Home Links Physiotherapy

Privacy Policy

Understanding how we manage your information

Privacy Statement

At JLinks Physiotherapy Limited trading as Home Links Physiotherapy, we are committed to protecting your privacy and ensuring the security of your personal information. This privacy statement outlines how we collect, use, disclose, and store your data in accordance with UK GDPR regulations and our professional standards. The Director of JLinks Physiotherapy Limited have overall responsibility for this statement.

Company Information

Company Name: JLinks Physiotherapy Limited (Company Number: 11843830) trading as Home Links Physiotherapy

Registered Office: 2nd Floor (Right) Downe House, 303 High Street, Orpington, Kent, England, BR6 0NN

Registered in: England and Wales

Compliance

As an independent physiotherapy company, we provide high-quality physiotherapy services tailored to meet your individual needs. Whilst we operate independently, our commitment to excellence extends to compliance with industry standards and regulations. Our Professional Body, the Chartered Society of Physiotherapy, requires us to comply with the NHS Records Management Code of Practice. This commitment underpins our record management and storage policies, ensuring that your personal information is handled with the utmost care and in accordance with best practices.

Registered Data Handlers

JLinks Physiotherapy Limited trading as Home Links Physiotherapy is registered as a data handler with the Information Commissioner's Office (ICO), ensuring that your data is handled in compliance with data protection laws and regulations.

ICO Registration Reference: ZA534821

Information We Collect

The information we collect may include:

  • Your name, address, date of birth, and other personal contact information

  • Disability, ethnicity, gender, occupation, and hobbies

  • Contact information for any medical professionals including your GP or other health and social care professionals

  • Information relevant to your health and any medical condition

  • Treatment that you are receiving or is recommended by us or another medical professional

  • Your personal circumstances which are divulged to us by you or a third party (such as a relative or a carer)

This information is necessary for providing you with physiotherapy services and ensuring your safety and well-being.

Who Collects Information

Information is collected by Home Links Physiotherapy staff and contractors including:

  • Physiotherapists

  • Fitness Professionals

  • Physiotherapy Assistants

  • Administration staff

How We Use Your Information

Your personal information is used solely for the purpose of providing you with services from our Company. This includes:

  • Scheduling appointments

  • Assessing your condition

  • Developing treatment plans

  • Communicating with other healthcare professionals involved in your care

  • Legal Basis for Processing

Under GDPR, we process your personal data on the following legal bases:

Consent: Where you have given clear consent for us to process your personal data for specific purposes

Contractual necessity: Where processing is necessary for the performance of a contract with you

Legal obligation: Where we have a legal obligation to process your data

Vital interests: Where processing is necessary to protect your vital interests or those of another person

Legitimate interests: Where processing is necessary for our legitimate interests in providing healthcare services

Data Retention and Storage

We do not hold or store paper records about you. Any paper records are uploaded to your electronic record and paper records are immediately securely destroyed.

Should there be a requirement for us to use paper records in the short-term loss of access to electronic records, they are uploaded to electronic records as soon as practical and paper records are destroyed.

We adhere to NHS guidelines for the retention and storage of personal information. Your data will be retained for the minimum duration required for the provision of physiotherapy services and as required by law. Details of the minimum length of time this data is required to be stored can depend on various factors. Details can be found at: NHS Records Management Code of Practice. In most instances this is a minimum of 8 years.

Data Retention Periods:

  • Medical records: Minimum 8 years (per NHS guidelines)

  • Client management system records: As per legal and professional requirements

  • Email communications: 2 years after it was received/sent or until deleted from the mailbox (whichever is later)

  • Exercise prescription data: As per clinical governance requirements

If you begin a new episode of care whilst your records are still within agreed retention periods, then these episodes of care will link, and the retention period will begin again at the end of the current episode.

Once your treatment is completed with us and we no longer need access to your clinical records, any information on our client management systems and electronic record system called Cliniko we will place it into the "archived" area which has restricted access to the team. After the minimum retention period of your data, your information will be either securely disposed of or kept in the archived to a "non-live" area of the electronic system in accordance with GDPR regulations and the NHS Electronic Record System guidelines.

Data Security

We employ robust security measures to protect your personal information from unauthorised access, disclosure, alteration, or destruction. This includes encryption, access controls, and regular monitoring of our systems for any potential security threats.

Review and Monitoring Process

We have systems in place to regularly review and monitor where your personal identifiable data (PID) is, how it is being used, and where it is stored. We maintain an Information assets and flows register (IAFR) which is regularly reviewed and completed as part of the setup of new services and projects.

A Data protection impact assessment (DPIA) is completed when a new project within the business which involves PID is planned. We do our utmost to keep this statement updated; however, an updated list of where PID is stored and used can be requested from us. This ensures that your information remains secure and is only accessed by authorised personnel for legitimate purposes.

Disclosure of Information

We may disclose your personal information to other healthcare professionals involved in your care, as well as to third parties such as insurers or regulatory authorities where required by law or with your consent.

Third-Party Systems

Your data may be stored in our Practice and client management system called Cliniko, our exercise prescription program called Rehab my Patient, and our accounting system called Xero. Additionally, information submitted via our website is hosted by GoHighLevel. Each of these systems has its own privacy statement, and we regularly audit them and ensure that they comply with UK GDPR laws and guidelines. Some data may be hosted by third parties outside the UK, but it is only available to our staff and technical support in the UK.

Third-party system privacy information:

Online Card Payment Systems

We utilise online card payment systems that are securely connected to our bank and accounting system to process payments for our services. These systems adhere to strict security standards to protect your financial information. Your payment details are encrypted and securely transmitted to our bank for processing. We do not store your full payment card details on our servers or in our databases. Our payment systems are compliant with the Payment Card Industry Data Security Standard (PCI DSS) to ensure the highest level of security for your transactions.

Mobile Devices and Phone Numbers

While we do our best not to save your telephone numbers on individual therapists' phones, there are instances where contact with the therapist may be preferred via mobile phone. In such cases, therapists may store your name and number on their phones. We have policies and procedures in place to enhance the security of this information, ensuring that medical information is not provided via phone messaging systems and that your address or further personal details are not stored on therapists' mobile devices.

Your Rights Under GDPR

Under GDPR, you have the following rights regarding your personal data:

  • Right of access: You are entitled to ask for a copy of the information that we hold about you through a subject access request

  • Right to rectification: You can request that we correct any inaccurate or incomplete personal data

  • Right to erasure: You can request deletion of your personal data in certain circumstances

  • Right to restrict processing: You can request that we limit how we use your personal data

  • Right to data portability: You can request that we transfer your data to another organisation

  • Right to object: You can object to certain types of processing

  • Rights related to automated decision making: You have rights regarding automated decision making and profiling

Cookies Policy

Our website uses cookies to improve your browsing experience and provide personalised content. Cookies are small text files stored on your device when you visit our website.

Types of cookies we use:

  • Essential cookies: Required for the website to function properly

  • Performance cookies: Help us understand how visitors use our website

  • Functional cookies: Remember your preferences and settings

You can control and manage cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our website.

Contact Us

To make a request or to have any inaccuracies in your information corrected, please write to us at the address provided below, including:

  • Your full name and address and contact telephone number

  • Details of the specific information you require and any relevant dates

Data Protection Enquiries:

The Data Controller

JLinks Physiotherapy Limited trading as Home Links Physiotherapy

2nd Floor (Right) Downe House

303 High Street, Orpington

Kent, England, BR6 0NN

Email: [email protected]

Complaints

If you have any complaints about how we process your personal information or any other matter, please contact us in the first instance via email at [email protected] or by letter to the following address:

The Company Director

JLinks Physiotherapy Limited trading as Home Links Physiotherapy

2nd Floor (Right) Downe House

303 High Street, Orpington

Kent, England, BR6 0NN

If you remain dissatisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO). You can contact the ICO at:

Information Commissioner's Office

Wycliffe House, Water Lane

Wilmslow, Cheshire, SK9 5AF

Tel: 0303 123 1113

Website: https://ico.org.uk/for-the-public/

Changes to This Privacy Statement

We reserve the right to update or amend this privacy statement to reflect changes in our practices or legal requirements. Any updates will be posted on our website and communicated to you as appropriate.

Last updated: 1st August 2025

References

NHS Records Management Code of Practice. Available at: https://transform.england.nhs.uk/information-governance/guidance/records-management-code/records-management-code-of-practice/

Chartered Society of Physiotherapy (CSP) Record Keeping Guidance. Available at: https://www.csp.org.uk/system/files/publication_files/RecordKeepingFINAL_Sara%20Conroy.pdf

UK Government Data Protection Guidance. Available at: https://www.gov.uk/data-protection

Information Commissioner's Office (ICO) - Find out about your rights and data protection and information rights: https://ico.org.uk/for-the-public/

Thank you for entrusting us with your care. Your privacy and confidentiality are of the utmost importance to us.

JLinks Physiotherapy Limited (Company Number: 11843830) trading as Home Links Physiotherapy

Registered Office: 2nd Floor (Right) Downe House, 303 High Street, Orpington, Kent, England, BR6 0NN

Registered in England and Wales

Ready to Start Your Recovery Journey?

Contact us by phone, or email to speak with an administrator who will arrange a call with one of our qualified physiotherapists to discuss your needs and start your care correctly. Alternatively complete our enquiry form, and we will get in touch.

Subscribe to 'The Link' Newsletter

OPENING HOURS

Monday to Friday, 9:00am–5:00pm

APPOINTMENTS

LOCATION

Serving South East London & Kent