1. Introduction

This Privacy Policy explains how I collect, use, store, and protect your personal information when you book or receive osteopathic or naturopathic care with me, whether in clinic or during a home visit. I am committed to protecting your privacy and complying with the UK GDPR and Data Protection Act 2018.

​

2. Who I Am

Paula Garcia dos Santos Registered Osteopath (GOsC 11884), osteo.paulads@gmail.com.

I am the data controller for your personal information.

​

3. What Information I Collect

I collect and store:

​

Personal details

• Name

• Date of birth

• Contact details

• Address

• Occupation

​​

Health information (special category data)

• Medical history

• Symptoms and clinical notes

• Assessment findings

• Treatment records

​​

Booking & payment information

Depending on the clinic location, your booking and payment information may be processed through:

• Cliniko

• Fresha

• Jane App

• Stripe (for card payments)

​​

I do not store card numbers.

​

Website & communication

• Emails you send me

• Contact form submissions

• Cookies (via Wix)

​​

4. How Your Information Is Used

I use your information to:

• Provide safe and effective osteopathic care

• Maintain accurate clinical records

• Manage bookings and payments

• Communicate with you about appointments

• Meet legal and regulatory obligations

​​

I do not use your data for marketing unless you explicitly opt in.

​

5. Lawful Basis for Processing

Under GDPR, I rely on:

• Legitimate interest – providing healthcare services

• Legal obligation – maintaining clinical records

• Consent – for processing special category health data

​​

6. How Your Information Is Stored

Your data may be stored securely through:

• Cliniko (clinical records, bookings & payments)

• Fresha (clinical records, bookings & payments)

• Jane App (clinical records, bookings & payments)

• Wix (website forms)

• Stripe (payments)

​​

All providers are GDPR‑compliant and use secure encrypted systems.

​

7. How Long Your Data Is Kept

As required by the General Osteopathic Council:

• Adult clinical records: 8 years

• Children’s records: until age 25 (or 26 if seen at 17)

​​

Administrative records may be kept for up to 7 years for tax and legal purposes.

​

8. Sharing Your Information

I only share your information when:

• Required by law

• You request a referral or letter

• An insurer requests confirmation with your consent

​​

I never sell or share your data for marketing.

​

9. Your Rights

You have the right to:

• Access your data

• Request corrections

• Request deletion (where legally possible)

• Withdraw consent

• Restrict processing

• Lodge a complaint with the ICO

​​

10. Contact

If you have any questions about this policy or your data, please contact: osteo.paulads@gmail.com