Patient Privacy Notice

This privacy notice sets out how Johnson Physio processes personal information about you.

Reason for Processing Information

The reason for collecting personal information about you is to provide a healthcare service to you and to manage our accounts.

Types of Information Processed

We process information relevant to the above reason. This information may include:

  • Personal details
  • Family details
  • Lifestyle and social circumstances
  • Goods and services
  • Financial details
  • Employment and education details

We also process sensitive classes of information that may include:

  • Physical or mental health details
  • Sexual life

Who the Information is Processed About

We process personal information about our:

  • Patients
  • Customers and clients
  • Suppliers
  • Business contacts
  • Professional advisors

Who the Information May be Shared With

We will not sell your personal information.

We sometimes need to share the personal information we process with the individual themself and also with other organisations. Where this is necessary we are required to comply with all aspects of the Data Protection Act (DPA).

What follows is a description of the types of organisations we may need to share some of the personal information we process with for one or more reasons.

Where necessary or required we share information with:

  • Healthcare professionals
  • Social and welfare organisations
  • Central government
  • Business associates
  • Family, associates and representatives of the person whose personal data we are processing
  • Suppliers and service providers
  • Financial organisations
  • Current, past and prospective employers
  • Employment agencies and examining bodies

How Long Data Will be Stored for

Healthcare notes are required to be stored for specified lengths of time depending on who they relate to:

  • Adult:  8 years after conclusion of treatment or death
  • Children and young people: 25th birthday or 26th if young person was 17 at conclusion of treatment, or 8 years after death
  • Maternity: 25 years after the birth of the last child

Rights of Subject

You have the right to ask us for copies of the personal information that we hold about you. This request is known as a, ‘subject access request,’ and can be made verbally or in writing. We then have one month to respond to your request.


We are committed to ensuring that your information is secure. We have suitable physical, electronic and procedural policies in place to prevent unauthorised access or disclosure. Johnson Physio complies with the Data Protection Act (1998) and General Data Protection Regulation (GDPR).