Menu Close
  • Physiotherapy
    Physiotherapy
    Physiotherapy Near Me
  • Sports Massage
    Deep Tissue Sports Massage
    Sports Massage Near Me
  • What We Treat
    Body Areas
    Conditions
    See All Injuries & Pains We Treat
  • Prices & Insurance
    Prices & Private Health Insurance Use
  • About
    Learn More About One Body LDN
    Meet The Founders
  • Resources
    Our Client Resources
    Top Posts
  • Physiotherapy
    Physiotherapy
    Physiotherapy Near Me
  • Sports Massage
    Deep Tissue Sports Massage
    Sports Massage Near Me
  • What We Treat
    Body Areas
    Conditions
    See All Injuries & Pains We Treat
  • Prices & Insurance
    Prices & Private Health Insurance Use
  • About
    Learn More About One Body LDN
    Meet The Founders
  • Resources
    Our Client Resources
    Top Posts
Book Now
Unsure? Book a Free First Assessment

GDPR & Data Protection Policy One Body LDN

Last Updated: July 2025

At One Body LDN, we take your privacy and data security seriously. This GDPR & Data Protection Policy explains how we collect, process, store, and protect your personal data, ensuring full compliance with the General Data Protection Regulation (GDPR), the Data Protection Act 2018, and UK Data Protection Laws. For more details about our privacy practices, please refer to our Privacy Policy.

1. Introduction: Why This Policy Matters

We are committed to ensuring that your personal data is processed lawfully, fairly, and transparently. This policy:

  • Explains what personal data we collect and why
  • Clarifies your legal rights under GDPR
  • Outlines how we protect and secure your data
  • Provides information on how to request, update, or delete your data

By using our services or visiting our website, you agree to the terms of this policy. One Body LDN Ltd is registered with the UK Information Commissioner’s Office (ICO) as a data controller (Registration No. ZA789544) and complies with the UK GDPR and Data Protection Act 2018. This policy is aligned with the UK GDPR, Data Protection Act 2018, and guidance from the Information Commissioner’s Office (ICO). 

 

2. What Personal Data We Collect

We collect and process different types of personal data, including:

  • Basic Information: Name, email, phone number, address, date of birth
  • Medical Information: Appointment history, treatment records, health data
  • Payment Details: Bank account data processed via secure third-party providers
  • Marketing Preferences: Your consent for promotional content
  • Usage Data: IP address, browser type, device ID, and website interactions

For cookies and tracking data, please see our Cookie Policy.

3. Legal Basis for Processing Personal Data

We process personal data on one or more of the following lawful bases:

  • Consent: You have explicitly agreed to specific processing
  • Contractual Necessity: Required to deliver services you request
  • Legal Obligation: Required by UK law or regulation
  • Vital Interests: To protect someone’s life or health
  • Public Interest: In cases of public health or legal regulation
  • Legitimate Interests: For business purposes that do not override your rights

4. How We Use Your Personal Data

Your personal data may be used to:

  • Deliver Medical & Wellness Services
  • Manage Appointments & Accounts
  • Send Marketing & Promotions (if consented)
  • Improve Website Functionality & Services
  • Fulfil Legal Obligations

We do not sell your data or share it with unauthorised third parties.

5. Your GDPR Rights

You have the right to:

  • Access – View your personal data
  • Rectify – Correct inaccurate data
  • Erase – Request deletion of your data
  • Restrict Processing – Limit how we use your data
  • Object – Prevent us from using your data for direct marketing
  • Data Portability – Transfer your data to another provider
  • Withdraw Consent – Revoke previously given consent

To exercise your rights, email us at info@onebodyldn.com. We aim to respond within 30 days.

6. How Long We Keep Your Data

We retain data:

Data TypePurposeRetention Period
Treatment RecordsLegal & medical compliance8 years (or until age 26 for minors)
Contact InformationClient communicationUntil request for deletion
Payment RecordsFinancial regulationUp to 7 years

When no longer needed, your data is securely deleted or anonymised.

7. How We Protect Your Data

We use:

  • Encryption and secure storage
  • Access controls for authorised personnel only
  • Firewall and cybersecurity protocols
  • Staff training on GDPR compliance
  • Third-party due diligence to ensure GDPR adherence

We review security regularly. If a breach occurs, we will notify affected individuals and take legal steps.

8. Transferring Data Outside the UK & EEA

While we primarily store data within the UK and EEA, some vendors (e.g., Google, Meta) may process data internationally.

To protect your data, we use:

  • Standard Contractual Clauses (SCCs)
  • End-to-end encryption
  • Strict vendor contracts

9. Complaints & Contacting the ICO

If you have concerns, contact us first at info@onebodyldn.com.

If unresolved, you can lodge a complaint with the UK Information Commissioner’s Office (ICO):
📍 Wycliffe House, Water Lane, Wilmslow, SK9 5AF, UK
🌐 https://ico.org.uk/concerns/

10. Contact Us

If you have questions or requests regarding this GDPR policy:

📩 Email: info@onebodyldn.com
📍 Address: One Body LDN LTD, 5A Maltings Place, 169 Tower Bridge Road, London, SE1 3JB, UK

Transparency Around AI Use

We currently do not use AI to process personal data for clinical or customer decision-making. If this changes, we will:

  • Disclose it transparently in this policy
  • Ensure all AI outputs are reviewed by qualified staff
  • Follow ethical guidelines to prevent bias or misuse

Updates to This Policy

We review this policy at least annually or when new regulations or technologies require it.