These tools help us review website traffic, understand visitor behaviour, and improve the performance and usability of our website.

You can usually control cookies through your browser settings. Please note that disabling some cookies may affect how the website functions.

International Transfers

Some of our service providers may process data outside the United Kingdom. Where this happens, we will take reasonable steps to ensure that appropriate safeguards are in place and that your personal data continues to be protected in accordance with UK data protection law.

Disclosure of Data

We may disclose your personal data where necessary:

  • to comply with a legal obligation;
  • to protect and defend our rights, property, or interests;
  • to investigate potential issues relating to misuse of our services or website;
  • to protect the safety of patients, staff, or the public;
  • to respond to lawful requests from public authorities.

Security of Data

We take reasonable technical and organisational measures to protect personal data from unauthorised access, loss, misuse, disclosure, alteration, or destruction.

However, no method of transmission over the internet or method of electronic storage is completely secure, and we cannot guarantee absolute security.

Your Data Protection Rights

Subject to applicable law, you may have the right to:

  • request access to the personal data we hold about you;
  • request correction of inaccurate or incomplete information;
  • request erasure of your data in certain circumstances;
  • request restriction of processing in certain circumstances;
  • object to certain types of processing;
  • request transfer of your data in a structured, commonly used format where applicable;
  • withdraw consent where we rely on consent as our lawful basis.

We may need to verify your identity before responding to a request.

Complaints

If you have concerns about how we use your personal data, please contact us first and we will try to resolve the issue.

You also have the right to complain to the Information Commissioner’s Office (ICO), which is the UK regulator for data protection matters.

Links to Other Websites

Our website may contain links to other websites. If you click on a third-party link, you will be taken to that site. We are not responsible for the content, privacy policies, or practices of third-party websites and encourage you to review their privacy notices.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page and the latest review date will be shown at the top of the policy.

Contact Us

If you have any questions about this Privacy Policy or about how your personal data is handled, please contact:

MacFarlane Physiotherapy Ltd

Phone: 01786 583259

Email: [email protected]

Website: https://www.macfarlanephysio.co.uk