Privacy and Personal Information Policy

Young Ones Mobile Physiotherapy – Personal Information and Data Storage

Introduction

At Young Ones Mobile Physiotherapy, we are committed to protecting the privacy, confidentiality, and security of all personal information entrusted to us. As a private children’s physiotherapy service, we understand the importance of handling sensitive information responsibly and in accordance with:

  • UK General Data Protection Regulation (UK GDPR)

  • Chartered Society of Physiotherapy (CSP) professional guidance

  • Health and Care Professions Council (HCPC) standards

This policy explains how and why we collect, store, use, and protect personal information relating to children, parents, carers, and families using our services.

Why we store personal information

We collect and store personal information in order to provide safe, effective, and professional physiotherapy services for children and young people.

This information allows us to:

  • Assess a child’s physiotherapy needs

  • Plan and deliver appropriate treatment

  • Monitor progress and outcomes

  • Communicate with parents, carers, schools, GPs, consultants, and other professionals involved in the child’s care

  • Maintain accurate clinical records in line with CSP and HCPC professional standards

  • Manage appointments, payments, and administration

  • Meet legal, safeguarding, insurance, and regulatory obligations

Maintaining accurate records is a professional requirement for physiotherapists and supports continuity of care, clinical safety, and safeguarding.

What information we may collect

We may collect and store:

Personal Information

  • Child’s name and date of birth

  • Parent or carer names

  • Address, telephone number, and email address

  • GP and healthcare professional details

  • School or nursery information where relevant

Health Information

  • Medical history

  • Assessment findings

  • Treatment plans and session notes

  • Reports from other healthcare professionals

  • Progress records and outcome measures

Administrative Information

  • Appointment history

  • Payment and invoicing records

  • Correspondence and consent forms

Some of this information is classified as “special category data” under UK GDPR because it relates to health information and requires additional protection.

How we store information

We take appropriate technical and organisational measures to keep all personal information secure.

Information may be stored:

  • Electronically using password-protected clinical systems

  • On encrypted devices

  • In secure cloud-based systems compliant with UK GDPR requirements

Access to information is restricted to authorised individuals who require it for professional purposes only.

We regularly review our systems and procedures to reduce the risk of unauthorised access, loss, disclosure, or misuse of information.

Who we share information with

We only share information when necessary and appropriate.

This may include:

  • GPs

  • Consultants

  • Schools or nurseries

  • Occupational therapists, speech and language therapists, or other healthcare professionals

  • Safeguarding services where required by law

We will normally discuss information sharing with parents or carers unless:

  • there is a safeguarding concern

  • disclosure is required by law

  • sharing is necessary to protect a child or another person from harm.

We never sell personal information to third parties.

Legal basis for processing information

Under UK GDPR, we process personal and health information because it is necessary for:

  • the provision of healthcare services

  • compliance with legal and professional obligations

  • safeguarding responsibilities

  • legitimate clinical record keeping

How long we keep records

Clinical records are retained in accordance with CSP guidance and legal retention requirements.

Records will be kept until the child reaches 25 years of age.

After the retention period ends, records are securely destroyed or permanently deleted.

Your Rights

Under UK GDPR, parents, carers, and young people where appropriate have the right to:

  • Request access to personal information

  • Request correction of inaccurate information

  • Request restriction of processing in certain circumstances

  • Raise concerns about how information is handled

  • Complain to the Information Commissioner’s Office (ICO)

Requests relating to personal information should be made in writing using the contact details below.

Confidentiality

All information shared with us is treated confidentially and handled in accordance with professional ethical standards.

All physiotherapists working within the practice are registered with the Health and Care Professions Council (HCPC) and follow CSP professional standards relating to confidentiality and record keeping.

Contact Details

If you have any questions about this policy or how your information is used, please contact:

Young Ones Mobile Physiotherapy

youngonesphysiotherapy@gmail.com

You also have the right to contact the Information Commissioner’s Office (ICO):
www.ico.org.uk

Policy Review

This policy is reviewed regularly to ensure ongoing compliance with UK data protection legislation and professional guidance.

Last Updated: May 2026