Privacy Policy

Last updated: March 2026

1. Who We Are

River Vista Health is the trading name of River Vista Health Ltd, a company registered in England and Wales (company number 15705014). For the purposes of UK data protection law (UK GDPR and the Data Protection Act 2018), River Vista Health Ltd is the data controller for personal data collected through this website.

Contact: info@rivervistahealth.co.uk | 07925 507619

2. What Data We Collect

When you submit an enquiry through our contact form, we collect:

  • Your name
  • Email address
  • Phone number (if provided)
  • Postcode
  • Details of your condition or reason for enquiry (which may include health information)
  • Any other information you choose to include in your message

If you become a patient, we will also hold clinical records including assessment findings, treatment notes and correspondence relevant to your care.

If you have consented to analytics cookies, we also collect anonymised data about how you use this website via Google Analytics (see section 9).

3. Special Category Data (Health Information)

Information relating to your health is classified as special category data under UK GDPR (Article 9). This includes any condition or health details you provide in the contact form or during treatment.

We process special category health data on the following legal bases:

  • Explicit consent — by submitting the contact form and providing health information, you are giving explicit consent for us to process that data to respond to your enquiry.
  • Provision of health or social care — once you become a patient, processing is necessary for the provision of physiotherapy treatment (Article 9(2)(h) UK GDPR).

You may withdraw consent at any time by contacting us, though this will not affect the lawfulness of processing carried out before withdrawal, and may affect our ability to provide services.

4. Legal Basis for Processing

We rely on the following legal bases under UK GDPR Article 6:

  • Consent — for processing enquiry data submitted via the contact form.
  • Contract — for managing appointments, billing and delivery of physiotherapy services once engaged.
  • Legal obligation — for retaining clinical records in line with HCPC and professional guidance.
  • Legitimate interests — for responding to general correspondence and maintaining records of professional interactions.

5. How We Use Your Data

We use your information to:

  • Respond to your enquiry
  • Arrange and manage physiotherapy appointments
  • Deliver and document clinical treatment
  • Issue invoices and manage payments
  • Maintain records as required by our professional and legal obligations

We will not use your data for marketing purposes without your explicit consent.

6. How Long We Keep Your Data

  • Enquiry data (non-patients): deleted within 12 months if no appointment is made.
  • Clinical records: retained for a minimum of 8 years following the last appointment, or until age 25 for patients who were minors at the time of treatment, in line with HCPC and CSP guidance.
  • Financial records: retained for 6 years in accordance with HMRC requirements.

7. Sharing Your Data

We do not sell your personal data. We may share it in the following limited circumstances:

  • Other healthcare professionals — with your consent, where clinically relevant (e.g. your GP or referring specialist).
  • Legal or regulatory obligations — where required by law, court order, or a regulatory body.
  • Third-party processors — we use the following services which may process your data on our behalf:
    • Formspree (formspree.io) — processes contact form submissions and delivers them to us by email. Formspree acts as a data processor. Their privacy policy is available at formspree.io/legal/privacy-policy.
    • Google Analytics — if you have consented to analytics cookies, anonymised usage data is processed by Google. See section 9 for details.

8. Your Rights

Under UK GDPR you have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — request correction of inaccurate or incomplete data
  • Erasure — request deletion of your data, subject to clinical and legal retention requirements
  • Restriction — request that we restrict processing of your data
  • Portability — receive your data in a structured, commonly used format
  • Object — object to processing based on legitimate interests
  • Withdraw consent — at any time, where processing is based on consent

To exercise any of these rights, please contact us at info@rivervistahealth.co.uk. We will respond within one month.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

9. Cookies and Analytics

Cookies are small text files stored on your device. We use the following types:

  • Essential cookies — necessary for the website to function. These do not require your consent.
  • Analytics cookies (Google Analytics) — used to understand how visitors use our website. These are only set with your explicit consent. You may accept or decline analytics cookies using the banner displayed on your first visit. You can change your preference at any time by clearing your browser cookies and revisiting the site.

Google Analytics data is anonymised and does not identify you personally. Google's privacy policy is available at policies.google.com/privacy.

We do not use advertising, profiling or third-party tracking cookies.

10. Data Security

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss or disclosure. Contact form data is transmitted securely via HTTPS. Clinical records are stored securely in line with HCPC standards.

11. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. Any changes will be posted on this page with an updated date. We encourage you to review this policy periodically.