Context

In the UK there are relevant Data Protection Obligations. Data Protection Legislation means all applicable legislation in force from time to time in the United Kingdom applicable to data protection and privacy including, but not limited to, the UK GDPR; the Data Protection Act 2018 (and regulations made thereunder); and the Privacy and Electronic Communications Regulations 2003 as amended;

We have put together this privacy statement to give our clients more information about what we do with your personal data and the rights you have as an individual in relation to the data that we hold for you.

This policy will explain what data we hold, how we use your data, and how we take measures to ensure the data held is kept securely and safely.

Your Rights

Balanced Bodies will ensure that it treats personal information lawfully and correctly. To this end, we fully endorse and adhere to the principles and your rights as set out in the UK GDPR as outlined below:

  • Your personal data shall be processed fairly and lawfully and shall not be processed unless specific conditions are met.
  • Your personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
  • Personal data collected shall be adequate, relevant and not excessive in relation to the purpose or purposes for which it is processed.
  • Personal data shall be accurate and, where necessary, kept up to date.
  • Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes (see Retention Periods later in this statement for details).
  • Personal data shall be processed in accordance with the rights of data subjects under UK GDPR, GDPR and the Data Protection Act 2018.
  • Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
  • Personal data shall not be transferred to a country or territory outside of the UK unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data or contractual clauses are in place to ensure that data is stored with a level of protection at least equal to that provided under UK GDPR.

Furthermore, under the UK General Data Protection Regulations (UK GDPR) you have the right to:

  1. The right to be informed about what data is being held about you and how it is processed and managed which has been clearly outlined within this privacy statement.
  2. You have the right to request a copy of any of your Personal Data that We hold (where such data is held). Under the Data Protection Legislation, no fee is payable, We are required to reply to you within one month, and we will provide any and all information in response to your request free of charge, provided the request is reasonable. If We require clarification to help Us locate the information you are seeking, We may pause the one-month response period until We receive that clarification. We will also carry out a search that is reasonable and proportionate based on the scope and nature of your request. 
  3. The right to rectification if the data that is held about you is inaccurate or incomplete and you can request this to be undertaken by contacting us.
  4. The right to request the erasure of the data we hold for you, which is also known as the right to be forgotten. To request the right of erasure please contact us. If there are legal or professional reasons why data needs to be retained, it may not be possible for us to erase your data. If this is the case, we will write to you to let you know.
  5. The right to restrict the processing of the data we hold upon you. This means not deleting the data we hold upon you but placing certain restrictions or total restrictions on how we process it. To request the restriction of processing please contact us.
  6. The right to data portability to receive the data we hold on you in an open-source format such as in a CSV format. To request the data we hold in such a format, please contact us 
  7. The right to object to the way your data is being held, processed or managed and you can do so by contacting us.
  8. Rights in relation to automated decision making and profiling to be outlined to you. Currently, Balanced Bodies does not undertake any form of automated decision making.

What Data Is Held

Balanced Bodies holds the following data for legitimate client communication regarding booking initial / follow up appointments and to comply with the current legislation.

  • First name
  • Last Name
  • Email address and/or telephone number
  • Address where applicable
  • Date of Birth
  • Medical History / Medical Records as shared by you the client.

Balanced Bodies holds the following data for invoicing purposes:

  • First name
  • Last Name
  • Email address and/or telephone number
  • Address where applicable.

Data Storage and Data Sharing

Balanced Bodies takes the security of your information seriously. Only your Therapist and / or instructor will have access to your data for the purposes specified in this privacy statement. Your data may sometimes be shared with third parties such as other health care professional’s e.g. referrals to a GP or a consultant for further imaging or investigation, which would be always be discussed primarily with you before doing so.

Any data collected will be clearly outlined to clients at the point of data collection and will only be kept in locations for the length of time required to process such information for its intended purpose. Any handwritten notes are stored and used in a confidential manner and confidentially disposed of after the intended purpose.

Balanced Bodies uses the following UK GDPR compliant systems to store and / or process data:

  • Gmail for email correspondence, calendar and contact software.
  • Sports Injury Fix and Cliniko for patient notes storage, calendar and contact software.
  • Zoom and YouTube for recordings of OnDemand sessions.
  • Cliniko for patient notes storage, calendar and contact software.
  • GymCatch for class participant notes storage, calendar and contact software.
  • Rehab my Patient for client rehabilitation programmes, contact software, email correspondence.
  • Mail Chimp for managing newsletters.
  • QuickBooks for accounting / invoicing purposes.
  • Instagram, LinkedIn, Whats App, SMS and Facebook for marketing & communications purposes.
  • Stripe to process online payments. Sum-Up for in clinic card payments.
  • Zoom, Whats App, Face Time and Facebook for video conversations.
  • Eventbrite for ticket handling for events.

Our use of your personal data will always have a lawful basis, either because it is necessary for our performance of a contract with you, because you have consented to our use of your personal data (e.g. because you have shared sensitive data with us), because it is necessary to fulfil a legal obligation, because it is necessary to protect the vital interests of you or someone else or because it is in our legitimate interests.

Retention Periods

Medical/Health records are retained by Balanced Bodies for 7 years to meet requirements set by HMRC and to comply with our insurance (Balens). Handwritten notes are retained and stored securely for a maximum of 12 months.

Complaints

If you have any concerns about how We collect or use your personal data, We encourage you to Contact Us in the first instance. We can try to resolve the issue. We aim to respond to all complaints within 30 days. Where your concern is complex or requires more time, We will let you know and keep you updated on progress.

If you are not satisfied with Our response, or if you would prefer not to speak to Us first, you can contact the UK’s data protection authority: Information Commissioner’s Office (ICO) www.ico.org.uk

We keep this policy under regular review and will update it where necessary to reflect changes in the law or Our data practices. Any updates will be added to this policy. This policy was last updated on 19th August 2025.