Privacy Policy
Active Recovery – Body and Mind
Last Updated: June 2026
At Active Recovery – Body and Mind, your privacy is taken very seriously. This policy explains clearly how your personal information is collected, used, stored and protected when you receive treatment, contact the practice, or visit our website.
We are committed to handling your data transparently, lawfully and fairly in accordance with the UK General Data Protection Regulation (UK GDPR), the Data (Use and Access) Act 2025 (where applicable), and the Privacy and Electronic Communications Regulations (PECR).
Throughout this policy, "we", "our" and "us" refer to Active Recovery – Body and Mind.
1. Who We Are
Data Controller: Nicola Brett
Business Name: Active Recovery – Body and Mind
ICO Registration Number: ZA786623
Email: activerecoverytherapy@gmail.com
Telephone: 07800 751452
2. What Personal Information We Collect
In order to provide safe and effective treatment, we need to collect some personal and health information from you.
This may include:
-
Name
-
Address
-
Email address
-
Telephone number
-
Date of birth
-
Occupation
-
GP details
-
Relevant health and medical information
-
Mental wellbeing information relevant to treatment
-
Lifestyle information relevant to treatment
-
Family history where relevant to treatment
This information may be collected through:
-
Consultation forms
-
Telephone calls
-
Email correspondence
-
Social media messages
-
Online enquiries
-
Video consultations
-
Face-to-face appointments
You are not obliged to provide this information. However, without it we may be unable to provide treatment safely and effectively.
We may contact you to:
-
Confirm or rearrange appointments
-
Provide treatment-related information
-
Send aftercare information
-
Respond to enquiries
We will only send marketing or promotional communications if you have given explicit consent. You can withdraw this consent at any time.
We do not use your personal data for automated decision-making or profiling.
3. Initial Consultations and Session Notes
During your initial consultation and subsequent sessions, information relevant to your treatment may be recorded.
Brief session notes may be kept to:
-
Support your treatment
-
Monitor progress
-
Plan future sessions
-
Maintain appropriate professional records
These notes are stored securely and treated as confidential.
4. Lawful Basis for Processing Your Data
Under UK GDPR, we process your personal data under the following lawful bases:
Contract – Article 6(1)(b)
To provide the services and treatment you have requested.
Legal Obligation – Article 6(1)(c)
To comply with legal, professional, insurance and regulatory requirements.
Legitimate Interests – Article 6(1)(f)
For the safe and effective management of the practice.
Provision of Health Care – Article 9(2)(h)
As we process special category health data in order to provide healthcare-related services.
Consent
For marketing communications and certain website cookies where consent is required.
5. How Your Information Is Stored
Your records may be stored in paper form and/or electronically.
We use carefully selected third-party Data Processors to support the operation of the practice, including:
-
Google (Gmail and Google Drive)
-
Rehab My Patient
-
Wix (website platform)
These providers process data securely and only in accordance with our instructions.
Electronic data is protected using:
-
Password protection
-
Two-factor authentication where available
-
Encryption
-
Secure cloud storage
Paper records are stored in a locked filing cabinet within locked premises.
Only authorised persons have access to your data.
6. How Long We Keep Your Records
Records are retained in line with professional, legal and insurance requirements:
Soft Tissue Therapy Clients
-
7 years after your most recent appointment
Hypnotherapy Clients
-
8 years after your most recent appointment
Children and Young People
-
Until age 25 if under 16 when last seen
-
Until age 26 if aged 17–18 when last seen
At the end of the retention period, records are securely destroyed or permanently deleted.
7. Sharing Your Information
Your information is confidential.
We will only share your information where necessary and appropriate.
This may include:
-
Rehab My Patient for exercises and aftercare
-
Your GP or other healthcare professionals, with your written consent
-
A parent, guardian, carer or appropriate adult where necessary
During clinical supervision, client cases may be discussed anonymously with a qualified supervisor to ensure best practice. No identifiable information is shared unless explicit consent has been obtained.
We do not sell or rent your information to third parties.
8. Confidentiality and Safeguarding
Everything discussed during sessions is treated confidentially.
However, confidentiality may be broken where:
-
We are required to do so by law
-
There is a serious risk of harm to yourself
-
There is a serious risk of harm to another person
-
Safeguarding concerns arise involving a child or vulnerable adult
Where possible, we will discuss any disclosure with you first.
Only information necessary to ensure safety or comply with legal obligations will be disclosed.
9. Clinical Supervision
As part of maintaining professional standards and ensuring best practice, aspects of client work may be discussed with a qualified clinical supervisor.
Where possible, all discussions are anonymised and no identifiable information is disclosed.
10. Privacy Outside of Sessions
Your privacy is important.
If we meet outside of a therapy session, we will not approach or acknowledge you unless you do so first. This helps maintain your confidentiality.
Whilst every effort is made to maintain privacy during appointments, there may occasionally be brief contact with other clients in shared spaces.
11. Data Breaches
In the unlikely event of a personal data breach, we have procedures in place to investigate, contain and manage the incident.
Where legally required, affected individuals and the Information Commissioner's Office (ICO) will be notified.
12. Your Rights
Under UK GDPR, you have the right to:
-
Be informed about how your data is used
-
Access the personal data we hold about you
-
Request correction of inaccurate information
-
Request deletion of your personal data (subject to legal retention requirements)
-
Request restriction of processing in certain circumstances
-
Object to processing
-
Withdraw consent where applicable
-
Request a copy of your personal data in a commonly used electronic format where applicable (data portability)
-
Not be subject to solely automated decision-making
To exercise any of these rights, please contact us using the details provided below.
13. Complaints
If you have concerns about how your personal data has been handled, please contact us first so that we can investigate and attempt to resolve the matter.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Information Commissioner's Office (ICO)
14. Website Cookies
Our website uses cookies and similar technologies to help the website function properly and to improve your experience.
Cookies may be used for:
-
Essential website functionality
-
Website analytics
-
Performance monitoring
-
Improving user experience
Where required under PECR, non-essential cookies will only be used with your consent.
A cookie consent banner is displayed when you visit our website, allowing you to manage your cookie preferences.
You can also control cookies through your browser settings at any time.
15. Links to Other Websites
Our website may contain links to third-party websites.
We are not responsible for the privacy practices, content or security of external websites and recommend reviewing their privacy policies before providing personal information.
16. Testimonials and Reviews
Testimonials will only be published with your explicit consent.
We will not publish your name or identifying information without your permission.
Reviews submitted through third-party platforms such as Google, Facebook or other review websites remain subject to those platforms' privacy policies.
If you later request the removal of a testimonial that we control, we will remove it wherever reasonably possible.
17. Changes to This Privacy Policy
This Privacy Policy may be updated periodically to reflect changes in legislation, regulatory guidance or business practices.
The most recent version will always be available on our website.
18. Contact Us
Nicola Brett
Active Recovery – Body and Mind
ICO Registration Number: ZA786623
Email: activerecoverytherapy@gmail.com
Telephone: 07800 751452
If you have any questions about this Privacy Policy or how your personal data is handled, please get in touch.