top of page

Privacy Policy

At J&J Therapy, we are committed to protecting your privacy and handling your personal information with care. This Privacy Policy explains what personal data we collect from you, how we use it, how we keep it secure, and your rights regarding your data. We aim to be transparent and use clear language so you can easily understand how we manage your information.

Who We Are: J&J Therapy ("we", "us", or "our") is a therapy clinic located at C.I. Tower, Ground Floor, New Malden, KT3 4HG, United Kingdom. For the purposes of UK data protection law (including the Data Protection Act 2018 and the UK General Data Protection Regulation), J&J Therapy is the "data controller" of the personal data you provide to us. In other words, we determine how and why your personal information is used. You can contact us using the details at the end of this Policy if you have any questions or concerns about your data.

Scope: This Privacy Policy applies to our therapy services and our website/online booking platform. By using our services or website, you agree that we may collect, use, and safeguard your information as described in this Policy. We may update this Policy from time to time (see the "Updates" section below), so please check back periodically for any changes.

Data Collection and Use

We only collect personal information that we need in order to provide you with our services, to communicate with you, and to run our clinic safely and effectively. Below are the types of personal data we collect and how we use them:

  • Contact Details: Information such as your full name, phone number, email address, and possibly your postal address. We use this information to identify you, schedule appointments, contact you with appointment confirmations or reminders, and respond to your inquiries.

  • Personal Details: Information like your date of birth or age, and gender (if relevant to your treatment). This helps us ensure we provide appropriate services (for example, some treatments may differ based on age or other factors) and verify your identity if needed.

  • Health Information: Details about your health, medical history, injuries or conditions, and any treatment notes from our sessions. This sensitive information is collected only for the purpose of understanding your needs, ensuring treatments are safe and effective for you, and tracking your progress. For example, we may ask about any injuries, chronic conditions, medications, or allergies so that we can tailor our therapy appropriately. We treat this information with special care and confidentiality.

  • Appointment and Treatment Records: Records of the appointments you have booked (dates and times), the services or treatments you have received, and notes or assessments related to those sessions. We use this to keep track of your treatment plan, monitor progress, and provide continuity of care when you return.

  • Payment Information: If you pay for services via card or online, payment details (e.g. card type or the last four digits of your card number) and transaction information may be processed by our payment provider. We do not store your full card details ourselves. We only maintain records of your payments (such as the amount, date, and method) to manage our accounts and for financial record-keeping required by law.

  • Website Usage Data: When you use our website, we may automatically collect technical information like your IP address, browser type, and browsing actions through cookies or similar technologies (see the "Cookies" section below). This helps us ensure the website functions properly, protect the security of the site, and understand which parts of our site are most popular so we can improve our services. This data is generally aggregated and not used to identify you personally, except for essentials such as IP address which might be needed for security monitoring.

If you choose not to provide certain personal information (for example, if you declined to give us any health information or contact details), we may not be able to offer you our therapy services or certain features of our website. We will only ask for information that is relevant and necessary for your interaction with us.

We will never sell your personal information to anyone, and we do not share it with third parties for their own marketing purposes. We may occasionally send you updates about our services or special offers, but we will only do this if you have explicitly given us your consent (for example, by opting in to receive a newsletter or promotional emails). You are always free to change your mind and opt out of marketing communications at any time, and we will respect your choice.

Legal Bases for Processing

We ensure that we have a valid legal basis to collect and use your personal data, as required by UK GDPR. Depending on the context, we rely on one or more of the following lawful bases:

  • Contract: Much of the information we collect is needed for us to provide you with the service you have requested – in other words, to fulfil our contract with you. For example, when you book a therapy session, we need your name and contact details to schedule the appointment, and your health information to deliver the treatment safely and effectively.

  • Legal Obligation: We may be required by law to process certain personal data. This includes maintaining records of transactions for tax and accounting purposes, complying with health and safety regulations, or retaining medical/treatment records as required by applicable laws or professional guidelines. If law enforcement or regulatory authorities lawfully require us to provide certain data, we may also have to comply (we would only share what is necessary and required by law).

  • Legitimate Interests: We may process your data as necessary for our legitimate business interests, as long as those are not outweighed by your rights and interests. For example, we have a legitimate interest in sending you appointment reminders, following up with you after treatment to monitor your progress or get feedback, improving our services, or keeping basic records of past clients. We may also process data to ensure IT security and prevent fraud. Whenever we rely on legitimate interests, we carefully consider and balance any potential impact on you (both positive and negative) and your rights under data protection laws.

  • Consent: In situations where no other legal basis applies, we will ask for your clear consent to process your information. We will typically seek your explicit consent when processing any sensitive personal data (for instance, detailed health information) or if we want to use your data for a new purpose not covered by this Policy. For example, as part of our client intake process, we may ask you to sign a consent form acknowledging the collection and use of your health information for treatment purposes. If we ever send you marketing emails or newsletters, this would be based on your opt-in consent. You have the right to withdraw your consent at any time (see "Your Rights" below), and if you do, we will stop the processing that was based on consent.

Data Retention

We keep your personal data only for as long as necessary to fulfil the purposes described in this Policy, and to comply with our legal and professional obligations. The length of time we retain information can vary depending on the type of data and the reason we have it:

  • Therapy Records: We generally retain your treatment records (including consultation forms and session notes) for up to 7 years after your last appointment. This duration is often required by our professional indemnity insurance and is standard practice for therapy records. If you are a younger client (a child or minor), we may need to keep records until up to 7 years after you reach the age of 18 (around age 25), in line with legal guidelines, to ensure we meet our obligations.

  • Contact Information: If you are an active client, we keep your contact details on file to manage appointments and communicate with you. If you have not visited us for a long period, we may remove or anonymise your contact information after a certain time unless we need to keep it for legal or insurance purposes. You can also request that we delete your contact details if you stop using our services (see "Your Rights" below).

  • Financial Records: We retain records of payments and invoices for the period required by UK law (for example, typically 6 years for tax accounting records). These records may include your name, the service provided, and the amount paid, but they do not contain sensitive payment information.

  • Website Data: Any analytics data collected via cookies is generally retained only for as long as necessary for the analysis or aggregated over time for statistical purposes. We periodically review such data and delete or anonymise it when we no longer need it.

After these retention periods expire, or once we have no further legitimate need for the data, we will ensure it is securely deleted or destroyed, or anonymised so that it can no longer be linked back to you. Please note that in some cases we may be obliged to retain certain information for longer if required to comply with legal obligations or resolve disputes (for example, if there is an ongoing legal matter or if we need the data to exercise or defend legal claims).

Your Rights

As a client or user of our services, you have certain rights regarding your personal data under data protection law. We want to make sure you are aware of your rights and can exercise them easily:

  • Right to Be Informed: You have the right to be informed about how your personal data is being collected and used. This Privacy Policy is one of the ways we fulfill that right, by providing you details about our data practices.

  • Right of Access: You can request a copy of the personal information we hold about you (commonly known as making a "Subject Access Request"). We will provide you with a summary of the data we have, and details on how it is used, usually within one month of your request.

  • Right to Rectification: If any of your information is incorrect or incomplete, you have the right to have it corrected. Just let us know what needs updating, and we will fix it.

  • Right to Erasure: You can ask us to delete or remove your personal data in certain circumstances – for example, if it's no longer needed for the purpose we collected it, or if you initially consented but have now withdrawn your consent. This is sometimes called the "right to be forgotten". We will review such requests and, if there is no lawful reason for us to keep the data, we will delete it. (Do note that if you ask us to delete information that we are required to keep by law or that is essential for us to provide your care, we may not be able to fulfill that request – but we will explain this to you if it applies.)

  • Right to Restrict Processing: You have the right to ask us to stop or limit the processing of your data in certain situations. For instance, if you believe the data is inaccurate, or you have objected to our use of your data, you can request a restriction until the issue is resolved. This means we would store your data but not actively use it until the restriction is lifted.

  • Right to Data Portability: You have the right, in some cases, to receive your personal data in a structured, commonly used and machine-readable format, and to have that data transmitted to another data controller. This typically applies to information you have provided to us electronically, where we process it based on your consent or a contract with you. For example, if you wanted to transfer your treatment records to another therapist or clinic, we can assist in providing a copy of your records (subject to confidentiality considerations).

  • Right to Object: You can object to certain types of processing. You have an absolute right to object to your data being used for direct marketing purposes – if we ever send you marketing communications, you can tell us to stop and we will stop. You can also object if you feel our processing of your data is not justified by our stated legitimate interests or if you want us to stop using data for research or statistical purposes. We will consider your objection and respond with our decision; in general, we will cease processing unless we have a compelling legitimate ground to continue.

  • Rights Related to Automated Decision-Making: You have rights related to automated decision making and profiling. However, we do not carry out any automated decision-making or profiling activities with your personal data that would have legal or significant effects on you. In the event that this changes in the future, we will inform you and ensure your rights in this area (such as the right to request human intervention or to contest the decision) are upheld.

  • Right to Withdraw Consent: If we are processing any of your data based on your consent, you have the right to withdraw that consent at any time. For example, if you agreed to receive marketing emails, you can later opt out and we will stop sending them. Withdrawing consent will not affect the lawfulness of any use of your data that happened before you withdrew consent.

  • Right to Complain: If you have any concerns or are unhappy about how we have handled your personal data, please let us know first so we can try to put things right. We take privacy complaints very seriously and will do our best to address your concerns. However, if you are not satisfied with our response, you have the right to lodge a complaint with the UK's supervisory authority for data protection, which is the Information Commissioner’s Office (ICO). You can contact the ICO for advice or to make a complaint by calling 0303 123 1113 or through their website at www.ico.org.uk.

​​

Exercising Your Rights: You can exercise any of these rights by contacting us (see the "Contact Us" section below for how to reach us). We will respond to your requests as soon as we can, and within one month at the latest (this can be extended by a further two months for complex requests, but we will inform you if an extension is needed). We may need to verify your identity before processing certain requests, to ensure we are protecting your information from unauthorised access. There is normally no fee for exercising your rights. If for some reason we cannot comply with your request (for example, if a legal exception applies), we will explain to you the reason.

Cookies and Website Tracking

Our website uses cookies and similar technologies to give you a better experience and to help us understand how the site is used. Cookies are small text files placed on your device when you visit a website. We use the following types of cookies:

  • Essential Cookies: These cookies are necessary for the website to function properly. For example, they might enable core functions like page navigation, your booking session details, or access to secure areas of the site. Without these cookies, certain services you request (such as making an online appointment) may not be possible. These cookies do not collect personal data for marketing purposes, and you cannot opt out of them if you want to use our site (except by blocking all cookies in your browser, which may cause the site to not work correctly).

  • Analytics Cookies: We may use analytics or performance cookies (for instance, Google Analytics) to collect information about how visitors use our website. This can include which pages are visited, how long people stay on a page, and what features are used. This information helps us improve our website and services by understanding user behaviour. We do not deploy analytics cookies without your consent, as they are not strictly necessary for the site to function. Any data collected by these cookies is typically aggregated and not used to identify you personally. For example, we might see overall statistics like "X number of visitors viewed the appointment page this week."

  • Preference Cookies: If our site offers customisable settings (such as language preference or text size adjustments), preference cookies remember your choices to provide a more personalised experience. Currently, our website’s customization options are limited, but if you, for example, choose to hide a notification message or select certain site preferences, a cookie might remember that selection for your next visit.

  • Advertising Cookies: We do not currently use any advertising or targeting cookies on our site. We do not show third-party ads or track you across other websites. If this ever changes, we will update this Policy and seek your consent where required.

Managing Cookies: When you first visit our website, you may see a cookies notice or banner. You can choose to accept or reject non-essential cookies (such as analytics cookies) at that time. Additionally, you can control cookies through your browser settings. Most web browsers allow you to block or delete cookies, or to alert you when cookies are being set. Please be aware that if you disable all cookies (including essential cookies) in your browser, some parts of our site may not function properly. By continuing to use our site with your browser set to accept cookies, you are agreeing to our use of cookies as described here (unless you have specifically opted out of certain cookies).

Third-Party Services

We do not sell your personal data to anyone. However, in order to run our business and provide our services to you, we rely on a few trusted third-party service providers. These third parties act on our behalf (as "data processors") or in partnership with us, and they are only permitted to use your information as instructed by us. The main instances where your data might be handled by third-party services include:

  • Online Booking & Scheduling: We use an electronic booking system to manage appointments. This system may be provided by a third-party platform. When you enter your details to book an appointment (such as your name, contact info, and appointment time), that information is stored on the platform's secure servers. The booking platform only uses your data to facilitate our scheduling and communications with you; they do not use it for their own purposes.

  • Payment Processing: If you pay for services using a credit/debit card or other electronic payment methods, we use reputable payment processing companies to handle the transaction. These third-party processors (for example, our card payment service or online payment gateway) process your payment details securely. We do not receive or store your full card number or security codes. The payment processor provides us with a confirmation of payment and basic details (such as the amount and date) so we can record the transaction.

  • Email and Communications: We may use third-party email services or SMS/text messaging services to send you appointment confirmations, reminders, or newsletters (if you subscribed). For example, if we send you an email or a text reminder, it might be sent through a secure service provider platform. These providers have access to your email address or phone number solely for the purpose of sending our communications, and they are not allowed to use your details for anything else.

  • Data Storage and IT Services: Like many businesses, we may use cloud storage or software systems provided by third parties to store and manage data (for instance, a cloud-based client record system or an encrypted backup service). Any third-party service we use for data storage is carefully vetted to ensure it has strong security measures and complies with data protection laws. Your personal data is stored in such systems only as needed for our operations, and the providers are contractually obligated to keep it secure and confidential.

  • Analytics Tools: As mentioned under Cookies, we might use Google Analytics or similar analytics tools to understand website traffic and usage. These tools are provided by third parties (Google, in the case of Google Analytics) which may process some data like your IP address or device information for us. We do not give them any directly identifying personal information like your name or contact details. They operate under their own privacy agreements, but we ensure any analytics use is done lawfully and you have control over it via cookie consent.

  • Legal or Professional Advisors: In some cases, we may need to share information with professional advisors or authorities. For example, our accountants may see records of payments (which include client names and amounts) when preparing our financial statements. If required by law, we might also disclose information to government authorities or law enforcement (for instance, providing information to HM Revenue & Customs for tax purposes, or if compelled by a court order). We may also refer to or consult with other healthcare professionals regarding your treatment (for example, if we recommend you to a specialist), but we would only share your personal or health information with your consent or if it’s necessary in your vital interests (such as in an emergency situation).

We make sure that any third parties we use are bound to strict privacy and security obligations. We have agreements in place (Data Processing Agreements or similar) to ensure they protect your data in line with this Privacy Policy and the law. If any third-party service providers are located outside the UK, we will ensure that appropriate safeguards are in place for international data transfer (for example, using standard contractual clauses or relying on countries that have an adequate data protection rating from the UK authorities).

Finally, if our website contains links to external sites or services (like Instagram, Facebook, or external booking pages), please note that those sites are not operated by us. Once you leave our website or interact with a third-party service, their own privacy policies will apply. We encourage you to read the privacy notices of any external websites you visit via links from our site.

Data Security

We take the security of your personal data very seriously. We have implemented various measures to protect your information from unauthorised access, loss, or disclosure:

  • Secure Storage: Personal data you provide to us is stored on secure systems. Electronic records (like our scheduling database or emails) are protected by strong passwords, encryption, and firewall technologies. If we keep any paper records (such as intake forms or signed consent forms), they are stored in a secure, locked location when not in use.

  • Limited Access: Only authorised personnel at J&J Therapy (for example, your therapist and certain administrative staff who need the information to perform their duties) can access your personal information. Our team members are trained to handle data safely and confidentially.

  • Website Security: Our website uses HTTPS encryption (you'll see a padlock or "https://" in the address bar) to secure any data you enter or transmit to us online. This means that information like your booking details or anything submitted through our forms is encrypted in transit and protected from eavesdropping. We also keep our website platform, plugins, and software up to date to guard against security vulnerabilities.

  • Payment Security: All online card payments are handled through payment processors that comply with strict industry security standards for handling payment information. This means your card details are transmitted and processed with a high level of encryption and protection. We never store your sensitive card details on our own systems.

  • Ongoing Vigilance: Although we strive to protect your information, no method of electronic storage or transmission over the internet can be guaranteed 100% secure. We continuously monitor our systems for potential vulnerabilities and attacks, and we review our security measures regularly. In the unlikely event of a data breach that poses a risk to your rights or privacy, we will notify you and the relevant authorities (such as the ICO) as required by law.

By taking these steps, we aim to give you peace of mind that your data is in safe hands with us.

Updates to This Policy 

We may revise or update this Privacy Policy from time to time to reflect changes in our services, feedback from clients, or changes in data protection laws. If we make any significant changes, we will take reasonable steps to inform you (for example, by posting a notice on our website or contacting you via email if appropriate). The "Last updated" date at the bottom of this Policy indicates when the latest revisions were made. We encourage you to review this Policy occasionally to stay informed about how we are protecting your information.

Contact Us

Your privacy matters to us. If you have any questions, concerns, or requests regarding this Privacy Policy or the personal data we hold about you, please do not hesitate to contact us. We are here to help and will respond as promptly as we can.

 

Contact details for J&J Therapy (the Data Controller):

Address:  J&J Therapy, C.I. Tower, Ground Floor, New Malden, KT3 4HG, United Kingdom
Email:  info@jjwellcare.com
Phone:  07882 943540

When you contact us, we may ask you to verify your identity to ensure we do not disclose your information to the wrong person.

If you wish to exercise any of your rights described above, you can reach us via the contact details above and we will guide you through the process.

Complaints: As noted, you have the right to contact the Information Commissioner’s Office (ICO) if you believe we have not handled your personal data properly. You can find information on how to report concerns on the ICO website (www.ico.org.uk) or by calling their helpline (0303 123 1113). We would appreciate the opportunity to address your concerns first, so please consider reaching out to us before contacting the ICO.

Last updated: June 2025

bottom of page