Privacy Policy

​Last updated: 26th April 2026

At White Cliffs Chiropractic, your privacy and confidentiality are fundamental to the care we provide. This policy explains how we collect, use, and protect your personal data in line with the UK GDPR and the Data Protection Act 2018.

​

1. Who We Are

​

White Cliffs Chiropractic is the data controller responsible for your personal data.

Address: 6, St. George's Passage, Deal, Kent, CT14 6TA
Email: 
Phone:

​​

2. What Data We Collect

​

To provide safe and effective chiropractic care, we may collect:

​​

Personal Information​

• Name, date of birth, address

• Phone number and email

• Emergency contact details

​​

Health Information (Special Category Data)​

• Medical history and symptoms

• Physical examination findings

• Posture and movement assessments

• X-rays (if clinically required)

• Care plans and clinical notes

• GP details (if relevant to your care)

 

This information is classified as special category data under data protection law and is handled with the highest level of confidentiality and security.

​​

3. How We Collect Your Data​

​

We collect your information:

• Through website forms and booking systems

• During consultations and examinations

• Via email, phone, or in person

• Through cookies and website analytics

​​

4. Why We Process Your Data​

​​

We use your data to:

• Provide chiropractic care tailored to your needs

• Maintain accurate clinical records

• Communicate with you about appointments and care

• Process payments

• Meet legal and regulatory obligations

• Improve our services

​​

5. Lawful Basis for Processing​

​​

We process your data under:

• Contract – to provide healthcare services

• Legal obligation – for record keeping and compliance

• Legitimate interests – to operate and improve our clinic

• Consent – for marketing communications

​

For health data, we rely on:

• Provision of healthcare and treatment

​​

6. Data Storage and Security​

​​

Your information is stored securely using:

• Encrypted and password-protected systems

• Secure practice management software (e.g. PracticeHub)

• Restricted staff access

• Locked storage for any paper records

 

We regularly review our security measures to prevent unauthorised access.

​

7. Use of Ai-Assisted Note Taking

​

We may use secure, AI-assisted clinical documentation tools (such as Heidi AI) to support accurate and efficient record keeping during consultations.

​

These systems are used solely to:

• Assist in documenting clinical findings

• Improve the accuracy and completeness of patient records

• Allow practitioners to focus more fully on patient care

 

Any information processed through these systems:

• Is handled securely and confidentially

• Is only used for the purpose of your care

• Is processed in accordance with data protection laws

​​​

8. How Long We Keep Your Data​

​

We retain records in line with UK healthcare guidance:

• Adults: Minimum of 8 years after your last visit

• Children: Until age 25 (or longer if required)

​​

9. Sharing Your Information 

​

We do not sell your personal data.

​​

We may share your information with trusted third parties where

necessary, including:

• Practice management systems (e.g. PracticeHub)

• Payment providers (e.g. Stripe)

• IT and website service providers

• Marketing service providers (for example, to manage our website, advertising, or communications)

• Regulatory or legal authorities if required

• Clinical documentation and note-taking providers (for example, AI-assisted systems used to record and structure clinical notes during consultations

​

All third parties are required to:

• Only process your data on our instructions

• Keep your data secure

• Comply with data protection laws

 

Where data is transferred outside the UK, appropriate safeguards are in place

​​

10. Confidentiality & Duty of Care

​​

Your information is treated as strictly confidential.

However, we may disclose information without consent if required to:

• Protect your safety or the safety of others

• Comply with legal obligations

• Safeguard vulnerable individuals

​​

11. Your Rights​

​​

Under the UK GDPR, you have the right to:

• Access your personal data

• Correct inaccurate information

• Request deletion (where appropriate)

• Restrict or object to processing

• Transfer your data

• Withdraw consent at any time

 

You can also lodge a complaint with the Information Commissioner's Office (ICO).

​​

12. Marketing Communications​

​

We will only contact you for marketing purposes if you have opted in.

You can unsubscribe at any time.

​​

13. Cookies​

​

Our website uses cookies to:

• Improve functionality

• Analyse website usage

• Enhance your experience

 

You can control cookies through your browser settings.

​​

14. Third-Party Links​

​

Our website may include links to external websites.
We are not responsible for their privacy practices.

​​

15. Changes to This Policy​

​

We may update this policy periodically.
The latest version will always be available on our website.

​​

16. Professional Standards​

​

We handle your data in accordance with professional expectations set by the General Chiropractic Council and maintain strict patient confidentiality at all times.