LIFE WORKS Osteopathy

Data Processing

Your data: what we store, how we use it, and why.

When you supply your personal details to us before or during a consultation, they are stored and processed for three reasons: 

  1. We have a legal obligation to maintain medical notes in order to provide you with safe and effective treatment. 

  2. Provided we have your consent, we would like to contact you in order to confirm your appointments with us or to update you on matters related to your medical care. Under the GDPR, this is known as Legitimate Interest. 

  3. Again, provided we have your consent, we may occasionally send you general health information in the form of articles, advice or newsletters. This, too, constitutes “Legitimate Interest” under the GDPR. 


We have a legal obligation to retain your records for 8 years after your most recent appointment (or until you are aged 25, if this is longer), but after this period you can ask us to delete your records if you wish. Otherwise, we will retain your records indefinitely in order that we can provide you with the best possible care should you need to see us at some future date. 

Depending on where our consultation was conducted, your records are stored either:

  1. On paper, in locked filing cabinets, and the keys kept in a different location.

  2. Electronically in our practice management system, Cliniko. Cliniko has assured us that they are fully compliant with the General Data Protection Regulations. Access to this data is password protected, with two-step verification required. The password is changed regularly.

  3. If you consulted Mags before she moved the practice to Union Road, your records are stored electronically (“in the cloud”), using Dropbox. Dropbox has assured us that they are fully compliant with the General Data Protection Regulations. Access to this data is password protected, and electronic documents containing personal information are individually password protected. The passwords are changed regularly. 

  4. On our office laptop. This is password-protected, backed up regularly, and the laptop is kept in a locked building when it is not in Mags’ personal possession.

  5. If you have contacted Mags by text message, WhatsApp, or any other messaging service, your mobile number will be stored on her mobile phone. This is password protected and in her possession at all times. 


We will never share your data with anyone who does not need access without your written consent. Only the following people/agencies will have routine access to your data: 

  1. Mags, as your practitioner, in order that she can provide you with treatment.

  2. Cliniko practice management software.

  3. Dropbox, although your information will be password protected.

  4. Gmail, if we have been in direct email correspondence.

All personal data that we hold will be provided by you, or with your consent by other medical practitioners involved in your care. This information may include:

  1. Name, address, telephone number(s)

  2. Date of birth

  3. Email address

  4. Medical history

  5. Medical information provided by third parties (for example, MRI/x-ray/blood test reports)

Your rights in respect to this data processing are as follows:

  1. To access the data, free of charge, within a reasonable short timescale

  2. To rectify errors

  3. To be forgotten (but not to erase medical records)

  4. To restrict processing

  5. To have data shared with other practitioners if you wish it

  6. To withdraw consent 

If you wish to discuss any part of this privacy notice, please do get in touch - we would be delighted to hear from you.