Privacy Policy
Last updated: April 2026
⸻
1. Who We Are
Goddard Chiropractic (“we”, “us”, “our”) is committed to protecting your personal data.
Data Controller:
William Goddard
Goddard Chiropractic Ltd,
Office Suite 1 Maiden Lane Centre,
Lower Earley,
Reading,
Berkshire,
RG6 3HD
Email: in**@********************co.uk
Phone: 0118 966 4431
Website: www.goddardchiropractic.co.uk
We are registered with the Information Commissioner’s Office (ICO) and comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
⸻
2. What Data We Collect
We may collect and process the following categories of personal data:
a) Identity & Contact Data
•Name
•Email address
•Phone number
•Address
⸻
b) Health Information (Special Category Data)
We collect health information where necessary for your care. This may include:
•Medical history
•Symptoms and presenting complaints
•Examination findings
•Treatment records
•Diagnostic imaging, including X-rays (where clinically justified)
•Reports and recommendations
Health data is treated as special category data and is handled with additional safeguards in accordance with UK GDPR.
⸻
c) Booking & Payment Data
•Appointment details
•Online bookings (e.g. via Cliniko)
•Payment confirmations (processed securely via third parties)
⸻
d) Technical & Usage Data
•IP address
•Device and browser type
•Pages visited and usage behaviour
⸻
e) Marketing & Communication Data
•Preferences for receiving marketing
•Email engagement data (e.g. opens and clicks via Mailchimp)
⸻
3. How We Collect Your Data
We collect your data when you:
•Book appointments online or in person
•Complete website forms
•Contact us by phone, email, or social media
•Subscribe to marketing communications
•Use our website (via cookies and analytics tools)
⸻
4. How We Use Your Data
a) Healthcare Services
•Assess, diagnose, and provide chiropractic care
•Maintain accurate clinical records
Legal basis:
•Contract (Article 6(1)(b))
•Healthcare provision (Article 9(2)(h))
⸻
b) Appointment Management
•Booking confirmations and reminders
•Follow-ups and administration
Legal basis: Contractual necessity
⸻
c) Marketing Communications
We may send you:
•Clinic updates
•Health information and educational content
•Promotions and special offers
Compliance (ASA & PECR):
•We only send marketing via email/SMS with your consent, or where “soft opt-in” applies
•All communications include an unsubscribe option
•We do not make misleading or unsubstantiated medical claims
•Content is informational and not a substitute for personalised medical advice
Legal basis: Consent or legitimate interests (where permitted)
⸻
d) Website Analytics
•Improve website performance and user experience
•Measure marketing effectiveness
Legal basis: Consent (via cookie banner)
⸻
e) Legal & Regulatory Requirements
•Compliance with healthcare and legal obligations
•Record keeping
⸻
4A. Use of X-rays
We may use diagnostic X-rays where clinically justified to assist in assessment and management.
•X-rays are not taken routinely for every patient
•Decisions are based on clinical need and professional judgement
•X-rays form part of your healthcare record
We comply with relevant legislation including the Ionising Radiation (Medical Exposure) Regulations 2017 (IR(ME)R).
⸻
5. Cookies & Tracking Technologies
We use cookies to improve your experience.
Types of cookies:
•Essential cookies – required for website functionality
•Analytics cookies – e.g. Google Analytics
•Marketing cookies – used for campaign tracking and remarketing
You can accept or reject non-essential cookies via our cookie banner.
⸻
6. Third-Party Services
We use trusted third-party providers, including:
•Cliniko – patient management and online booking
•Mailchimp – email marketing campaigns and engagement tracking
•Google Analytics – website usage analysis
•Worldpay – payment processing
•Stripe – secure online payments
These providers act as data processors and are required to protect your data.
Payment Security:
We do not store card details. Payments are processed securely in accordance with industry standards (PCI-DSS).
⸻
7. Data Sharing
We do not sell your data.
We may share your data with:
•Healthcare professionals involved in your care
•Service providers (listed above)
•Regulatory or legal authorities where required
⸻
7A. Staff Access & Confidentiality
Your personal data, including clinical notes and X-rays, is accessed only by authorised team members where necessary.
This may include access via systems such as Cliniko by:
•Chiropractors and healthcare practitioners
•Sports therapists or rehabilitation staff (where relevant)
•Reception and administrative team members
We ensure that:
•Access is role-based and limited
•All staff are bound by confidentiality obligations
•Staff receive data protection training
⸻
8. Data Retention
We retain data only as long as necessary:
•Clinical records (including X-rays): minimum 8 years
•Children’s records: until age 25 (or 26 if 17 at end of care)
•Marketing data: until you unsubscribe
•Analytics data: typically up to 26 months
⸻
9. Your Rights
You have the right to:
•Access your data
•Correct inaccurate data
•Request deletion (where applicable)
•Restrict or object to processing
•Withdraw marketing consent at any time
Contact: in**@*******************co.uk
⸻
10. Data Security
We implement appropriate measures including:
•Secure systems and encryption
•Restricted access controls
•Staff training and confidentiality policies
⸻
11. International Transfers
Some providers (e.g. Mailchimp and Stripe) may process data outside the UK.
Where this occurs, appropriate safeguards are in place, such as:
•Standard Contractual Clauses
•Adequacy decisions
⸻
12. Marketing & Advertising Standards
All marketing by Goddard Chiropractic:
•Is truthful and not misleading
•Avoids unsubstantiated claims
•Does not guarantee outcomes
•Is for general information only
Patients should always seek personalised advice.
⸻
13. Complaints
If you have concerns, please contact us first.
You may also contact:
Information Commissioner’s Office (ICO)
