Privacy Policy

In line with the GDPR data protection regulations introduced in May 2018 we are legally obligated to provide you with a copy of our privacy policy which details how we collect and store your data. Should you have any queries you can direct them to our data protection officer whose contact details are listed below.

What is a Privacy Notice?

Under data protection law you, as client of Staines Chiropractic Ltd, have specific

rights. To communicate these rights to you in a clear and concise manner, we are providing you with this privacy notice.

Who We Are

‘Staines Chiropractic + other therapies’ and ‘The Chiropractic Clinic New Malden’ are trading names of ‘Staines Chiropractic Ltd.’ company number, our registered address is 5 Fairfield Avenue, Staines upon Thames, Middlesex, TW18 4AB.  Telephone number: 01784 466130, email address:

For the purposes of processing your personal data we are the Controller.

Data Protection Officer

As we record and use sensitive data we take the protection of this data very seriously. We have therefore appointed a Data Protection Officer, Laura Miller, who is your first point of contact for any matters regarding your personal data we process. She can be contacted the number above; her email address is and her postal address is as given above. We are registered with the Information Commissioner’s Office (ICO), our registration number is Z2974378

The Personal Data We Process and What We Do with It

We record and use the following categories of personal data: name, address, telephone numbers, email address, date of birth, job description, health information including medical history, diagnosis and treatment data. Our lawful basis of processing this data is one of contract and, for the health information, the provision of health-related services as a healthcare clinic. In addition, we will only examine or treat you with your explicit consent.  All data collected is stored electronically via our cloud based, Australian owned GDPR compliant system ‘Cliniko’. We do not store hard copies of consent forms, medical reports or any correspondence from third parties, these are scanned, shredded and stored electronically on the same system.  We store imaging records (x-rays, MRI) sent to us by third parties under lock and key.     

Sharing Your Personal Data

Whilst you are receiving treatment from our clinic we will continue to store and use your personal data. Once you have been discharged, we will be required to retain your personal data for a minimum of 8 years.  We may be required to share your personal data with third parties for the benefit of your care, for example, an insurance company,  solicitor or GP, but will only do so with your explicit consent.  Staines Chiropractic Ltd. may disclose or share your information if required to do so by law.

Your Rights

As we process your personal data, you have certain rights. These are a right of access, a right of rectification, a right of erasure and a right to restrict processing.

You may request a copy of your data at any time. Please make such a request in writing or by email to the Data Protection Officer, whose details are shown above. Please provide the following information: your name, address, telephone number, email address and details of the information you require. We will need to verify your identity so we may ask for a copy of your passport, driving license and/or recent utility bill.

If you believe any of the personal data we hold on you is inaccurate or incomplete, please contact the clinic directly and any necessary corrections to your data will be made promptly. If you believe we should erase your data, please contact the Data Protection Officer, whose details are shown above. If you wish us to stop storing or using your data, please contact the Data Protection Officer, whose details are shown above.

Should you wish for some or all of your personal data to be shared with a third party, for example another health practitioner, solicitor or private health insurer we will require a signed consent form to release this data.  We will ensure all requests are dealt with within 28 working days from the date the request is received (not the date it is signed.)  There is not normally a fee for this process, however we do reserve the right to charge a reasonable administration fee of £10 if numerous hard copies are required or special delivery services are required.  This will be discussed with yourself and the third party if the instance arises and notes will be released in receipt of the payment.

Data Breaches

Should your personal data that we control be lost, stolen or otherwise breached, where this constitutes a high risk to your rights and freedoms, we will contact you without delay. We will give you the contact details of the Data Protection Officer who is dealing with the breach, explain to you the nature of the breach and the steps we are taking to deal with it.

Should You Wish to Complain

You can contact the ICO via their website: should you wish to make a complaint about the way we are processing your personal data.

Automated Decision Making and Profiling

We do not use any system which uses automated decision making or profiling in respect of your personal data.