Hekas Sport Therapy (“Hekas“, “we“, “our“, or “us“) is committed to protecting and respecting your privacy. This policy explains how we collect, use, disclose and safeguard your personal data when you visit hekassporttherapy.co.uk (the “Site“), book an appointment or otherwise interact with our clinic.
1. Who We Are
Controller: Hekas Sport Therapy, 12 Oldham Street, Northern Quarter, Manchester M1 1JQ, United Kingdom.
Email: enquiries@hekas.co.uk
Phone: 07 443 441 225
2. Personal Data We Collect
Category | Examples | Lawful Basis* |
---|---|---|
Identity & Contact | Name, address, email, telephone | Contract, Legitimate Interest |
Health Information | Injury history, treatment notes, medical referrals | Explicit Consent, Vital Interest |
Transaction | Appointment history, payments, invoices | Contract, Legal Obligation |
Technical | IP address, browser type, device IDs | Legitimate Interest |
Usage & Marketing | Page views, click‑throughs, marketing preferences | Consent, Legitimate Interest |
Cookies | Analytics, functional, advertising cookies | Consent (where required) |
*See section 4 for details on lawful bases under UK GDPR.
3. How We Collect Data
- Direct interactions: Forms on our site, phone calls, email, and in‑clinic paperwork.
- Automated technologies: Cookies and similar tracking on the site.
- Third parties: payment processors (e.g., Stripe), booking system providers (e.g., Booknetic), and analytics platforms (e.g., Google Analytics).
4. How & Why We Use Your Data
We will only process your personal data when the law allows. Common purposes include:
- Booking & Delivering Treatment – to confirm appointments, create treatment plans and provide physiotherapy/sports‑therapy services. (Contract / Explicit Consent for special‑category health data)
- Payment Processing & Invoicing – to take deposits, process refunds and keep accounting records. (Contract / Legal Obligation)
- Client Support – to respond to enquiries, reschedule bookings and send service notifications. (Legitimate Interest)
- Marketing – to send you newsletters or offers where you have opted in. (Consent)
- Analytics & Website Improvement – to analyse site performance and enhance user experience. (Legitimate Interest)
- Legal & Regulatory Compliance – to cooperate with regulators or enforce our terms (Legal Obligation)
We do not subject you to automated decision‑making that produces legal or similarly significant effects.
5. Sharing Your Data
We share data only when necessary:
- Service Providers – IT hosting, booking software, email, payment gateways, all under data‑processing agreements.
- Medical Professionals – with your explicit consent (e.g., referring physician).
- Regulators & Authorities – where legally required.
We never sell your data.
6. International Transfers
Some providers (e.g., email, cloud storage) may store data outside the UK/EEA. Where this occurs, we ensure appropriate safeguards such as the UK Addendum to Standard Contractual Clauses or adequacy decisions.
7. Data Retention
- Marketing consents: until you withdraw consent or 2 years after the last interaction.
- Cookies & analytics data: up to 26 months.
8. Your Rights
Under the UK GDPR you have rights to:
- Access your personal data (Subject Access Request)
- Rectify inaccurate or incomplete data
- Erase data (“right to be forgotten”)
- Restrict processing
- Data portability
- Object to processing (including marketing)
- Withdraw consent at any time (without affecting prior processing)
To exercise these rights, contact privacy@hekassporttherapy.co.uk. We aim to respond within one month.
9. Security Measures
We employ encryption (SSL/TLS), role‑based access, secure booking portals and staff confidentiality training. However, no online transmission can be guaranteed 100% secure.
10. Cookies
We use cookies to:
- Remember your booking selections (strictly necessary)
- Analyse Site traffic (Google Analytics)
- Serve retargeting ads (Meta, Google Ads)
You can control cookies via your browser settings or our Cookie Preference banner.
For more details, see our Cookie Policy.
11. Links to Other Sites
Our site may contain links to third‑party websites. We are not responsible for their content or privacy practices; please review their policies.
12. Changes to This Policy
We may update this policy periodically. Any significant changes will be posted on this page and, where appropriate, notified by email.
13. Contact & Complaints
Questions, comments or complaints? Contact our Data Protection Lead at enquiries@hekas.co.uk