Privacy Policy

RE-COV PHYSIO LTD.

Effective Date: 1st February 2025

Last Updated: 1st February 2025

1. Introduction

RE-COV PHYSIO LTD. (“we,” “us,” or “our”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data in accordance with the UK General Data Protection Regulation (UK GDPR), Data Protection Act 2018, and other relevant UK laws, when you use our services. Our services (”Services”) include but are not limited to our website www.re-cov.co.uk, physiotherapy consultations, mobile applications, devices, or when you interact with us in other related ways such as sales, marketing, or events. By accessing or using our Services, you acknowledge that you have read and understood this Privacy Policy. If you have any questions, please contact us at info@re-cov.co.uk.

2. Data Controller

The data controller for your personal data is:

Mr Matthew Freaney

71-75 Shelton Street, Covent Garden, London, WC2H 9JQ

info@re-cov.co.uk

3. What Information We Collect

We collect and process the following types of personal data:

A. Personal Identification Information

Name
Date of birth
Address
Email address
Phone number

B. Medical & Health Data (Special Category Data)

Medical history and pre-existing conditions
Treatment records and physiotherapy notes
Health assessments and injury details
GP or specialist referrals (if applicable)

C. Financial & Payment Information

Payment card details (processed securely via Stripe – we do not store full payment details)
Billing address

D. Booking & Communication Data

Appointment dates, times, and confirmations
Email correspondence, chat messages, and phone call records related to your care

E. Marketing & Preferences

Subscription preferences for promotional emails (with an easy opt-out option)

F. Gym Partnerships

Gym name and location
Contact details of gym representatives such as name, email and phone number
Number of members in gym, gym membership pricing and organisational structure

G. Technical information about your device and usage patterns

This includes your device type, model, operating system, browser type and version, IP address, location data and various interaction data such as access timestamps, pages viewed, features used, and time spent on specific functions.

4. How We Collect Your Data

We collect personal data in the following ways:

Directly from you when you book an appointment or complete a medical questionnaire.
Through online consultations conducted via Zoom.
From gym representatives when discussing service partnerships.
Through our secure booking and record-keeping system, Zanda (formerly Power Diary).

5. Legal Basis for Processing Your Data

Under UK GDPR, we rely on the following legal grounds for processing personal data:

Consent: For marketing communications.
Contractual Necessity: To provide physiotherapy services you have requested. To manage gym partnerships. To provide customer support. To process payments.
Legal Obligation: To retain medical records as required by UK law. To comply with tax regulations and maintain business records.
Legitimate Interest: To operate our business effectively, maintain client records, and prevent fraud. To improve our services.
Vital Interests: In emergencies where data processing is necessary to protect your health.

6. How We Use Your Data

We use your personal data for:

Providing Physiotherapy Services: Assessments, treatments, and personalised rehabilitation plans.
Record-Keeping: Maintaining accurate medical notes, in compliance with legal and professional obligations.
Appointments & Scheduling: Booking and managing physiotherapy sessions.
Payments & Invoicing: Processing payments securely via Stripe.
Communication: Sending appointment reminders, follow-ups, and responding to queries.
Marketing (Optional): Sending promotional emails, which you can opt out of any time.

7. How We Store & Protect Your Data

Our comprehensive security framework includes multi-layered protection measures. We implement two-factor authentication for database access across our systems, maintain strict device security protocols, and ensure all data transfers occur through encrypted channels using HTTPS. Our infrastructure incorporates secure file transfer protocols, VPN technology for remote access, and role-based access controls to maintain data integrity. While we take all reasonable steps to protect your information, no system is completely immune to security risks. We promptly investigate and address any potential security incidents and notify affected users as required by applicable law.

We store personal data securely using the following platforms:

Platform	Purpose	Security Measures
Zanda (formerly Power Diary)	Booking, record-keeping, and medical notes storage	Encrypted, GDPR-compliant storage
Zoom	Online consultations	Secure video conferencing, encrypted
Stripe	Payment processing	PCI-DSS-compliant, encrypted transactions
HubSpot	Customer relationship management (Gym partnerships)	GDPR-compliant CRM, two-factor authentication
Heidi	AI medical scribe for clinical documentation	Secure, encrypted AI-assisted note-taking
Gmail	Secure email communications	Data Encryption, two-factor authentication

All data is stored in GDPR-compliant locations, and we apply appropriate technical and organisational measures to prevent unauthorised access, loss, or misuse.

8. Data Retention – How Long We Keep Your Data

Our data retention policy is structured to maintain information only as long as necessary.

We retain medical records in accordance with UK professional and legal guidelines:

Adults: Minimum of 8 years after the last appointment.
Children (under 18): Until the child’s 25th birthday (or 26 if treated at age 17).
Financial transactions: Retained for 7 years for accounting compliance.

After these periods, data will be securely deleted unless required for legal purposes.

Aside from your medical records which we are required to keep by law, when you unsubscribe from our email communications, we ensure your data is deleted within 48 hours.

Active mailing list subscribers' information is maintained for service continuity, while gym partner data is retained based on relationship status - 24 months for declined partnerships and ongoing retention for active partnerships.

9. Sharing Your Data

We do not sell or share your personal medical data with third parties, except in the following cases:

With RE-COV Boots if we feel you would benefit from using these.
Legal & Regulatory Compliance: If required by law or regulatory authorities (e.g., HCPC, CSP).
Emergency Situations: If we need to share data with medical professionals to protect your health.
IT & Security Providers: Where necessary to maintain secure and effective systems.

10. Your Rights Under UK GDPR

You have the following rights regarding your personal data:
Right to Access: Request a copy of your personal data.
Right to Rectification: Request corrections to inaccurate or incomplete data.
Right to Erasure (“Right to Be Forgotten”): Request deletion of your data (subject to legal obligations).
Right to Restriction: Limit how we use your data in certain circumstances.
Right to Object: Object to data processing for direct marketing or other purposes.
Right to Data Portability: Request transfer of your data to another service provider.
Rights Related to Automated Decision-Making: You can request human intervention in automated decisions that significantly affect you

To exercise these rights, contact us at info@re-cov-physio.co.uk. We will respond to your request within one month, though this period may be extended in complex cases. Some requests may be denied based on legal requirements or legitimate business interests.

11. Marketing & Communications

We may send you occasional marketing emails related to RE-COV Physio and RE-COV Compression Boots.

You will only receive these if you have opted in.
Every email contains an unsubscribe option.

12. Cookies & Website Tracking

Our Services use cookies and similar tracking technologies to enhance your experience and collect usage data. These technologies help us understand how our Services are used, remember your preferences, and provide personalised features. We use both essential cookies necessary for basic functionality and optional cookies for analytics and marketing purposes. You can control non-essential cookies through your browser settings or our cookie preference centre. Blocking certain cookies may impact the functionality of our Services. For more information on how we use cookies and how you can manage them, please visit our Cookie Policy at >>>>….

13. International Data Transfers

While we primarily operate in the UK, some of our service providers may process data internationally. When we transfer personal information outside the UK or European Economic Area, we ensure appropriate safeguards are in place through standard contractual clauses or other approved transfer mechanisms.

14. Controls for DO-NOT-TRACK Features

Our Services currently do not respond to Do-Not-Track (DNT) signals sent by browsers. If a standard for DNT signals is established in the future, we will update this policy accordingly.

15. Policy for Children's Privacy

Our Services are not intended for individuals under 18 years of age, and we do not knowingly collect data from minors. If you believe that a minor has provided us with personal information, please contact us immediately at info@re-cov.co.uk, and we will take steps to delete the information.

16. Changes to This Privacy Policy

We may update this policy from time to time. The latest version will always be available on our website.

17. Complaints & Contact Information

For matters relating to data protection and privacy, our Data Protection Officer, Mr Matthew Freaney, oversees all compliance aspects. You can reach him at www.re-cov.co.uk or through our office number at 02080808565.

While we hope to resolve any concerns directly, you maintain the right to file a complaint with the Information Commissioner's Office (ICO). We encourage initial contact with our team to address your concerns promptly and effectively.

Website: www.ico.org.uk

Phone: 0303 123 1113

This Privacy Policy undergoes an annual review to maintain alignment with current data protection laws and best practices. Our commitment to protecting your privacy remains paramount in all our operations and service delivery.

RE-COV LTD.

Last Updated: 20th November 2024

This Privacy Policy for RE-COV LTD. ("we", "us", "our") explains how we collect, use, disclose, and safeguard your personal information when you use our services (“Services”), including but not limited to our website www.re-cov.co.uk, mobile applications, devices, or when you interact with us in other related ways such as sales, marketing, or events. By accessing or using our Services, you acknowledge that you have read and understood this Privacy Policy. If you have any questions, please contact us at info@re-cov.co.uk.

1. WHAT INFORMATION DO WE COLLECT?

We collect personal information that you voluntarily provide to us when you purchase memberships or credits, contact us for support or participate in surveys or promotions. This information may include your name, email address, phone number, postal address, and payment details such as card numbers.

We collect and maintain professional information about our Gym Partners necessary for our business relationships. This includes the establishment's name, primary point of contact or ownership details and complete contact information encompassing telephone, email and postal address. We also maintain relevant business metrics such as member count, facility numbers, organisational structure (chain or independent status) and membership pricing information.

For payment processing, we work with secure third-party payment processors like Stripe. We do not store your full payment information on our servers. Instead, our payment partners maintain this sensitive data with industry-standard security measures.

Through your interaction with our Services, we automatically collect technical information about your devices and usage patterns. This includes your device type, model, operating system, browser type and version, IP address, and various interaction data such as access timestamps, pages viewed, features used, and time spent on specific functions. We may also collect location data based on your device settings to enhance service delivery and accessibility.

We maintain logs of error reports and performance data to ensure optimal service quality and troubleshoot any issues that may arise. It's important to note that we do not process sensitive personal information such as racial or ethnic origin, health data, or biometric data as part of our standard Services.

2. WHY DO WE PROCESS YOUR INFORMATION?

Your information is processed for several essential purposes related to providing and improving our Services. At the core of our processing activities is the creation and management of your membership which enables you to access our services seamlessly. We process your data to handle payments and transactions efficiently while maintaining the security of your financial information.

Customer support is a crucial aspect of our service and we process your information to provide timely and effective responses to your inquiries and concerns. We use your contact information to send important service updates and notifications about changes or improvements to our Services that may affect your user experience.

With your consent, we may send promotional communications about special offers, new features, or services that might interest you. We analyse service usage patterns and user behaviour to improve our offerings and enhance the overall user experience. This analysis helps us identify areas for improvement and develop new features that better serve our members' needs.

Security is paramount in our operations, and we process data to maintain the safety of our platform and prevent fraudulent activities. This includes monitoring for suspicious activities and implementing protective measures to safeguard your account.

We also process information to comply with our legal obligations, generate anonymised statistical data for business planning and facilitate device functionality and maintenance. If you participate in our referral program, we process the necessary information to track and reward successful referrals.

3. LEGAL BASES FOR PROCESSING YOUR INFORMATION

Under the UK GDPR, we process your data based on several legal grounds. Contractual necessity forms the foundation for much of our processing, as it enables us to create and manage your membership, process payments, deliver our services and provide customer support. These activities are essential to fulfilling our contract with you and ensuring you receive the services you've requested.

We also process data based on our legitimate interests, which include improving our services, implementing security measures, preventing fraud, conducting business analytics, and performing market research. These activities help us maintain and enhance our services while protecting both our users and our business.

Legal obligations require us to process certain information to comply with tax requirements, maintain business records, and adhere to consumer protection and data protection regulations.

When we rely on consent as our legal basis, such as for marketing communications or non-essential cookies, you have the right to withdraw this consent at any time. Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal.

4. WHEN AND WITH WHOM DO WE SHARE YOUR INFORMATION?

We work with carefully selected third-party service providers to deliver our Services effectively. Our data management infrastructure includes Hubspot for customer relationship management, secure email communications through Gmail and payment processing via Stripe. Your information is stored securely in our MySQL database hosted on Linux GCP, while communication channels include WhatsApp Business and our air landline system, which may record calls for quality assurance purposes.

In situations involving legal obligations or regulatory compliance, your information may be disclosed to relevant authorities. Business transactions such as mergers, acquisitions, or asset sales may also necessitate sharing or transferring data to ensure continuity of services.

5. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

We use both essential cookies necessary for basic functionality and optional cookies for analytics and marketing purposes. You can control non-essential cookies through your browser settings or our cookie preference centre. Blocking certain cookies may impact the functionality of our Services.

For more information on how we use cookies and how you can manage them, please visit our Cookie Policy at >>> ______

6. HOW LONG DO WE KEEP YOUR INFORMATION?

Our data retention policy is structured to maintain information only as long as necessary. When you unsubscribe from our email communications, we ensure your data is deleted within 48 hours. For inactive accounts showing no service usage for 24 months, we initiate automatic data removal. Active users and mailing list subscribers' information is maintained for service continuity, while partner data is retained based on relationship status - 24 months for declined partnerships and ongoing retention for active partnerships.

7. HOW DO WE KEEP YOUR INFORMATION SAFE?

While we take all reasonable steps to protect your information, no system is completely immune to security risks. We promptly investigate and address any potential security incidents and notify affected users as required by applicable law.

8. YOUR PRIVACY RIGHTS

Under UK data protection laws, you have several rights regarding your personal information:

Right to Access: You can request a copy of the personal information we hold about you

Right to Rectification: You may ask us to correct any inaccurate or incomplete information
Right to Erasure: You can request the deletion of your personal information in certain circumstances
Right to Restrict Processing: You may ask us to limit how we use your information
Right to Data Portability: You can request a copy of your data in a machine-readable format
Right to Object: You may object to certain types of processing, including direct marketing
Rights Related to Automated Decision-Making: You can request human intervention in automated decisions that significantly affect you

To exercise these rights, contact us at info@re-cov.co.uk. We will respond to your request within one month, though this period may be extended in complex cases. Some requests may be denied based on legal requirements or legitimate business interests.

9. INTERNATIONAL DATA TRANSFERS

10. CONTROLS FOR DO-NOT-TRACK FEATURES

Our Services currently do not respond to Do-Not-Track (DNT) signals sent by browsers. If a standard for DNT signals is established in the future, we will update this policy accordingly.

11. POLICY FOR CHILDREN’S PRIVACY

12. UPDATES TO THIS PRIVACY POLICY

This Privacy Policy may be updated periodically to reflect changes in our practices, technological advancements, or legal requirements. The latest version will always be available on our website, and updates will be effective upon posting.

13. CONTACT US

For matters relating to data protection and privacy, our Data Protection Officer, Mr Matthew Freaney, oversees all compliance aspects. You can reach him directly at Matthew@re-cov.co.uk or through our office number at +44 20 8050 7077.

Website: www.ico.org.uk

Phone: 0303 123 1113