Fit4-Physio Limited


Privacy Policy


For the purposes of the General Data Protection Regulations (“GDPR”) and UK data protection laws, and for the purposes of this Privacy Policy;

The Data Processor and Controller is FIT4-PHYSIO Ltd[“we” or “The Company”] of 716 Ecclesall Road, Hallamshire Tennis and Squash Club, Sheffield, S11 8TA.

The client [“you” or “your”] being a customer or potential customer of The Company

A “User” meaning a director or contractor or employee of The Company

About this document

This privacy policy sets out the way we gather and process your personal data, how we use your data and the steps we take to protect your data. There also contains information with regards to your rights We’ve created this privacy policy to make sure you are aware of how we use your, store and access your data and your rights regarding your data.

How we collect your Data

We may collect your personal data in the following ways

  • Directly from you, when you make enquiries over the phone or via email, or when you interact with us during your time at the business, in various other ways (for example, enter a competition online or sign up for an offer)
  • From someone else who has registered with us on your behalf (for example a family member or acquaintance, who has provided us with your contact details for that purpose)

The types of Data we collect

We may collect the following types of personal data about you:

  • Contact and communications information, including your contactdetails. This will include e-mail address(es), telephone numbers and postal address(es), and records of communications and interactions we have had with you;
  • Personal medial and physiotherapy records which will contain data of a sensitive nature
  • Financial information, including Credit Card and Direct Debit details – these are kept only on a cloud-based system only which is managed by First Data. The cloud security of this data is the responsibility of First Data. Financial information is not stored alongside any other data we may hold for you. Fit4-Physio is compliant with financial payments check completed annually.

How we use personal data

Personal data provided to us will be used for the purposes set out at the time of collection and, where relevant, in accordance with any preferences you express.

More generally, we will use your personal data for the following purposes:

  • For compliance with our legal obligations including but not limited to:
    • Maintaining accurate and timely medical records in line with the standards set out by the Health Professions Council and the Chartered Society of Physiotherapy
  • Administration of the The Company’s operations, including but not limited to:
  • Organising and informing you about The Company’s services including classes, events, group sessions and facilities opening hours;
  • Diary management – including management of this by a remote administration team (this team only have access to basic information such as your name and telephone numbers and any details you give to us over the phone or email when making bookings)
  • Research and statistical analysis regarding the day to day use of the The Company’s operations;
  • Communication with you informing you of offers, news (“marketing”) about The Company’s operations and services we think may be of interest to you;
  • Storing your personal details and reasons for attendance on a database for The Company’s financial records. No personal financial information (credit or debit card details) are stored alongside this.

How we store and manage your personal data

  • Medical records from 01/03/2022 onwards will be stored on a secure cloud-based medical records / clinic software system called Clinko. Access to your personal information will be strictly limited to relevant personnel (e.g., only therapists will have access to your medical information).
  • Medical records pre 01/03/2022 are detailed on paper and stored securely in locked filing cabinets behind a locked door. Medical records are stored for 8 years after the last treatment date for adults and 8 years after a child’s 18th Records are then destroyed securely.

This meets our legal obligations in storage and retention of medical records according to the Chartered Society of Physiotherapy

  • Some electronic files containing personal medical information and non-medical information(including but not limited to rehabilitation and exercise sheets, medical referral letters and reports) are stored on a password protected laptop and cloud based password protected shared storage system
  • Financial details are stored on a cloud-based system managed by Fist Data (see above for link to Fist Data and visit their site for their privacy policy) including credit card and debit card payment history records
  • Non medical personal data may be stored on various formats (including but not limited to databases and online mail management software) indefinitely or until we receive your instruction to destroy your records or remove you from any database or mailing list we may hold.


Who has access to your personal data / Sharing your data with others


  • The Company’s Users have full access to medical records. Access is strictly utilised on a need to know basis in line with the Chartered Society of Physiotherapy Standards. Users also have access to personal data (both medical and non-medical) stored on shared password protected cloud-based software.
  • The directors of the company also have full access to limited financial details stored on the First Data cloud-based system used for taking or refunding payments and financial reporting.
  • Third party companies including but not limited to: remote administration team and accounting services, will access personal data relevant to the tasks for which they are contracted by The Company. These third parties are bound by agreements of non-solicitation and will not use your data to contact you directly unless it is relevant to your interaction with The Company.


Your marketing preferences

We will always respect your wishes with respect to the type of communications you wish to receive from us and how you want to receive them (your “marketing preferences”). There are some communications, however, which we may need to send you regardless of your marketing preferences in order for us to fulfil our obligations to you as a customer of The Company

You are in control of how we communicate with you. You can update your marketing preferences and / or your contact details by contacting us at any time.


Your rights

Under certain circumstances, by law you have the right to:

  • Request access to your personal medical records. GDPR regulations suggest such requests should be made in writing and addressed to the Directors of The Company. The timeframe within The Company will meet such a request is 25 days.
  • Request access to your non-medical data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal data which we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below). Note that we have a legal requirement to hold your medical records for specific timeframes (see page 2 of this Privacy Policy)
  • Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes.
  • Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.  You can also withdraw your consent, where this is the basis for our processing your data (without affecting the lawfulness of our previous processing based on consent).
  • Request the transfer of your personal data to another party.

Please note that the above rights are not absolute, and we may be entitled to refuse requests where exceptions apply.

Contact and complaints Contact and complaints

If you have any queries about this privacy policy or how we process your personal data, or if you wish to exercise any of your legal rights, you may contact the Directors of The Company by email at ; by telephone 07938680320; by post Fit4-Physio Ltd, Hallamshire Tennis and Squash Club, 716 Ecclesall Road, Sheffield, S11 8TA.
If you are not satisfied with how we are processing your personal data, you can make a complaint to the Information Commissioner with whom The Company is registered. You can find out more about your rights under applicable data protection laws from the Information Commissioner’s Office website:


Web Related Policy

In this privacy policy references to “we”, “us” and “our” are to Fit 4 Physio. References to “our Website” or “the Website” are to and

What information we collect and how

The information we collect via the Website may include.

1. Any personal details you knowingly provide us with through forms and our email, such as name, address, telephone number etc.

2. Your preferences and use of email updates, recorded by emails we send you (if you select to receive email updates on products and offers).

3. Your IP Address, this is a string of numbers unique to your computer that is recorded by our web server when you request any page or component on the Website. This information is used to monitor your usage of the Website.

4. Data recorded by the Website which allows us to recognise you and your preferred settings, this saves you from re-entering information on return visits to the site. Such data is recorded locally on you computer through the use of cookies. Most browsers can be programmed to reject, or warn you before downloading cookies, information regarding this may be found in your browsers ‘help’ facility.

What we do with your information

Any personal information we collect from this website will be used in accordance with the Data Protection Act 1998 and other applicable laws. The details we collect will be used:

1. To process your order, to provide after sales service (we may pass your details to another organisation to supply/deliver products or services you have purchased and/or to provide after-sales service);

2. In certain cases we may use your email address to send you information on our other products and services. In such a case you will be offered the option to opt in/out before completing your purchase.

We may need to pass the information we collect to other companies for administrative purposes. We may use third parties to carry out certain activities, such as processing and sorting data, monitoring how customers use the Website and issuing our e-mails for us. Third parties will not be allowed to use your personal information for their own purposes.

Your Rights

You have the right to request a copy of any information that we currently hold about you. In order to receive such information please send your contact details including your address to the contact information found here.

Other Websites

This privacy policy only covers this website. Any other websites which may be linked to by our website are subject to their own policy, which may differ from ours.