Privacy Notice

Last Updated: May 2026

At Acusport, we take your privacy seriously. Because we handle "Special Category" health data, we am committed to protecting your information using industry-standard security and strict internal protocols.

Who We Are

Acusport is the Data Controller for your personal and health information. You can contact me directly at paul@paul-thompson.co.uk for any data-related inquiries.

What Information We Collect

To provide safe and effective treatments, we collect:

  • Basic Identity Data: Name, date of birth, and contact details.

  • Health Data (Special Category): Medical history, injury details, and session notes (“charts”).

  • Financial Data: Payment history and billing details.

How We Use Your Data (Legal Basis)

Under the UK GDPR, we process your data based on:

  • Contractual Necessity: To manage your bookings and provide the treatments you request.

  • Explicit Consent: For the processing of your health information (collected via our intake form).

  • Legal Obligation: To maintain financial and clinical records for insurance and tax purposes.

How Your Data is Stored & Protected

We use a "Privacy by Design" approach to ensure your data is safe:

  • Booking: We use Booksy to manage appointments. While Booksy facilitates the booking, they also act as a data processor.

  • Clinical Records: All health intakes and clinical notes are stored within a secure Google Workspace environment.

  • Security Measures: Clinical data is stored in a "Private to Owner" vault. We utilize Two-Step Verification (2FA) to prevent unauthorized access, and we have signed a Data Processing Amendment (DPA) and HIPAA BAA with Google to ensure high-level encryption and compliance.

Data Retention

In accordance with UK insurance requirements and professional standards (e.g., FHT/ASUK), we retain clinical records for 7 years following your last treatment. After this period, data is permanently and securely deleted.

International Data Transfers

To provide our services, some data is processed by third-party providers (like Google and Booksy) whose servers may be located in the United States. These transfers are protected by the UK-US Data Bridge (Data Privacy Framework) and Standard Contractual Clauses to ensure your data remains protected to UK standards.

Your Rights

You have the right to:

  • Access a copy of your records (Subject Access Request).

  • Rectify any inaccurate information.

  • Withdraw Consent for marketing or specific data processing at any time.

  • Complain to the Information Commissioner’s Office (ICO) if you feel your data has been mishandled.

Contact

If you have any questions about this notice or how your data is handled, please reach out:

Paul Thompson t/a Acusport
Address: Garstang Natural Health, High Street, Garstang, PR3 1FA
Phone: 07846 412210 Email: paul@paul-thompson.co.uk