privacy policy
Last Updated: July 2025
One Body LDN LTD (“One Body LDN”, “we”, “our”, or “us”) is committed to safeguarding the privacy of our clients, patients, website visitors, and all individuals who engage with our services. This Privacy Policy outlines how we collect, use, store, and protect your personal data in compliance with the UK General Data Protection Regulation (UK GDPR), Data Protection Act 2018, and applicable electronic communications laws (PECR).
1. Who We Are
Company Name: One Body LDN Ltd
Registered Office: The Retreat, 406 Roding Lane South, Woodford Green, Essex, England, IG8 8EY
Email: info@onebodyldn.com
Website: https://onebodyldn.com
ICO Registration: ZA789544
2. Scope of this Privacy Policy
This policy applies to:
- Visitors to our website
- Users of our services (including physiotherapy, sports massage, osteopathy, acupuncture)
- Email subscribers and marketing recipients
- Individuals communicating with us
- Children and guardians (see Section 14)
If you are a patient, please refer to Section 8 for information regarding your clinical data and health records.
3. Legal Basis for Processing Your Data
We only process personal data where a lawful basis exists under Article 6 or 9 of the UK GDPR:
| Type of Data | Lawful Basis |
|---|---|
| Basic personal info (name, email, phone) | Legitimate interest or contract |
| Medical data (treatment records, imaging) | Legal obligation and medical care necessity |
| Marketing data (email newsletters) | Consent |
| Children’s data (under 13) | Parental consent (UK GDPR) |
4. Definitions
- Personal Data: Information identifying you directly or indirectly (e.g. name, email, IP).
- Special Category Data: Sensitive information including health, biometric, or genetic data.
- Data Controller: One Body LDN LTD, responsible for determining how and why personal data is processed.
- Service: The https://onebodyldn.com website and associated clinic services.
- User / Data Subject: You — the individual accessing or using our services.
5. What Data We Collect
We may collect the following categories of personal information:
Standard Personal Data:
- Name, email address, phone number
- Home or billing address
- Booking details
- Payment information (via third-party processors)
Special Category Data (Healthcare):
- Medical history
- Treatment notes
- Clinical imaging and diagnostics
- Correspondence from health professionals
Usage Data:
- IP address, device type, browser
- Pages visited and time spent
- Location and referral source
Children’s Data:
First name, age/date of birth, guardian contact info (with consent)
6. How We Collect Your Information
- Via online booking forms or contact forms
- Through clinical consultations and treatment sessions
- Over the phone or email correspondence
- When subscribing to newsletters or downloads
- Through referral sources such as insurance providers or healthcare partners
If you provide us with someone else’s personal data (e.g. your child), you confirm you have their consent or parental authority to do so.
7. How We Use Your Data
| Purpose | Lawful Basis |
|---|---|
| To book and manage appointments | Contract or Legitimate interest |
| To send appointment reminders and administrative communications | Legitimate interest |
| To deliver healthcare services and record medical notes | Legal obligation / health care provision |
| To respond to enquiries or feedback | Legitimate interest |
| To send marketing updates or special offers | Consent |
| To comply with legal or regulatory obligations | Legal obligation |
8. Healthcare Data & Special Category Processing
As a registered health provider, we collect and process sensitive data under Article 9(2)(h) of the UK GDPR, which permits the processing of health data for the purpose of medical diagnosis or treatment.
We are regulated by the Health & Care Professions Council (HCPC) and comply with:
- The Health and Social Care Act 2008 (Regulated Activities)
- HCPC guidelines for record-keeping
- CQC expectations for clinical documentation and security
You are the “service user” for the purposes of these legal obligations.
9. Cookies & Website Tracking
We use cookies to improve user experience, analyse traffic, and personalise content and ads.
| Type | Purpose |
|---|---|
| Necessary | Enables core website functionality |
| Analytics | Understand how users navigate the site (e.g. Google Analytics) |
| Marketing | Retargeting ads via platforms like Google Ads and Facebook Ads |
You can manage cookie preferences or opt-out via our cookie banner or through your browser settings. Learn more at YourOnlineChoices.
10. Third-Party Services We Use
We may share your data with trusted third-party processors:
11. Retention Periods
| Data Type | Retention Period |
|---|---|
| Health records | 8 years (HCPC/CQC requirement) |
| Booking/contact details | 6 years after last interaction |
| Marketing preferences | Until withdrawn |
| Payment data | Not stored by us (held by third-party processors only) |
12. Security Measures
We implement the following to protect your data:
- Industry-standard encryption on all hardware
- Two-factor authentication where applicable
- Role-based access control for staff
- Staff training on data breaches and secure handling
- Secure clinic software with regular audits
13. Sharing Your Data
We only share personal data where:
- It is necessary for medical care (e.g. your GP, insurer)
- Required by law or regulatory body (e.g. CQC, HCPC, police)
- You provide explicit consent
- We use third-party software under strict data protection agreements
14. Children’s Privacy (UK GDPR)
We do not knowingly collect data from children under 13 without parental consent. If a child under 13 uses our services or website, a parent or guardian must provide consent and contact details.
You can contact us at any time to:
- Review or update a child’s data
- Withdraw consent
- Request erasure of data
15. Your Rights
You have the following rights under UK GDPR:
| Right | Description |
|---|---|
| Access | Request a copy of your data (SARs) |
| Rectification | Correct inaccurate or incomplete data |
| Erasure | Request deletion (where lawful) |
| Restriction | Pause processing under certain conditions |
| Objection | Object to processing for legitimate interests or marketing |
| Portability | Request transfer to another provider (limited use) |
| Withdraw Consent | For marketing communications at any time |
To exercise your rights, email: info@onebodyldn.com
16. International Transfers
Your data may be processed outside the UK or EEA where adequate safeguards (e.g. Standard Contractual Clauses) are in place to protect your rights.
17. Automated Decision-Making
We do not carry out any automated decision-making that produces legal or significant effects.
18. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you via our website and/or email when significant updates are made. The latest version will always be available at:
19. Contact Us
If you have any concerns, questions, or data access requests:
📩 Email: info@onebodyldn.com
📍 Post: One Body LDN LTD, 5A Maltings Place, 169 Tower Bridge Road, London, SE1 3JB, UK
If you are unsatisfied with our response, you have the right to lodge a complaint with:
Information Commissioner’s Office (ICO)
📍 Wycliffe House, Water Lane, Wilmslow, SK9 5AF
🔗 https://ico.org.uk/
📞 Helpline: 0303 123 1113