Privacy Policy

Last Updated: 26/07/2025

Aga&Ola Clinic is committed to protecting your privacy and handling your personal information responsibly. This Privacy Policy outlines how we collect, use, store, and protect your data when you visit our clinic, use our services, or interact with our website.

1. Who We Are

Aga&Ola Clinic is a business group of private wellness clinic offering physiotherapy, massage therapy, and related services. We are registered in the UK and comply with all relevant data protection legislation, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. What Information We Collect

We collect the following types of personal information:

A. When You Book or Attend an Appointment:

Full name
Contact details (phone number, email, address)
Date of birth
Emergency contact
Health history and medical information relevant to your treatment
Payment details (securely processed via our payment partners)

B. When You Use Our Website:

IP address
Pages visited and browsing activity (via cookies – see Section 8)
Any information you submit through contact forms

C. If You Apply to Work With Us:

CV and application details
References and professional credentials

3. How We Use Your Information

We use your information to:

Provide safe and effective care tailored to your needs
Contact you about appointments, follow-ups, or clinic updates
Send appointment confirmations and reminders
Process payments and maintain records for accounting purposes
Improve our services and customer experience
Comply with legal and regulatory requirements

We may also contact you with health updates, newsletters, or promotions — but only if you’ve opted in. You can unsubscribe at any time.

4. Lawful Basis for Processing

Under UK GDPR, we process your personal data based on the following lawful grounds:

Consent – when you voluntarily opt into marketing or updates
Contract – when you book and receive our services
Legal obligation – to comply with regulations (e.g., maintaining treatment records)
Vital interests – if emergency contact is required
Legitimate interests – to improve services and protect clinic operations

5. How Your Information Is Stored

We store your data securely on password-protected systems and, where applicable, encrypted cloud-based clinic software that is GDPR-compliant. Only authorised staff members have access to your information.

Paper notes (if used) are stored in locked cabinets within secure clinic premises.

6. Sharing Your Data

We do not sell your information.

We only share your data when necessary, including:

With practitioners involved in your care
With software providers who help us manage bookings and payments (under strict data agreements)
With legal, regulatory, or safeguarding authorities if required
With your GP or other healthcare providers, but only with your consent

7. How Long We Keep Your Data

We retain health records and treatment notes for a minimum of 8 years after your last appointment (or until the age of 25 if treated as a child), in line with professional standards. Other information (e.g., marketing preferences) is reviewed every 2 years or deleted upon request.

8. Cookies and Website Analytics

Our website uses cookies to enhance user experience and gather basic visitor data (e.g., page views, time on site). You can manage cookie preferences via your browser settings.

9. Your Rights

You have the right to:

Access your personal data
Correct or update inaccurate data
Request deletion of your data (where legally permissible)
Object to certain uses (e.g., marketing)
Withdraw consent at any time
Request transfer of your data to another provider

To exercise any of these rights, contact us at: hello@agaandola.co.uk

10. Contact Us

If you have questions or concerns about your data, please contact directly

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):
https://www.ico.org.uk