Privacy Policy | Chiro Services

Privacy Policy – Chiro Services

Introduction

Chiro Services (“we”, “us”, or “our”) is committed to safeguarding your personal data and maintaining your trust. This privacy policy outlines how we collect, use, store, and protect your information in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable laws.

Who We Are

Chiro Services provides chiropractic and wellness services, along with associated goods and administrative functions, including an online shop and educational outreach.

Email: chiroservicesltd@gmail.com
Website: https://www.chiroservices.co.uk (assumed)

What Personal Data We Collect

We may collect and process the following types of personal information:

Basic identifiers: Names, addresses, contact details, date of birth
Health data: Medical history, allergies, health and safety information
Financial data: Payment details (card/bank), account information
Special category data: Racial or ethnic origin, genetic and biometric data, health data, sex life and sexual orientation
Operational and service data: Purchase and account history, loyalty programme info, complaints and compliments, recruitment information
Technical data: Website usage, user journeys, cookies
Media: Photographs, video footage (e.g. CCTV), call recordings
Documentation: Identification documents, records of meetings and decisions

Purposes of Processing

We collect and process data to:

Provide chiropractic services and associated goods
Manage client records, service bookings, and contracts
Operate customer accounts, warranties, and loyalty programmes
Process payments and maintain financial records
Comply with regulatory and legal obligations (e.g. General Chiropractic Council requirements)
Protect health and safety
Handle complaints, disputes, or insurance claims
Manage recruitment and employment
Conduct research and service improvement
Prevent and investigate crime or fraud
Deliver marketing communications (with consent)

Lawful Bases for Processing

Our legal bases for collecting and processing data include:

Consent: Where we have received clear permission from you (e.g. for marketing or sharing sensitive data)
Contract: Where data is necessary to fulfil or enter into a contract
Legal Obligation: To comply with legal duties (e.g. for financial recordkeeping or clinical governance)
Legitimate Interest: For activities such as internal reporting, service improvement, and non-intrusive marketing, balanced with your rights
Vital Interests: To protect life in emergency or health-related situations
Public Task: For tasks under official authority, such as regulatory compliance with the General Chiropractic Council

Legitimate Interests Assessment

Where we rely on legitimate interest, we have conducted balancing assessments to ensure the data we collect is necessary, proportionate, and not overridden by your rights. For example, CCTV or contact history may be retained for service improvement and safeguarding purposes.

Where We Get Your Data

We obtain data from:

You directly via bookings, forms, communications, or consent
Health care providers for referrals or continuity of care
Schools, universities, and training providers
Publicly available sources (e.g. social media, directories)
Insurance providers, where relevant to claims or coverage

Sub-Processors and Third Parties

We use the following service providers (processors) to help manage and operate our business:

Wix via Printful – for online shop platform and fulfilment
QuickBooks – for future accounting and invoicing
Mailchimp – for newsletters and marketing communications
Insurance Companies – for coverage and claim support
Healthcare Providers – for referrals and continuity of care
Regulators and auditors – such as the General Chiropractic Council (GCC)
Legal, professional, and financial consultants

Who We Share Data With

We may share your personal data with the following third parties, when necessary and appropriate:

Health care professionals (e.g. for referrals or collaborative care)
Insurance providers (e.g. for claims or cover validation)
Regulatory and safeguarding authorities (e.g. GCC, emergency services)
Financial and legal advisors
Fraud investigation bodies, auditors, and inspectors
Warranty and guarantee providers
Our website and marketing platforms (e.g. social media where consent is given)

We only share the minimum data necessary and apply strict contractual and access controls.

Data Retention

We retain personal data only for as long as necessary for the purpose it was collected or as required by law, insurance,

or clinical guidelines. This typically ranges from 6–8 years, but may vary depending on the nature of the record (e.g. health, tax, or contractual obligations).

International Data Transfers

Some service providers (e.g. Wix, Mailchimp) may store data outside of the UK. In these cases, we rely on:

Standard Contractual Clauses (SCCs)
UK Addendum
Robust data protection agreements to ensure your information remains protected and handled in accordance with UK GDPR.

Data Security

We take your data protection seriously and have implemented safeguards including:

Encryption of sensitive data
Multi-Factor Authentication (MFA) on supported systems
Access restrictions based on role
Routine monitoring, audits, and backups
Secure file storage and disposal practices

Your Rights

You have the right to:

Request access to the personal data we hold about you
Request correction of inaccurate or incomplete data
Request erasure of your personal data (where permitted by law)
Object to or restrict processing in certain situations
Withdraw consent where processing is based on it
Lodge a complaint with the UK Information Commissioner’s Office (ICO)

How to Complain

If you have concerns about how we handle your data, please contact us first. If we can’t resolve the issue, you may contact:

Information Commissioner’s Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Phone: 0303 123 1113
www.ico.org.uk