Introduction

At AA Chiropractic Ltd, we value your privacy and are committed to protecting your personal data. This notice explains how we collect, use, and safeguard your information in line with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and professional healthcare recordkeeping requirements.

By using our website or services, you agree to the terms outlined in this notice.

Information We Collect

Depending on how you interact with us, we may collect:

• Identity information: name, date of birth, gender.

• Contact details: phone number, email address, postal address.

• Health information: medical history and treatment notes (as provided during consultation and treatment).

• Technical data: IP address, browser type, site usage.

• Payment information: if paying for services online.

How We Use Your Data

We process personal data to:

• Provide chiropractic and massage therapy services.

• Maintain accurate health records in compliance with legal and professional standards.

• Manage appointments, billing, and communication.

• Respond to enquiries made via our website, phone, or email.

• Improve our services and website experience.

• Send marketing communications (only with your consent).

Lawful Basis for Processing

We process personal data under the following lawful bases:

• Provision of healthcare services (contractual necessity).

• Legal obligation (to retain health records as required).

• Legitimate interests (business administration and communication).

• Consent (where you have opted in to receive marketing).

• Special category data (health information) is processed under GDPR Article 9(2)(h): necessary for the provision of healthcare.

Healthcare Records Retention

As a healthcare provider, we are legally required to retain patient health records for a minimum of 8 years after the date of your last appointment, or until a child reaches the age of 25 (whichever is longer).

This means that while you have the right to request erasure of your data, in some cases we may be unable to delete medical records we are legally obliged to keep. In such cases, we will restrict processing to what is legally necessary.

Data Sharing

We will never sell or share your data with third parties for marketing purposes.
We may share your information only when required by law or where necessary for the delivery of healthcare (e.g., with another healthcare professional, but only with your consent).

Data Security

Your data is stored securely and protected against loss, misuse, and unauthorised access. Electronic records are password-protected and encrypted where appropriate. Paper records, if kept, are stored securely.

Your Rights

Under UK GDPR, you have the following rights:

• To be informed about how your data is used.

• To access your personal data.

• To request correction of inaccurate data.

• To request erasure (subject to healthcare recordkeeping obligations).

• To restrict or object to processing.

• To request data portability.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you believe your rights have been infringed.

Cookies

Our website may use cookies to improve user experience and website functionality. You can manage cookies in your browser settings.

Contact Us

For any privacy-related questions or to exercise your rights, please contact:

Alo Chiropractic 
264 North Road, Cardiff, CF14 3BL
info@alochiropractic.co.uk
02920 628 128

Updates to This Privacy Notice

We may update this privacy notice from time to time to reflect changes in law or practice. Updates will be posted on this page, and we encourage you to review it regularly.