top of page

GDPR PRIVACY NOTICE

Scope

This document pertains to the collection, processing, and storage of personal data in accordance with the General Data Protection Regulation (GDPR) and the Privacy and Electronic Communications Regulations (PECR). These regulations protect the rights of individuals regarding their personal data, ensuring its security and lawful processing.

 

1 – About Us

Malaya Therapies (hereafter referred to as "the Practice") is a registered osteopathy clinic providing osteopathic treatment and associated therapies. The Practice is committed to upholding the highest standards of data protection and patient confidentiality.

​

2 – What Data We Collect and Why

To provide osteopathic treatment, we may collect and store the following personal data:

  • Personal details: Name, date of birth, contact details (phone, email, postal address).

  • Medical history and treatment records: Information regarding past and current health conditions, medications, lifestyle factors, and treatment plans.

  • Appointment history: Details of scheduled appointments, cancellations, and attendance records.

  • Payment details: Information related to invoicing and payments.

  • Marketing preferences: If you opt-in to receive updates about our services.

The collection of this data is necessary to provide safe and effective treatment, manage appointments, and ensure compliance with legal and regulatory obligations.

​

3 – How We Use Your Data

Your data is used strictly for the following purposes:

  • Diagnosing and treating health conditions in line with osteopathic best practices.

  • Managing appointments and providing relevant treatment updates.

  • Contacting you regarding future appointments, follow-ups, or necessary treatment-related information.

  • Complying with legal, regulatory, and professional obligations.

  • Improving our services based on patient feedback and anonymised analysis.

  • With your explicit consent, providing relevant marketing communications (you may opt out at any time).

 

4 – Lawful Basis for Processing Personal Data

We process your personal data under the following legal bases:

  • Consent: When you provide explicit consent for us to process your health data.

  • Contractual obligation: To provide osteopathic treatment and manage appointments.

  • Legal obligation: To comply with applicable laws and regulatory requirements.

  • Legitimate interests: To maintain and improve the quality of care provided.

​​

5 – Data Storage & Security

  • All personal data is stored securely in compliance with GDPR regulations.

  • We take appropriate technical and organisational measures to protect your information against unauthorised access, loss, or misuse.

  • We do not share your data with third parties unless legally required or necessary for your ongoing medical care (e.g., referral to a GP or specialist, with your consent).

 

6 – Data Retention Policy

  • We retain patient records for eight years after the last appointment, in accordance with professional guidelines.

  • If the patient was a minor at the time of treatment, records will be kept until they reach the age of 25.

  • After the retention period, data will be securely deleted unless there is a legal reason to retain it.

 

7 – Your Rights

Under GDPR, you have the following rights regarding your personal data:

  • Right to access: Request a copy of the personal data we hold about you.

  • Right to rectification: Request corrections if your data is inaccurate.

  • Right to erasure: Request the deletion of your data (subject to legal retention requirements).

  • Right to restrict processing: Limit how we use your data in certain circumstances.

  • Right to data portability: Request transfer of your data to another provider.

  • Right to object: Object to data processing in certain situations, including direct marketing.

  • Right to withdraw consent: Withdraw consent for processing at any time.

To exercise any of these rights, please contact us using the details below.

 

8 – Sharing Your Data

We will not sell, rent, or distribute your personal data to third parties. However, in the following cases, we may share your data with:

  • Other healthcare professionals (e.g., GPs, consultants) for the purpose of your treatment, with your consent.

  • Legal or regulatory authorities if required by law.

 

9 – Website Cookies & Data Tracking

  • Our website may use cookies to enhance user experience. You can adjust your browser settings to disable cookies if preferred.

  • Basic data such as IP addresses may be collected for security and analytical purposes.

 

10 – How to Contact Us

If you have any concerns about your data or wish to exercise your rights, please contact:

​

Malaya Therapies
Wood Street Indoor Market, Unit A10, 98 Wood Street, Walthamstow, London E17 3HX
Phone: +44 (0) 7729461315
Email: kylie@malayatherapies.co.uk

​

If you are dissatisfied with how we handle your data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

​

ICO
Wycliffe House, Water Lane, Wilmslow, SK9 5AF
Phone: +44 (0) 303 123 1113
Website: https://ico.org.uk/global/contact-us/email/

​

This GDPR Privacy Notice is subject to periodic updates to ensure compliance with data protection regulations. Please review it regularly for any changes.

bottom of page