Last Updated: 07/03/2026

At Ellen Gingell Bespoke Clinical Bodywork, I am committed to protecting your privacy. This policy explains how I collect, use, and protect your personal and health data.

1. Data Controller I, Ellen Gingell, am the ‘Data Controller’ for your information. You can contact me at [email protected]

2. Information I Collect

• Identity & Contact: Name, date of birth, email, and phone number.

• Health Data (Special Category): Medical history, injury details, and treatment notes. This is collected to provide safe and effective clinical treatment.

3. How I Store Your Data Your data is stored securely in Cliniko, a GDPR-compliant practice management system. All devices used to access this data (laptop and mobile) are password-protected. I do not keep paper files.

4. Lawful Basis for Processing I process your contact data under Contract (to manage your booking) and your health data under Health and Social Care (Article 9(2)(h) of UK GDPR) to provide your clinical treatment.

5. Data Retention By law (and for insurance purposes), I am required to retain clinical records for 7 years after your last treatment (or until age 25 for minors). After this period, data is securely deleted.

6. Your Rights You have the right to access your data, request corrections, or ask for data to be deleted (subject to legal retention periods). To make a request, please contact me directly. You also have the right to complain to the ICO (ico.org.uk).