Privacy notice

Injury Rehab.  Injury Rehab is not a company in its own right.  Ciaran McCoole Physiotherapy a sole trader business with administration and other physiotherapy staff are those to be included in this policy.

Other practitioners who work at this location, Units 3, 4 and 4a The Arcade, 18 Abbey Road, London NW8 9LL,  are responsible for their own data protection and no information is accessed or shared with these practitioners in any way as to threaten the GDPR rules affective 25th May 2018. 


Purpose of our privacy notice

Ciaran McCoole Physiotherapy is committed to preserving and protecting your personal data.  This privacy notice explains when and why we collect personal information about you (or anyone you may have provided us with information about eg your child), how we use it and keep it secure.  It provides information about the rights this policy relates to.

 In this policy, “personal information” means any personal data provided to us by you, or on your behalf, for the purpose of our service to you.

We reserve the right to amend the Privacy Policy/Notice from time to time without prior notice. You are advised to check our website on a regular basis for any amendments, these will not be done retrospectively.

We will always comply with the General Data Protection Regulation (GDPR) when dealing with your personal information.  Details about GDPR may be found at  For purposes of GDPR we are the “Data Controller” of all the personal data held about you.

Should you need any help or advice about this Notice/Policy or any personal information we may hold about you, please contact us at:

Injury Rehab (Ciaran McCoole Physiotherapy) 4 The Arcade, 18 Abbey Road, London, NW8 9LL

Email or call 02072662368.


Information we collect and how

Standard Personal Information

Name ,Address(es), Post code, Telephone number(s),Email address,Date of birth,

Referral Source GP/Consultant/personal

Next of kin or similar contact details

Current activity ie marathon training or gym activity

Financial details, that relate to payment of our services.

Account/Membership details, that relate to your PMI (Private Medical Insurance) cover.


Special Category information

This may include personal information that relates to

Race, Ethnic Origin, Religion, Genetics,Health, both physical and mental health

Medication, Medical Imaging/Investigations

Special Category Information related to health can include (not limited to) clinical notes, examination findings, medical imaging data relating to your care, diagnostic test results, correspondence and communications from other clinical specialists/professionals which relate to your current or past medical care.


We will collect personal and special category information from you or other third parties by:

Face to face consultations, communications by telephone, email, skype or post with you.

Your parent/guardian if you are under 18 years of age.

An interpreter acting on your behalf.

A family member or someone acting on your behalf.

From communications via email, skype, whatsapp, telephone or post with clinicians and therapists involved in your care.

From your Private medical insurer or referring source eg referral letter.


Purpose for which we use your data

To register you as a new client/customer.

To provide physiotherapy treatment.

To assess you and administer the correct treatment.

To manage fees and payments.

To collect/recover money you owe us.

Asking you to leave a review or complete a survey.


Data Storage

We will store your data to the extent that we are required to by law.  A patient’s file will be retained for 8 years from the date of the last treatment and in the case of minors until their 25th Birthday.

Paper records are stored in secure locked cabinets and only accessible by clinic staff of Ciaran McCoole Physiotherapy.  Keys for these cabinets and all storage units containing information related to your data are stored in a key code lock box within the clinic.  Only clinic staff have access to these passwords and codes.

Computer records, databases and our clinical software package containing your data are all password protected on our IT equipment  (desktops and laptops) which have been encrypted.  All computers are protected with Bit Defender Endpoint Anti Virus Protection.  We use PPS (Private Practice Software, host and backup our patient practice software which is managed by Rushcliff Ltd.  All data processing conducted by them is conducted within the EU.


How we protect he security of your personal data

We will take reasonable technical and organizational precautions to prevent the loss, misuse or alteration of your personal information. Computer screens lock and require passwords after 2 minutes if left unattended.  All filing cabinets are locked and keys stored in a locked key code box and in a locked clinic when out of clinic hours.  You acknowledge the information over the internet is inherently insecure and we cannot guarantee the security of information sent over the internet.

Our clinical and administrative staff are trained in the appropriate handling of personal data and how to respond to a data security breach.

We will advise you, without undue delay should we think there has been any breach of your personal data which may expose you to serious risk.


Your Legal Rights

You have the right to:

Access your personal data by a SAR (Subject Access Request)

Request a correction to the personal data we hold about you.

Be provided with information about how your data is processed and used.

Request erasure of your personal data held by us.

Object to or restrict how your personal data is processed.

Request a transfer of your personal data to you or a third party.


Time limit to respond

We try to respond to all legitimate requests within one month.


Your right to complain

You have the right to make a complaint about how we process your personal data direct to the ICO but we would prefer if you would discuss it with us first. 

You can get further information here:

Copyright © Injury Rehab 2012 All Rights Reserved.