FlexAura Home Physio UK Ltd ("we", "us", or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and share your information when you use our website, mobile applications, and physiotherapy booking services. We are registered in England & Wales and operate in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Information We Collect
We may collect and process the following categories of personal data:
Information you provide directly
- Full name, email address, phone number, and postal address when you create an account or make a booking
- Health and medical information relevant to your physiotherapy treatment, including injury details, medical history, and GP referral information
- Payment and billing information processed securely through our third-party payment provider
- Professional qualifications, HCPC registration details, and DBS check information (for physiotherapists joining our platform)
- Communications you send to us, including enquiries, feedback, and support requests
Information collected automatically
- Device information such as IP address, browser type, operating system, and screen resolution
- Usage data including pages visited, time spent on the site, and referral sources
- Location data (with your consent) to help match you with nearby physiotherapists
- Cookie data and similar tracking technologies (see Section 6 below)
2. How We Use Your Information
We process your personal data for the following purposes and under the corresponding lawful bases:
- Contract performance: To facilitate bookings between patients and physiotherapists, manage your account, and process payments
- Legitimate interests: To improve our services, analyse usage patterns, prevent fraud, and ensure platform security
- Consent: To send you marketing communications, newsletters, and personalised recommendations (you may withdraw consent at any time)
- Legal obligation: To comply with applicable UK laws, regulations, and requests from regulatory bodies including the HCPC and ICO
- Vital interests: To process special category health data necessary for the provision of physiotherapy services and safeguarding purposes
3. Data Sharing
We do not sell your personal data. We may share your information with the following parties only when necessary:
- Physiotherapists: Relevant booking and health information is shared with your assigned physiotherapist to enable them to provide appropriate treatment
- Payment processors: Secure payment information is processed by our PCI DSS-compliant payment provider; we do not store full card details
- Service providers: Trusted third-party providers who assist with email delivery, analytics, hosting, and customer support, all bound by data processing agreements
- Regulatory and legal bodies: Where required by law or to protect the rights, safety, or property of our users and our business
If we transfer personal data outside the UK, we ensure appropriate safeguards are in place in accordance with UK GDPR requirements, such as Standard Contractual Clauses or adequacy decisions.
4. Data Security
We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it. These include:
- Encryption of data in transit (TLS/SSL) and at rest
- Strict access controls and role-based permissions for staff and contractors
- Regular security audits, vulnerability assessments, and penetration testing
- Secure cloud infrastructure with data hosted within the UK or EEA where possible
- Staff training on data protection and information security best practices
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Health-related records are retained in accordance with NHS and professional body guidelines.
5. Your Rights Under UK GDPR
Under the UK General Data Protection Regulation, you have the following rights in relation to your personal data:
- Right of access: Request a copy of the personal data we hold about you
- Right to rectification: Request correction of inaccurate or incomplete personal data
- Right to erasure: Request deletion of your personal data where there is no compelling reason for its continued processing
- Right to restrict processing: Request that we limit the processing of your personal data in certain circumstances
- Right to data portability: Request transfer of your personal data to another organisation in a structured, commonly used format
- Right to object: Object to processing of your personal data, including for direct marketing purposes
- Right to withdraw consent: Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing
To exercise any of these rights, please contact us using the details in Section 7 below. We will respond to your request within one month. If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
6. Cookies
Our website uses cookies and similar technologies to enhance your experience. Cookies are small text files stored on your device that help us understand how you use our site.
Types of cookies we use
- Strictly necessary cookies: Required for the website to function, including session management and security. These cannot be disabled.
- Analytical cookies: Help us understand visitor behaviour and improve our services. We use privacy-focused analytics tools.
- Functional cookies: Remember your preferences such as language, region, and display settings.
- Marketing cookies: Used to deliver relevant advertisements and measure campaign effectiveness. These are only set with your explicit consent.
You can manage your cookie preferences through your browser settings or our cookie consent tool. Disabling certain cookies may affect the functionality of our website.
7. Contact Information
If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or have concerns about how we handle your personal data, please contact us:
We are registered with the Information Commissioner's Office (ICO) as a data controller. If you are unsatisfied with our response to a data protection concern, you may contact the ICO directly at ico.org.uk/make-a-complaint.
8. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will notify you by updating the "Last updated" date at the top of this page and, where appropriate, by email or prominent notice on our website. We encourage you to review this policy periodically.