Privacy Policy

Last updated 21 April 2026

Who we are

Tom Astley Physiotherapy ("TA Physio", "we", "our", "us") is a multi-site physiotherapy and sports-rehab practice operating from four clinics in London and Henley-on-Thames. The trading entity is Tom Astley Physiotherapy Limited (registered in England and Wales, Companies House number 09436153). Our data controller contact is info@taphysio.co.uk.

What personal data we collect

  • Contact details you provide when booking (name, email, phone)
  • Medical history and relevant health information required for safe assessment and treatment
  • Clinical assessment notes, range-of-motion and strength measurements, treatment plans, and progress reviews
  • Insurance policy details where you are billing through a UK private medical insurer (Bupa, Cigna, Vitality, WPA, Simply Health, or others)
  • Payment information processed securely via our booking and payments provider
  • Website analytics — only after you accept the consent banner — via PostHog (EU region). We capture page views and clicks on call/booking buttons. We never capture form-input text, names, addresses, or any clinical detail.

How we use your data

Your personal and clinical data is used solely to provide safe physiotherapy and rehabilitation care, for legally required clinical record-keeping, to bill your insurer where applicable, and to keep you informed about your own treatment. We do not sell data, we do not share data with third parties for marketing, and we do not use any clinical material for marketing without your explicit written consent.

Data processors we use

  • Splose — booking, clinical notes, and payments (splose.com). Splose holds your booking history and the clinical record we generate at each visit, under their UK GDPR Data Processing Addendum.
  • Track Rehab — home-exercise programmes (trackrehab.com). When we issue an exercise plan we send your name, email, and the prescribed exercises to Track Rehab; clinical notes and history are not shared.
  • PostHog (EU region) — anonymised website analytics for visitors who accept the consent banner. No clinical or personal data flows to PostHog.

Your rights

Under UK GDPR you have the right to access your data, correct inaccuracies, request deletion (subject to the clinical retention period below), restrict processing, and lodge a complaint with the Information Commissioner's Office. To exercise any right, contact info@taphysio.co.uk.

How long we keep your data

Clinical records are retained for 8 years from the date of your last appointment, in line with HCPC Standards of Conduct, Performance and Ethics. Marketing consent can be withdrawn at any time; withdrawal takes effect within 7 working days. Website analytics data is processed by PostHog Inc. in the EU region (Frankfurt) under their EU Data Processing Addendum and retained for 7 years from collection or until you withdraw consent — whichever comes first.

Changes to this policy

This policy was last updated on 9 May 2026. Material changes will be notified to existing patients by email.