PRIVACY & COOKIE POLICY
Last Updated: 20/03/2025
1. Introduction
Not Just Backs ("we," "our," or "us") is committed to protecting and respecting your privacy. This Privacy & Cookie Policy outlines how we collect, use, store, and share your personal data when you use our website and services, in compliance with the UK General Data Protection Regulation (UK GDPR) and the Privacy and Electronic Communications Regulations (PECR).
2. Who We Are
- Business Name: Not Just Backs
- Registered Company Name: Not Just Backs Limited
- Address: 107 Exeter Street, Salisbury,
SP1 2SF - Email: info@notjustbacks.com
- Phone: 01722421242
3. What Data We Collect
We may collect and process the following types of data:
a) Information You Provide to Us
- Personal Identification Information: Name, email, phone number, and address (e.g., when you fill out a contact form or register for our services).
- Medical Information: Details concerning your medication, treatment, and other health-related information necessary for providing osteopathic care.
- Payment Information: Billing details required for processing payments.
b) Information We Collect Automatically
- Cookies & Tracking Technologies: When you visit our website, we use cookies and similar tracking tools to understand how users interact with our site.
- Device & Browsing Data: Your IP address, browser type, pages visited, and time spent on our site.
c) Information from Third Parties
- Analytics Providers: We may receive anonymized data from services like Google Analytics to improve our website's performance.
4. How We Use Your Data
We use the data collected for the following purposes:
| Purpose | Legal Basis |
|---|---|
| To provide and manage our services | Performance of Contract |
| To communicate with you about appointments | Legitimate Interest |
| To process payments | Performance of Contract |
| To improve our website and services | Consent |
| To send marketing communications (if opted in) | Consent |
| To comply with legal obligations | Legal Obligation |
We do not sell or share your personal data with third parties for marketing purposes without your explicit consent.
5. Cookies & Tracking Technologies
Our website uses cookies to enhance user experience, analyze site performance, and for marketing activities. Cookies fall into the following categories:
a) Essential Cookies
These cookies are necessary for the basic functioning of the website and cannot be disabled.
b) Analytics & Performance Cookies
Used to track site usage and improve functionality.
c) Marketing & Advertising Cookies
Used for targeted advertising and retargeting.
Managing Your Cookie Preferences
You can control your cookie preferences using our cookie consent banner when you first visit the site. You can also:
- Adjust your browser settings to block or delete cookies.
- Opt-out of personalized ads via your browser settings or through third-party tools.
6. Your Rights Under GDPR
You have the following rights regarding your personal data:
- Right to Access: Request a copy of your personal data.
- Right to Rectification: Request corrections to inaccurate data.
- Right to Erasure ("Right to be Forgotten"): Request data deletion.
- Right to Restrict Processing: Request limited use of your data.
- Right to Object: Opt-out of direct marketing at any time.
- Right to Data Portability: Receive your data in a transferable format.
To exercise any of these rights, please contact us at [Insert Contact Email].
7. How We Protect Your Data
We take reasonable security measures to protect your data from loss, misuse, and unauthorized access. These include encryption, secure hosting, and regular security audits.
8. Data Retention Policy
We only keep your personal data for as long as necessary to fulfill the purposes outlined in this policy or as required by law.
- Medical Records: Retained for 8 years following your last appointment, in compliance with legal requirements.
- Contact Information: Retained until you withdraw consent or it is no longer necessary for the purposes collected.
- Analytics Data: Retained for up to 26 months.
9. Sharing Your Data
We may share your data with:
- Service Providers: Third-party companies that perform services on our behalf, such as payment processing and IT support.
- Legal Authorities: When required by law or to protect our legal rights.
10. Changes to This Policy
We may update this policy from time to time. The latest version will always be available on our website.
11. Contact our Data Controller
If you have any questions or concerns about this policy, please contact:
- Email: caz@notjustbacks.com
- Address: 107 Exeter Street, Salisbury,
SP1 2SF
If you believe we are processing your data unlawfully, you have the right to complain to the Information Commissioner's Office (ICO) (www.ico.org.uk).