Privacy Policy

Sligo Physio Space

www.sligophysiospace.ie

Last Updated: 30 January 2026

1. Introduction

Sligo Physio Space (‘we’, ‘us’, or ‘our’) is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information in accordance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

We are registered with the Physiotherapists Registration Board (CORU) and adhere to CORU’s Code of Professional Conduct and Ethics, including standards for confidentiality and data protection.

2. Data Controller

The data controller responsible for your personal information is:

Sligo Physio Space

Claire Mc Guinness

Ballast Quay

Sligo

0872220311

info@sligophysiospace.ie

3. Information We Collect

3.1 Personal Information

We may collect the following personal information:

  • Name, address, date of birth, and contact details (phone number, email address)
  • PPS number (if required for insurance claims)
  • Emergency contact information
  • Payment and billing information

3.2 Health Information

As a healthcare provider, we collect sensitive health information including:

  • Medical history and current health conditions
  • Current medications and allergies
  • Details of injuries or conditions requiring treatment
  • Treatment notes and physiotherapy assessments
  • GP and other healthcare provider information
  • Insurance information for claims processing

3.3 Website Information

When you visit our website, we may collect:

  • Information about your device and browser
  • IP address and location data
  • Pages visited and time spent on our website
  • Information submitted through contact forms or appointment booking systems

4. Legal Basis for Processing

We process your personal data on the following legal bases:

  • Explicit Consent: You provide explicit consent for us to process your health information for treatment purposes.
  • Contract Performance: Processing is necessary for the performance of our physiotherapy services contract with you.
  • Legal Obligation: We must retain certain records to comply with professional regulatory requirements and tax law.
  • Legitimate Interests: We process data for administrative purposes, appointment scheduling, and business communication where we have a legitimate interest that does not override your rights.

5. How We Use Your Information

We use your personal and health information for the following purposes:

  • To provide physiotherapy assessment, treatment, and care
  • To manage appointments and maintain clinical records
  • To communicate with you about your treatment and appointments
  • To process payments and billing
  • To submit insurance claims on your behalf (with your consent)
  • To communicate with your GP or other healthcare providers (with your consent)
  • To comply with legal and regulatory obligations
  • To improve our services and website functionality

6. Information Sharing and Disclosure

We will only share your information with third parties in the following circumstances:

  • Healthcare Providers: With your explicit consent, we may share information with your GP, consultants, or other healthcare professionals involved in your care.
  • Insurance Companies: With your consent, we share necessary information to process private health insurance claims.
  • Legal Requirements: Where required by law, regulation, or legal process.
  • CORU: If required for regulatory or fitness to practise proceedings.
  • Service Providers: We may use trusted third-party service providers (e.g., appointment booking systems, secure cloud storage) who process data on our behalf under strict confidentiality agreements.

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

7. Data Security

We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Secure storage of physical records in locked filing cabinets
  • Password-protected and encrypted electronic records
  • Restricted access to personal data on a need-to-know basis
  • Regular security assessments and staff training
  • Secure website connections (SSL/TLS encryption)

8. Data Retention

We retain your personal and health information in accordance with professional and legal requirements:

  • Clinical Records: Adult records are retained for a minimum of 7 years from the date of last contact. Records for patients who were minors at the time of treatment are retained until their 25th birthday or for 7 years, whichever is longer.
  • Financial Records: Retained for 6 years in accordance with tax legislation.
  • Marketing Consent: Retained until you withdraw consent or we determine it is no longer relevant.

After the retention period expires, records are securely destroyed through shredding (paper) or permanent deletion (electronic).

9. Your Rights Under GDPR

You have the following rights regarding your personal data:

  • Right of Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure: Request deletion of your data (subject to legal retention requirements).
  • Right to Restrict Processing: Request limitation on how we use your data.
  • Right to Data Portability: Request transfer of your data to another provider in a structured format.
  • Right to Object: Object to processing based on legitimate interests or for direct marketing.
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.

To exercise these rights, please contact us using the details in Section 2. We will respond to your request within one month. Please note that some rights may be limited where we have a legal obligation to retain information (e.g., clinical records).

10. Cookies and Website Analytics

Our website uses cookies to improve your browsing experience and analyse website traffic. Cookies are small text files stored on your device. We use:

  • Essential Cookies: Necessary for the website to function properly.
  • Analytics Cookies: To understand how visitors use our website (e.g., Google Analytics).
  • Functional Cookies: To remember your preferences and enhance functionality.

You can manage cookie preferences through your browser settings. Please note that disabling certain cookies may affect website functionality.

11. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of these external sites. We encourage you to review their privacy policies before providing any personal information.

12. Children’s Privacy

We treat children under 18 in accordance with GDPR requirements. For children under 16, we obtain consent from a parent or guardian before processing personal data. Treatment records for minors are retained in accordance with professional guidelines as outlined in Section 8.

13. International Data Transfers

We primarily store and process your data within the European Economic Area (EEA). If we use service providers located outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, to protect your data.

14. Data Breaches

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify the Data Protection Commission within 72 hours and inform affected individuals without undue delay, as required by GDPR.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations. The updated policy will be posted on our website with a revised ‘Last Updated’ date. We encourage you to review this policy periodically.

16. Complaints and Concerns

If you have any concerns about how we handle your personal data or wish to make a complaint, please contact us using the details in Section 2. We will investigate and respond to your concerns promptly.

You also have the right to lodge a complaint with the Data Protection Commission:

Data Protection Commission

21 Fitzwilliam Square South

Dublin 2, D02 RD28

Ireland

Phone: +353 (0)761 104 800 or Lo Call 1890 252 231

Email: info@dataprotection.ie

Website: www.dataprotection.ie

17. Contact Information

If you have any questions about this Privacy Policy or our data practices, please contact us:

Sligo Physio Space

[Your Address]

Phone: [Your Phone Number]

Email: [Your Email Address]

Website: www.sligophysiospace.ie

By using our services and website, you acknowledge that you have read and understood this Privacy Policy.