Indergaard Physiotherapy

Privacy & UK GDPR Policy

September 2023

This Privacy & GDPR Policy 2023 describes Indergaard Physiotherapy practices regarding the collection, use and disclosure of the information we collect from and about you when you use Indergaard Physiotherapy’s website, mobile applications, social media, products, and services. 

By accessing or using the services, you agree to this policy.


This Policy contains the following sections:


Indergaard Physiotherapy collects a variety of information that you provide directly to us. We process your information, when necessary, to provide you with the services that you have requested when accepting our Terms of Service, or where we have obtained your prior consent, or where we have a legitimate interest to do so. For example, we may have a legitimate interest to process your information to be able to provide treatment, invoice & billing, and enhancement purposes of the services we provide to you, or for analytics, research, and reporting purposes. Without your information, we cannot provide you with the services you have requested or you may be limited in your use of the services.

1. Information You Provide to Us

Indergaard Physiotherapy collects information from you through

  • Patient Enquiries and Registration.
  • Indergaard Physiotherapy services that you use.
  • Requests or questions you submit to us via forms or email (e.g., website enquiries, Website chat enquiry, direct email, Facebook messenger).
  • Your communications and dealings with us.
  • Your participation in Indergaard Physiotherapy sweepstakes, contests, or research studies.
  • Uploads or posts to social media, website & use of service.
  • Requests for information through 3rd parties or 3rd party referral assistance.

Information from and about you:

The types of information we collect will depend upon the services you use, how you use them, and what you choose to provide.
The types of data we collect directly from you may include: Name, address, D.O.B, telephone numbers, and email address.
Optional information may include photographs, patient relationships, referral sources, etc.
Log-in details and password, if you create a Indergaard Physiotherapy account.
Any email requests or questions you submit to us.
Demographic information such as your gender, age, etc.
User-generated content you post in public online platforms.


We are required to generate records of all treatments provided. Legally all data must be kept for a period no shorter than seven years.

This does not impede your right to be forgotten. We are able to archive your content upon your request but your patient records and notes must be kept in line with legal requirements

Your records are stored either:

On paper (for patients before 2023), in a locked filing box stored securely within my home office.

Electronically (“in the cloud”), using a specialist medical records service (Cliniko). This provider has given me their assurances that they are fully compliant with the General Data Protection Regulations. Access to this data is password protected, and the passwords are changed regularly.

2. Information We Automatically Collect

When you use our services that connect to the Internet, including, but not limited to, when you access the services via our website, your mobile devices, any Indergaard Physiotherapy software/applications, we automatically collect certain information as described in this Section.

As discussed further below, we and our service providers (which are third-party companies that work on our behalf to provide and enhance the services) use a variety of technologies, including cookies and similar tools, to assist in collecting this information.

Log Files:

When you use the services, our servers automatically record certain information in server logs. These server logs may include information such as your web request, Internet Protocol (“IP”) address, browser type and settings, referring / exit pages and URLs, number of clicks and how you interact with links on the services, metadata associated with uploaded Content, domain names, landing pages, pages viewed, mobile carrier, date and time stamp information and other such information.

Device Identifiers:

When you access the services using a mobile device, we collect specific device information, including your MAC address and other unique device identifiers. We also collect information such as the type of device you are using, its operating system, and mobile network information, which may include your mobile phone number. We may associate this device identifier with your account and will use data associated with your device identifier to customise our services to your device and to analyse any device-related issues.

Location Information:

We collect and process general information about the location of the device from which you are accessing the Service (e.g., approximate geographic location inferred from an IP address).

3. Information We Collect From Third-Party Integrations

When you use third-party integrations (e.g., Drift, Facebook Messenger, Slack, Asana etc), such providers may allow us to have access to and store additional information about your interaction with those services and platforms as it related to use of the services. If you do not wish to have this information shared, do not initiate these connections.

4. Information We Collect from Affiliates and Non-Affiliated Third Parties

Indergaard Physiotherapy may receive additional information about you, such as demographic information, from third parties, such as business partners, marketers, researchers, analysts, and other parties (e.g Facebook) that we may use to supplement the information that we collect directly from you.


To collect the information in the “Information We Automatically Collect” section above, we and our service providers use Internet server logs, cookies, tags, SDKs, tracking pixels, and other similar tracking technologies. A web server log is a file where website activity is stored. An SDK is a section of code that we embed in our applications and software to allow third parties to collect information about how users interact with the services. A cookie is a small text file that is placed on your computer or mobile device when you visit a site, that enables us to: (i) recognize your computer and login session; (ii) store your preferences and settings; (iii) understand which web pages of the services you have visited; (iv), enhance your user experience by delivering and measuring the effectiveness of content and advertising tailored to your interests; (v) perform analytics; and (vi) assist with security and administrative functions. Tracking pixels (sometimes referred to as web beacons or clear GIFs) are tiny electronic tags with a unique identifier embedded in websites, online ads and/or email, and that are designed to provide usage information like ad impressions or clicks, email open rates, measure popularity of the services and associated advertising, and to access user cookies. As we adopt additional technologies, we may also gather information through other methods.

Please note that you can change your settings to notify you when a cookie is being set or updated, or to block cookies altogether. Please consult the “Help” section of your browser for more information (e.g., Internet Explorer; Google Chrome; Mozilla Firefox; or Apple Safari).


We use your information (including any information that we collect, as described in this Policy) for various purposes depending on the types of information we have collected from and about you and the specific Indergaard Physiotherapy services you use, including to:

  • Provide the services you have requested.
  • Respond to your request for information and provide you with more effective and efficient customer service.
  • Provide you with product updates and information about products & services you have purchased from us.
  • Provide you with service notifications via email and SMS.
  • Contact you by email, postal mail, or phone regarding Indergaard Physiotherapy and third-party products, services, surveys, research studies, promotions, special events, and other subjects that we think may be of interest to you.
  • Customise the advertising and content you see.
  • Help us better understand your interests and needs, and improve our services.
  • Synthesise and derive insights from your use of different Indergaard Physiotherapy products and services.
  • Engage in analysis, research, and reports regarding use of our services.
  • Provide, manage, and improve the services.


In its administration of its CCTV system, Indergaard Physiotherapy complies with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018. Due regard is given to the data protection principles embodied in GDPR. These principles require that personal data shall be:

a) processed lawfully, fairly and in a transparent manner;
b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
d) accurate and, where necessary, kept up to date;
e) kept in a form which permits identification of the data subjects for no longer than is necessary for the purposes for which the personal data are processed;
f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

Indergaard Physiotherapy ensures it is responsible for, and able to demonstrate compliance with GDPR


1. Analytics

We use third-party web analytics services (e.g., Google Analytics) on our services to collect and analyse the information discussed above, and to engage in auditing, research and reporting. The information (including your IP address) collected by various analytics technologies described in the “Cookies and Similar Technologies” section will be disclosed to or collected directly by these service providers.

2. Online Advertising

Third parties or affiliates may administer Indergaard Physiotherapy banner advertising programs and other online marketing on non-Meadows Osteopath Clinic websites and services. To do so, these parties may set and access first-party cookies delivered from the Indergaard Physiotherapy domain, or they may use third-party cookies or other tracking mechanisms. For example, a third-party provider may use the fact that you visited Indergaard Physiotherapy website to target online ads for Indergaard Physiotherapy services to you on non Indergaard Physiotherapy websites. Or a third-party ad network might collect information on the services and other websites to develop a profile of your interests and target advertisements to you based on your online behaviour. These parties that use these technologies may offer you a way to opt out of ad targeting as described below. You may receive tailored advertising on your computer through a web browser.


Indergaard Physiotherapy will share your information in the following ways:

Service Providers.

We may provide access to or share your information with select third parties who perform services on our behalf. These third parties provide a variety of services to us, including without limitation product manufacture, billing, sales, marketing, provision of content and features, advertising, analytics, research, customer service, shipping and fulfilment, data storage, security, fraud prevention, payment processing, and legal services.

Third-Party Integrations.

When you initiate a connection with a third-party integration through the services (e.g., Drift, Facebook Messenger, Slack, Asana etc), we will share information about you that is required to enable your use of the third-party integration through the services.

Business Transfers.

If the ownership of all or substantially all of our business changes, we may transfer your information to the new owner so that the services can continue to operate. In such case, your information would remain subject to the promises and commitments contained in this Policy until such time as this Policy is updated or amended by the acquiring party upon notice to you. If such transfer is subject to additional mandatory restrictions under applicable laws, Indergaard Physiotherapy will comply with such restrictions.

Public Forums.

The services make it possible for you to upload and share comments or feedback publicly (i.e., outside of Indergaard Physiotherapy mobile and web app) with other users, such as on Indergaard Physiotherapy social media, blogs etc. Any information that you submit through such public features is not confidential, and Indergaard Physiotherapy may use it for any purpose (including in testimonials or other Indergaard Physiotherapy marketing materials). Any information you post openly in these ways will be available to the public at large and potentially accessible through third-party search engines. Such information can be read, collected and/or used by other users, and it could be used to send you unsolicited messages. Accordingly, please take care when using these features of the services.

Aggregate/De-Identified Information.

From time to time, Indergaard Physiotherapy may share Aggregate/De-Identified Information about use of the services, such as by publishing a report on usage trends. As stated above, this Policy places no limitations on our use or sharing of Aggregate/De-Identified Information.


We may also disclose your information to third parties with your consent to do so. For example, we will write to your GP to update them on your treatment but only with your consent.  


We provide you with a number of choices with respect to the information we collect and use as discussed throughout this policy. For example: – You may instruct us not to use your contact information to contact you by email, postal mail or phone regarding products, services, promotions and special events that might appeal to your interests by contacting us at any time.

In commercial email messages, you can also opt out by following the instructions located at the bottom of such emails.

Please note that, regardless of your request, we may still use and share certain information as permitted by this policy or as required by applicable law. For example, you may opt out of certain operational or service-related emails, such as those reflecting our relationship or transactions with you, but we have to retain your medical records for a period of at least seven years.



The services contain links to third-party websites such as social media sites, and also contain third-party integrations. If you choose to use these sites or integrations, you may disclose your information not just to those third-parties, but also to their users and the public more generally depending on how their services function. Because these third-party websites and services are not operated by Indergaard Physiotherapy, Indergaard Physiotherapy is not responsible for the content or practices of those websites or services. The collection, use, and disclosure of your personal and other information will be subject to the privacy policies of the third-party websites or services, and not this Policy. We urge you to read the privacy and security policies of these third-parties.



Our services are available to all ages. For children under 16, we may need to get consent from someone with parental responsibility. This could be: − the child’s mother or father; − the child’s legally appointed guardian; − a person with a residence order for the child; − a local authority designated to care for the child; or − a local authority or person with an emergency protection order for the child. However, some children under 16 can give consent if they can fully understand the information given to them. This is known as ‘Gillick competence’.


Indergaard Physiotherapy complies fully with the Data Protection Act 2018 (DPA 2018), and the UK General Data Protection Regulation (UK GDPR).

The Data Protection Act 2018 (DPA 2018), and the UK General Data Protection Regulation (UK GDPR) impose restrictions on the transfer of personal data outside the UK, to third countries or international organisations, in order to ensure that the level of protection of individuals afforded by (UK GDPR) is not undermined. 

Indergaard Physiotherapy may transfer information that we collect about you to third-party processors across international borders outside the UK. These third parties may have access to your information for the limited purpose of providing the service we have contracted with them to provide.

For example, our Practice Management Software is cloud-based and servers are located in Australia. However, the relevant safeguards & documentation is in place so our patient data is secure and we are comfortable meeting the standards of UK GDPR.


If you want to learn more about the information collected through the services, or if you would like to access or rectify your information and/or request deletion of information we collect about you, or restrict or object to the processing of your information, please contact us using the contact information below. You may have to make a ‘Subject Access Request’ This is covered in the Subject Access Request Policy which is available on request. Where you have provided consent, you may withdraw your consent at any time, without affecting the lawfulness of the processing that was carried out prior to withdrawing your consent. If you are dissatisfied with the way we process your information, you may request a copy of our complaint process in the first instance. 


We will retain your information for the period necessary to fulfill the purposes outlined in this Policy unless a longer retention period is required or permitted by law.


We reserve the right to amend this Policy at any time to reflect changes in the law, our data collection and use practices, the features of our services, or advances in technology. We will make the revised Policy accessible through the services, so you should review the Policy periodically. If we make a material change to the Policy, you will be provided with appropriate notice and we will seek your consent to the updated Policy in accordance with legal requirements.


Indergaard Physiotherapy takes technical and organisational measures to protect your personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access. However, no method of transmission over the Internet, and no means of electronic or physical storage, is absolutely secure, and thus we cannot ensure or warrant the security of that information. If you have any questions about security on our services, you can contact us at 028 90 139185