Our Privacy Policy

Effective Date: 21/08/2025
Midtown Wellness – Covent Garden, London

1. Purpose of This Policy

This Privacy Policy explains how Midtown Wellness collects, uses, and protects your personal and medical information in compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the standards set by the General Osteopathic Council (GOsC).

Your trust is important to us, and we are committed to handling your information lawfully, securely, and confidentially.

2. Information We Collect

When you receive treatment with us, we collect:

  • Personal details: Name, date of birth, address, contact details.

  • Health information: Medical history, symptoms, treatment notes, imaging, reports.

  • Administrative details: Appointment records, billing and insurance information.

3. Why We Collect Your Data

We use your personal and medical information to:

  • Provide safe and effective osteopathic and healthcare treatments.

  • Maintain accurate health records as legally and professionally required.

  • Communicate with you about appointments, treatment, and follow-up care.

  • Issue invoices, receipts, and manage financial records.

  • Share details with your GP, consultant, or insurer where you provide consent, or if required by law.

4. Lawful Basis for Processing

We process your data under UK GDPR on the following bases:

  • Consent – when you agree to treatment and record keeping.

  • Legal obligation – as healthcare practitioners, we are required to keep clinical records.

  • Vital interests – in emergencies, to protect your health.

  • Legitimate interests – to provide and manage healthcare services safely and effectively.

5. Use of Heidi AI and Cliniko

At Midtown Wellness, we use the following systems to manage your clinical records:

  • Heidi AI Transcription System:
    Practitioners may dictate treatment notes during or after your consultation. Heidi transcribes these notes into written form.

    • Heidi uses secure, GDPR-compliant servers within the UK/EU.

    • Notes are reviewed by your practitioner before being finalised.

    • Heidi acts as a data processor on our behalf.

  • Cliniko Medical Record System:
    Once reviewed, your notes are securely stored within Cliniko, our practice management system.

    • Cliniko encrypts and securely stores all records.

    • Only authorised Midtown Wellness practitioners directly involved in your care can access them.

    • Cliniko also acts as a data processor, while Midtown Wellness remains the data controller.

Neither Heidi nor Cliniko use your information for any purpose other than secure processing and storage of your medical records.

6. How We Store and Protect Your Data

  • All records are stored electronically in Cliniko with encryption and password protection.

  • Access is restricted to authorised clinical staff.

  • Paper records (if any) are stored securely in locked cabinets.

  • We follow strict confidentiality policies and regularly review our data security practices.

7. How Long We Keep Your Records

In line with GOsC guidance:

  • Adult records are retained for 8 years after your last appointment.

  • Children’s records are kept until their 25th birthday (or 26th if last treated at 17).

  • Records are securely destroyed after this retention period.

8. Sharing Your Information

We do not share your personal or medical data with third parties except:

  • With your explicit consent (e.g., GP, consultant, insurer).

  • Where required by law (e.g., safeguarding, court order).

  • For billing or insurance purposes.

We will never sell your information.

9. Your Rights

Under UK GDPR, you have the right to:

  • Access your personal and medical records.

  • Request corrections of inaccurate information.

  • Request deletion of data (where legally possible).

  • Restrict or object to processing.

  • Request a copy of your records in a portable format.

Requests should be made in writing to the contact details below. We will respond within 30 days.

10. Contact Us

For any questions about how your data is handled:

Data Protection Officer
Midtown Wellness
7 henrietta Street WC2E 8PS
Email: hello@midtownwellness.co.uk

11. Complaints

If you are concerned about how your data is managed, please contact us first.
You may also lodge a complaint with the Information Commissioner’s Office (ICO):

  • Website: www.ico.org.uk

  • Phone: 0303 123 1113