Privacy Policy

At Spritely Osteopathy we take the privacy of our patients very seriously. We ask that you read this privacy policy carefully as it contains important information about how we use your personal data. For the purposes of General Data Protection Regulation (GDPR) of 2018, “we” or “us” refers to the controller of the company whom is Melissa Brown as well as the individuals or processors of data providing care to patients.

Personal Data we may collect about you

We obtain personal data about you such as your name, date of birth, email address and phone number. In addition to taking a case history about a presenting problem we may obtain sensitive information about you. This information is used in the overall decision making of your care and providing that there is good reason can be read by any of the osteopaths working at Spritely Osteopathy.
We may monitor your use of our website and social media pages through the use of cookies and similar tracking devices. For example, we may monitor how many times you visit, which pages you go to, traffic data and location data.

How we use your personal data

We will assume implied permission to contact you if specifically liaising on your booking or your care. We will no longer include you in an email attaching a newsletter unless you have ‘opted in’.

• To contact you if an appointment needs to be rescheduled.
• So our on-line booking system can notify you of your appointment details
• To formulate a diagnosis of your problem taking into consideration other factors in your life and general health
• So we can send you a very occasional update which may be of help to you
• Research statistical analysis and auditing for monitoring patient care. This information helps us understand the overall pattern of the users of the site but does not identify you individually

Marketing and opting out

If you have given us permission, we may contact you by email, text, mail or telephone about updates or new services. Traditionally, we don’t do this (we have sent one newsletter in seven years) and do not plan to unless there is a significant change such as in staff or if we can make booking or amending an appointment easier for you. From May 25th 2018 we will not send you this information in an email newsletter unless you have ‘opted in’ which we will ask you in consultation in the form of a documented record.

Disclosure of your personal data

• Your personal case history file will only be seen by osteopaths working at Spritely Osteopathy.
• Your contact details are accessible by those working for Spritely Osteopathy as well as external service providers which are bound by GDPR.

Confidentiality agreements have been signed by all our osteopaths as well as our I.T. consultant. The latter only having access to your contact details and not your medical/osteopathy record.

We use third party companies which are GDPR compliant.

Keeping Your Data Secure

We will use technical and organisational measures to safeguard your personal data such as:

• Storing your personal file in a locked filing cabinet within a clinic room which is electronically locked when not in use. The clinic room is within a patrolled building that needs access for entry.
• Storing your contact details on secure servers
• Using external service providers that have given assurance of their compliance to GDPR
• Ensuring all our osteopaths have password/code protection on their computer interfaces so your contact details are not accessible to a third party
• Changing our passwords on our computers as well as our external service providers regularly
• While we use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the internet is not entirely secure and so we cannot guarantee the security or integrity of any personal data completely.

All notes are locked within the filing cabinet of a locked clinic room. Notes will be kept for a minimum of 8 years after a patient’s last appointment or until a child turns 25 years of age if this is longer. Notes will be shredded when no longer stored.

We will continue to update and synchronise all patient contact details that are stored. Letters and emails will not be sent out if there is doubt on the recipient receiving our communication.

Information about other individuals

If you give us information on behalf of someone else, you confirm that the other person has appointed you to act on his/her behalf and has agreed that you can:

• Give consent on his/her behalf to the processing of his/her data
• Receive on his/her behalf and data protection notices

Your rights

You have the right to request access to your personal data by doing the following:

• put your request in writing/email
• include proof of your identity and address (eg: a copy of your driving licence or passport)
• specify the personal data you would like access to

We have up to one month to provide you with these details.

You have the right to require us to correct any inaccuracies. If you would like to exercise this right, you should:

• put your request in writing/email
• provide us with enough information to identify you (eg: full name)
• specify the information that is incorrect and what it should be replaced with

You also have the right to ask us to stop processing your personal data for direct marketing purposes. If you wish to exercise this right, you should:

• put your request in writing (an email sent to with a header that says “Unsubscribe”
• provide us with enough information to identify you (eg: full name)
• specify the channel/s of communication which you object to being contacted by such as telephone or email. We do not send out post. You can also ask us to erase you records providing the legal minimum period has elapsed.

We take your privacy very seriously and want you to be confident that we are treating your personal data responsibly and that the only people who can access your data have a legitimate need to do so. If you feel that we are mismanaging your personal information you have the right to complain.