FoRest Osteopathy

Book Now

Privacy Policy

Last updated: (16/01/2026)

FoRest Osteopathy (“we”, “our”, “us”) is committed to protecting your privacy and handling your personal information safely and lawfully. This Privacy Policy explains what personal information we collect, how we use it, how it is stored, and your rights under UK data protection law, including the UK GDPR and the Data Protection Act 2018.

  1. Who We Are
    FoRest Osteopathy5 Crosskirk Crescent, Strathaven, ML10 6FGWebsite: forestosteo.uk

FoRest Osteopathy is the Data Controller for the personal information we collect and process.

  1. What Information We Collect
    We collect personal information necessary to provide safe healthcare. This may include:
    Personal Contact Information
    · Name
    · Date of birth
    · Address
    · Telephone number
    · Email address
    · Emergency contact details (if provided)
    Health & Medical Information
    This may include:
    · Medical history & medications
    · Relevant test results or reports
    · GP or consultant details
    · Lifestyle factors relevant to treatment
    · Case notes and treatment records
    Appointment Information
    · Appointment history
    · SMS/email reminder preferences
    · Cancellation/rescheduling details
    Technical & Website Data (if applicable)
    · Cookie or analytics data (if used — please ask if you need help writing a cookie policy)

We do not collect financial card data online as we do not currently take online payments.

  1. How We Collect Information
    We collect information through:
    · Online booking via Cliniko
    · Phone, SMS, or email communication
    · In-person consultations and medical history taking
    · Website contact forms (if applicable)
    · Referrals from other healthcare providers (with your consent)
    1. Lawful Bases for Processing
      Under UK GDPR we rely on the following lawful bases:
      Healthcare Provision
      · Legitimate Interests (Article 6(1)(f)) – providing osteopathic care
      · Provision of Health Care (Article 9(2)(h)) – processing special category health data
      Administrative Communications
      · Legitimate Interests for appointment confirmations and reminders
      Consent
      We will seek explicit consent for:
      · Contacting you for marketing (if applicable)
      · Sharing information with third parties (unless legally required)

    You may withdraw consent at any time.

    1. How We Use Your Information
      We use your information to:
      · Provide safe osteopathic assessment and treatment
      · Maintain accurate medical and clinical records
      · Communicate regarding bookings, reminders, and changes
      · Refer you to other healthcare providers (only with your consent)
      · Comply with legal and regulatory obligations

    We do not sell or share your data for commercial purposes.

    1. Appointment Reminders
      We send SMS and/or email reminders to reduce missed appointments.

    This processing is carried out under Legitimate Interests.

    1. Sharing Your Information
      We may share your information only when necessary:
      Healthcare Providers
      With your consent, for example when:
      · Referring to your GP, consultant, or other therapist
      Software Processors
      We securely use:
      · Cliniko (for bookings, clinical notes and communication)
      These processors act on our instruction and comply with GDPR standards.
      Legal Requirements

    We may share data without consent if required by law (e.g. safeguarding concerns).

    1. Data Storage & Security
      All clinical records and personal data are stored securely.
      Electronic records are held in Cliniko, which is GDPR compliant and uses secure encrypted servers.
      We take appropriate measures to protect data from:
      · Loss
      · Misuse
      · Unauthorised access
      · Disclosure or alteration

    Paper records (if used) are stored securely and access restricted.

    1. Data Retention
      To comply with medical record retention rules:
      · Adult treatment records: kept for 8 years after last treatment
      · Children’s records: kept until age 25, or 8 years after last treatment (whichever is longer)

    After this period, data is securely destroyed.

    1. Your Rights
      Under the UK GDPR you have the right to:
      · Access your personal data
      · Correct inaccurate data
      · Request data erasure (in some circumstances)
      · Restrict or object to processing
      · Request transfer of data (data portability)
      · Withdraw consent (where consent is used)

    Requests will be responded to within one calendar month.

    1. International Transfers
      Cliniko may store data on servers located outside the UK. We ensure adequate protections are in place under GDPR, such as:
      · Standard contractual clauses
      · Approved transfer mechanisms

    Details can be provided on request.

    1. Complaints
      If you are unhappy with how we handle your data, please contact us first so we can resolve the issue.
      You also have the right to complain to the UK supervisory authority:

    Information Commissioner’s Office (ICO)ico.org.uk

    1. Contact Us
      If you have questions about this Privacy Policy or wish to exercise your rights, contact:

    Data Controller: FoRest OsteopathyAddress: 5 Crosskirk Crescent, Strathaven, ML10 6FGWebsite: forestosteo.uk

    End of Policy