Privacy and Cookies Policy

Privacy and Cookies Policy

Nutrio Physio & Pilates Limited

Nutrio Physio & Pilates Limited (“we”, “us”, “our”) is committed to protecting your personal information and respecting your privacy. This Privacy and Cookies Policy explains how we collect, use, store and safeguard your personal data when you access our services in person, by phone, SMS, email, via online booking, or through any other correspondence.

Data Controller: Nutrio Physio & Pilates Limited
Registered Address: 594 Brook Street, Broughty Ferry, Dundee DD5 2EA
Email: hello@nutrio-studio.co.uk
Data Protection Lead: Ailsa Bell (hello@nutrio-studio.co.uk)

What personal information do we collect?

We collect personal data during enquiries, bookings, communications, and clinical appointments. This includes personal identifiers (name, DOB, address, contact information), and clinical data such as medical history, examination findings, and treatment notes.

Lawful basis for processing

Our lawful bases under GDPR include:

  • Legitimate interests for appointment handling and administration

  • Consent for marketing communications

  • Provision of health treatment (Article 9(2)(h)) for clinical data

Third-party processors

We use secure GDPR-compliant systems including:

  • Cliniko & Arketa (clinical records)

  • PhysioTec (exercise programmes)

  • Stripe (payment processor)

  • Squarespace (website hosting)

  • Gmail Workspace (email)

  • Google Forms (online forms)

Information security

Measures include:

  • Industry-standard encrypted storage of clinical and personal data

  • Password protection for all devices and systems

  • Staff confidentiality policies

  • Controlled access permissions

  • Monthly secure data backups

  • ICO-compliant data breach procedures

Data breach procedures

We take data breaches extremely seriously.
We follow ICO guidance for reporting data breaches and will notify affected individuals where required.

This includes internal reporting, assessment, and—if necessary—notification to both the ICO and affected clients within statutory timeframes.

Consent for minors

We provide treatment to clients under 16 only with appropriate consent.
For clients under 16, consent must be provided by a parent or legal guardian.

A chaperone will also be requested for all appointments involving minors.

Marketing and consent management

How consent is collected

Consent for marketing communications is collected through an online form at the time of booking.

Withdrawing consent

You may withdraw your consent at any time by emailing our Data Protection Lead:
Email: hello@nutrio-studio.co.uk
Subject line: Withdraw Consent
Please include your full name in the message.

Impact on care

Unsubscribing from marketing will not affect your clinical care or access to services.

How long we keep your data

We retain personal data only for as long as necessary to meet our legal, regulatory, and professional obligations.

Clinical Records

  • Adults (18+): Retained for a minimum of 6 years from the date of last treatment.

  • Children (under 18): Retained until the client reaches age 25 (or for 6 years after the last treatment, whichever is longer).

  • Cases involving pregnancy, litigation or workplace injury: May require extended retention under professional or legal guidance.

After the applicable retention period, records are securely destroyed or permanently anonymised.

Non-clinical records (e.g., enquiries, marketing consents):
Retained only for as long as necessary for the purpose collected or until consent is withdrawn.

Your rights under data protection law

Under UK GDPR, you have the following rights regarding your personal data:

Right of access

You can request a copy of the personal data we hold about you.

Right to rectification

You may request corrections to inaccurate or incomplete information.

Right to erasure (‘right to be forgotten’)

This applies only to non-clinical data.
Clinical records cannot be deleted within required retention periods.

Right to restrict processing

You may request that we limit how your data is used in certain circumstances.

Right to object

You can object to processing based on legitimate interests or to receiving marketing communications.

Right to withdraw consent

Where we rely on consent (e.g., marketing), you may withdraw it at any time without affecting your clinical care.

Right to data portability

You may request that we transfer your data to another provider where technically feasible (e.g., if moving to another physiotherapist).

To exercise any of these rights, contact our Data Protection Lead at:
hello@nutrio-studio.co.uk

If you believe your data has not been handled lawfully, you may also raise a concern with the Information Commissioner’s Office (ICO).

Cookies Policy

1.What are cookies?

Cookies are small text files placed on your device to help our website operate, enhance your browsing experience, and gather information about website performance.

Cookies may be:

  • Strictly necessary

  • Functional

  • Analytical/performance

  • Advertising/targeting (if used)

2. Types of cookies we use

Strictly Necessary Cookies

Required for the basic functioning of our website, such as enabling secure online booking or form submission. These cannot be disabled.

Functional Cookies

Enable enhanced features such as remembering user preferences or improving website usability.

Analytical/Performance Cookies

Used to understand how visitors interact with the site (e.g., pages visited, session duration).
These help us improve content, navigation, and overall user experience.

We typically use tools provided by:

  • Squarespace Analytics

  • Google Analytics (if activated)

Advertising or Targeting Cookies

If Nutrio later uses tools such as Facebook Pixel or Google Ads, these cookies track user activity to deliver relevant adverts.

3. Third-party cookies

Our website may include content from:

  • Instagram

  • Facebook

  • YouTube

  • Google services

These third parties may set cookies and collect data independently.
Nutrio Physio & Pilates does not control these cookies.

4. Managing cookies

You can control cookie settings through your browser by:

  • Blocking or limiting cookies

  • Deleting existing cookies

  • Setting notifications before cookies are stored

Please note:
Blocking all cookies may impact certain website features, including online booking and embedded content.

5. Cookie banner and consent

We ensure that:

  • Non-essential cookies are not activated until consent is provided

  • Users can choose Accept, Reject, or Manage Preferences

  • Consent can be withdrawn at any time

This is in line with ICO guidance on cookie consent.