Privacy Policy

Hekas Sport Therapy (“Hekas“, “we“, “our“, or “us“) is committed to protecting and respecting your privacy. This policy explains how we collect, use, disclose and safeguard your personal data when you visit hekassporttherapy.co.uk (the “Site“), book an appointment or otherwise interact with our clinic.

1. Who We Are

Controller: Hekas Sport Therapy, 12 Oldham Street, Northern Quarter, Manchester M1 1JQ, United Kingdom.
Email: enquiries@hekas.co.uk
Phone: 07 443 441 225 


2. Personal Data We Collect

CategoryExamplesLawful Basis*
Identity & ContactName, address, email, telephoneContract, Legitimate Interest
Health InformationInjury history, treatment notes, medical referralsExplicit Consent, Vital Interest
TransactionAppointment history, payments, invoicesContract, Legal Obligation
TechnicalIP address, browser type, device IDsLegitimate Interest
Usage & MarketingPage views, click‑throughs, marketing preferencesConsent, Legitimate Interest
CookiesAnalytics, functional, advertising cookiesConsent (where required)

*See section 4 for details on lawful bases under UK GDPR.


3. How We Collect Data

  • Direct interactions: Forms on our site, phone calls, email, and in‑clinic paperwork.
  • Automated technologies: Cookies and similar tracking on the site.
  • Third parties: payment processors (e.g., Stripe), booking system providers (e.g., Booknetic), and analytics platforms (e.g., Google Analytics).

4. How & Why We Use Your Data

We will only process your personal data when the law allows. Common purposes include:

  1. Booking & Delivering Treatment – to confirm appointments, create treatment plans and provide physiotherapy/sports‑therapy services. (Contract / Explicit Consent for special‑category health data)
  2. Payment Processing & Invoicing – to take deposits, process refunds and keep accounting records. (Contract / Legal Obligation)
  3. Client Support – to respond to enquiries, reschedule bookings and send service notifications. (Legitimate Interest)
  4. Marketing – to send you newsletters or offers where you have opted in. (Consent)
  5. Analytics & Website Improvement – to analyse site performance and enhance user experience. (Legitimate Interest)
  6. Legal & Regulatory Compliance – to cooperate with regulators or enforce our terms (Legal Obligation)

We do not subject you to automated decision‑making that produces legal or similarly significant effects.


5. Sharing Your Data

We share data only when necessary:

  • Service Providers – IT hosting, booking software, email, payment gateways, all under data‑processing agreements.
  • Medical Professionals – with your explicit consent (e.g., referring physician).
  • Regulators & Authorities – where legally required.

We never sell your data.


6. International Transfers

Some providers (e.g., email, cloud storage) may store data outside the UK/EEA. Where this occurs, we ensure appropriate safeguards such as the UK Addendum to Standard Contractual Clauses or adequacy decisions.


7. Data Retention

  • Marketing consents: until you withdraw consent or 2 years after the last interaction.
  • Cookies & analytics data: up to 26 months.

8. Your Rights

Under the UK GDPR you have rights to:

  • Access your personal data (Subject Access Request)
  • Rectify inaccurate or incomplete data
  • Erase data (“right to be forgotten”)
  • Restrict processing
  • Data portability
  • Object to processing (including marketing)
  • Withdraw consent at any time (without affecting prior processing)

To exercise these rights, contact privacy@hekassporttherapy.co.uk. We aim to respond within one month.


9. Security Measures

We employ encryption (SSL/TLS), role‑based access, secure booking portals and staff confidentiality training. However, no online transmission can be guaranteed 100% secure.


10. Cookies

We use cookies to:

  • Remember your booking selections (strictly necessary)
  • Analyse Site traffic (Google Analytics)
  • Serve retargeting ads (Meta, Google Ads)

You can control cookies via your browser settings or our Cookie Preference banner.

For more details, see our Cookie Policy.


11. Links to Other Sites

Our site may contain links to third‑party websites. We are not responsible for their content or privacy practices; please review their policies.


12. Changes to This Policy

We may update this policy periodically. Any significant changes will be posted on this page and, where appropriate, notified by email.


13. Contact & Complaints

Questions, comments or complaints? Contact our Data Protection Lead at enquiries@hekas.co.uk