top of page

Privacy Policy

Axen Clinics Ltd (“we”, “us”, “our”) is committed to protecting and respecting your privacy. This policy explains what personal information we collect about you, how we use it, who we share it with, and the rights you have over your information.

We are a chiropractic practice and the information we hold about our patients includes health data, which is treated as a “special category” of personal data under UK data protection law. We take our responsibility to safeguard this information seriously.

This policy is written to comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

​

1. Who we are

Axen Clinics Ltd is the “data controller” responsible for your personal information. This means we decide how and why your information is used.

  • Registered name: Axen Clinics Ltd

  • Company number: 16474734 (registered in England and Wales)

  • Registered and clinic address: Unit 19, Hertfordshire Business Centre, Alexander Road, London Colney, St Albans, AL2 1JG

  • Email: axenclinics@gmail.com

  • Phone: 07342 789446

If you have any questions about this policy or about how your information is handled, please contact us using the details above. For data protection matters, please mark your message for the attention of the practice principal, Prasaanth Manohar (MChiro, GCC registered 04873).

​

2. Information we collect about you

We collect and process the following types of personal information:

  • Contact and identity details - your name, date of birth, postal address, email address, telephone number, and emergency contact details.

  • Health information - your medical history, current symptoms, the reason for your visit, examination findings, diagnosis, treatment provided, treatment plans, exercise plans, progress notes, and any relevant information about your GP or other healthcare providers. This is “special category” health data.

  • Appointment and payment records - records of appointments booked, attended, cancelled, or missed, and the fees paid. We do not store your full card or bank details.

  • Communications - messages and emails you send us, including correspondence relating to appointments and exercise plans.

  • Website information - when you visit our website, limited technical information may be collected by our website provider (see section 6).

You provide most of this information directly, for example when you book an appointment, complete an intake form, or attend a consultation. Some information may be provided on your behalf by a person who has referred you, with your knowledge.

3. How and why we use your information

We only use your personal information where the law allows us to. The main reasons we use your information, and the lawful bases we rely on, are:

  • To provide your care - to assess your condition, provide chiropractic treatment, and create exercise and treatment plans. For health information, we rely on the basis that processing is necessary for the provision of healthcare and treatment (Article 9(2)(h) UK GDPR).

  • To manage appointments and records - to schedule, confirm, change, and remind you of appointments, and to maintain accurate clinical records. We rely on our legitimate interest in running the practice and on our legal obligation to keep proper patient records.

  • To process payments and meet accounting obligations - to take payment for treatment and keep accurate financial records, which we are legally required to do.

  • To communicate with you - to respond to your questions and send you information relevant to your care, such as exercise plans. We rely on our legitimate interest in communicating with our patients.

  • To meet legal and regulatory duties - to meet our obligations to the General Chiropractic Council and other regulators, to handle complaints, to defend legal claims, and to comply with the law.

We will only send you marketing communications (such as newsletters, offers, or general practice updates that are not directly related to your care) if you have given us your specific, opt-in consent to receive them. You can withdraw that consent at any time by contacting us or by using the unsubscribe option in any marketing message. We do not currently send marketing communications, but this section will apply if we begin to do so in the future.

4. The legal basis for processing health data

Health data requires an additional condition for processing under the UK GDPR. We rely on Article 9(2)(h) - processing necessary for the provision of health treatment and the management of healthcare services - carried out by, or under the responsibility of, a professional who is subject to a duty of confidentiality. Where we rely on consent for a specific purpose (for example, marketing), we will make that clear and ask for it separately.

5. Who we share your information with

We do not sell your personal information. We only share it where necessary, and we make sure appropriate safeguards are in place. We may share your information with:

  • Cliniko - we use Cliniko, a practice management system, to store patient records, manage intake forms, schedule appointments, and send patient communications such as exercise plans. Cliniko acts as a “data processor” on our behalf under a contract that requires it to keep your information secure.

  • Our website provider - our website is hosted by Wix, which may process limited technical information about visitors to our website on our behalf.

  • Other healthcare providers - with your knowledge and where appropriate for your care, we may communicate with your GP, hospital, or other healthcare professionals involved in your treatment.

  • Regulators, insurers and advisers - we may share information where we are legally required to do so, for example with the General Chiropractic Council, our insurers, our professional advisers, or regulatory and law enforcement bodies.

Some of our providers may store or process information on servers located outside the UK. Where this happens, we take steps to ensure your information receives a level of protection consistent with UK data protection law, for example through approved contractual safeguards.

6. Our website

When you visit axenclinics.com, our website provider may collect limited technical information, such as your IP address and details of how you use the site, and may use cookies or similar technologies. This helps the website function and lets us understand how visitors use it. You can control cookies through your browser settings. Our website may also offer online booking; any details you submit through booking are handled in line with this policy.

7. How long we keep your information

We keep your information only for as long as necessary:

  • Adult patients - we retain clinical records for 8 years after the date of your last treatment.

  • Patients who were under 18 when treated - we retain clinical records until the patient’s 25th birthday, or until their 26th birthday if the last treatment was given when they were 17, or for 8 years after the last treatment - whichever is longer.

  • Financial records - we keep financial records for at least 6 years to meet HMRC and company law requirements.

Once information is no longer needed, it is securely deleted or destroyed.

8. How we keep your information secure

We take appropriate technical and organisational measures to protect your personal information against unauthorised access, loss, or misuse. These include storing clinical records within a secure, access-controlled practice management system, limiting access to information to those who need it for your care, and keeping any physical records securely. While we take security seriously, no method of storage or transmission is completely secure, and we cannot guarantee absolute security.

9. Your rights

Under data protection law, you have a number of rights over your personal information. You have the right to:

  • Access - ask for a copy of the personal information we hold about you.

  • Rectification - ask us to correct information that is inaccurate or incomplete.

  • Erasure - ask us to delete your information in certain circumstances, although we may be required to keep clinical records for the retention periods set out above.

  • Restriction - ask us to limit how we use your information in certain circumstances.

  • Portability - ask to receive certain information in a portable format.

  • Objection - object to certain uses of your information, including any future marketing.

  • Withdraw consent - where we rely on your consent, you can withdraw it at any time.

To exercise any of these rights, please contact us using the details in section 1. We will respond within one month. There is normally no charge.

10. Complaints

If you have a concern about how we have handled your personal information, please contact us first so we can try to put things right. You also have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection.

  • ICO — Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

  • Helpline — 0303 123 1113

  • Website — ico.org.uk

​

11. Changes to this policy

We may update this policy from time to time. Any changes will be posted on our website with a revised “last updated” date. We encourage you to review it periodically.

st albans chiropractor

Axen

Clinics

07342 789446

@axenclinics 

Unit 19, Hertfordshire Business Centre, Alexander Rd, London Colney, St Albans AL2 1JG

bottom of page