Home Links Physiotherapy

Privacy Policy

HJY Therapy Ltd trading as Home Links Physiotherapy (Territory UK27)

Last updated: 4th December 2025

This Privacy Policy explains how HJY Therapy Ltd (Company Number 16293433) (“we”, “us”, “our”) collects, uses, stores, and protects personal information when delivering Home Links Physiotherapy services within Territory UK27, in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and all applicable privacy laws.

HJY Therapy Ltd is an independently owned franchisee of Home Links Physiotherapy Franchising Ltd, authorised to operate Home Links Physiotherapy within Territory UK27, covering Croydon, South Croydon, Purley, Sanderstead, Selsdon, Shirley, Addiscombe, Thornton Heath, Norbury, Crystal Palace, Upper Norwood, South Norwood, Penge, Anerley, Beckenham (SE20 areas), Sutton, Carshalton, Wallington, Banstead, Coulsdon, Kenley, Whyteleafe, Caterham, Warlingham, and surrounding areas (see specific postcodes under 'Areas We Serve')

Understanding how we manage your information

At HJY Therapy Ltd trading as Home Links Physiotherapy, we are committed to protecting your privacy and ensuring the security of your personal information. This privacy statement outlines how we collect, use, disclose, and store your data in accordance with UK GDPR regulations and our professional standards.

Company Information

Company Name: HJY Therapy Ltd (Company Number: 16293433) trading as Home Links Physiotherapy

Registered Office: 1 Gemini Court, 42a Throwley Way, Sutton, Surrey, SM1 4AF

HJY Therapy Ltd is an independently-owned franchisee of Home Links Physiotherapy Franchising Ltd and operates under licence to provide services within Territory UK27 (see “Area Served” section below).

Compliance

As a private physiotherapy provider, we commit to complying with the relevant professional standards and legal obligations. We follow guidance from our governing bodies (including regulatory and record-keeping standards) to ensure that your personal and health data are handled correctly and securely.

We also hold registration as a data handler under the Information Commissioner’s Office (ICO).

Information We Collect

The information we collect may include:

  • Your name, address, date of birth, and other personal contact information

  • Disability, ethnicity, gender, occupation, and hobbies

  • Contact information for any medical professionals including your GP or other health and social care professionals

  • Information relevant to your health and any medical condition

  • Treatment that you are receiving or is recommended by us or another medical professional

  • Your personal circumstances which are divulged to us by you or a third party (such as a relative or a carer)

This information is necessary for providing you with physiotherapy services and ensuring your safety and well-being.

Who Collects Information

Information is collected by Home Links Physiotherapy staff and contractors including:

  • Physiotherapists

  • Fitness Professionals

  • Physiotherapy Assistants

  • Administration staff involved in bookings, billing, and client management

How We Use Your Information

Your personal information is used solely for the purpose of providing you with physiotherapy services. This includes:

  • Scheduling and managing appointments

  • Assessing your condition and developing treatment plans

  • Conducting treatment sessions (initial assessments, follow-ups, home visits, etc.)

  • Communicating with other healthcare professionals involved in your care (with consent)

  • Billing, invoicing, and payment processing

  • Maintaining accurate clinical records in compliance with legal and regulatory obligations

Under GDPR, we process your personal data on the following legal basis:

Consent: Where you have given clear consent for us to process your personal data for specific purposes

Contractual necessity: Where processing is necessary for the performance of a contract with you

Legal obligation: Where we have a legal obligation to process your data

Vital interests: Where processing is necessary to protect your vital interests or those of another person

Legitimate interests: Where processing is necessary for our legitimate interests in providing healthcare services

Data Retention and Storage

We do not hold or store paper records about you. Any paper records are uploaded to your electronic record and paper records are immediately securely destroyed.

Should there be a requirement for us to use paper records in the short-term loss of access to electronic records, they are uploaded to electronic records as soon as practical and paper records are destroyed.

We adhere to NHS guidelines for the retention and storage of personal information. Your data will be retained for the minimum duration required for the provision of physiotherapy services and as required by law. Details of the minimum length of time this data is required to be stored can depend on various factors. Details can be found at: NHS Records Management Code of Practice. In most instances this is a minimum of 8 years.

Data Retention Periods:

  • Medical records: Minimum 8 years (per NHS guidelines)

  • Client management system records: As per legal and professional requirements

  • Email communications: 2 years after it was received/sent or until deleted from the mailbox (whichever is later)

  • Exercise prescription data: As per clinical governance requirements

If you begin a new episode of care whilst your records are still within agreed retention periods, then these episodes of care will link, and the retention period will begin again at the end of the current episode.

Once your treatment is completed with us and we no longer need access to your clinical records, any information on our client management systems and electronic record system called Cliniko we will place it into the "archived" area which has restricted access to the team. After the minimum retention period of your data, your information will be either securely disposed of or kept in the archived to a "non-live" area of the electronic system in accordance with GDPR regulations and the NHS Electronic Record System guidelines.

Data Security

We employ robust security measures to protect your personal data from unauthorised access, disclosure, alteration or destruction. This includes encryption, secure access controls, regular system audits, and compliance with professional data-handling standards.

Disclosure of Information

We may share your information with other parties only when necessary and lawful, including:

  • Other healthcare professionals (with your consent)

  • Insurers or third-party funders (with appropriate consent or authorisation)

  • Regulatory bodies or authorities, if legally required

  • Approved third-party systems we use for administration (e.g. client management, billing), provided they are GDPR-compliant

We do not sell your data.

Third-Party Systems

Your data may be stored in our Practice and client management system called Cliniko, our exercise prescription program called Rehab my Patient, and our accounting system called Xero. Additionally, all classes run by us, and information submitted via our website is stored by GoHighLevel.

Each of these systems has its own privacy statement, and we regularly audit them and ensure that they comply with UK GDPR laws and guidelines.

Some data may be hosted by third parties outside the UK, but it is only available to our staff and technical support in the UK.

Third-party system privacy information:

Online Card Payment Systems

We utilise online card payment systems that are securely connected to our bank and accounting system to process payments for our services. These systems adhere to strict security standards to protect your financial information. Your payment details are encrypted and securely transmitted to our bank for processing. We do not store your full payment card details on our servers or in our databases. Our payment systems are compliant with the Payment Card Industry Data Security Standard (PCI DSS) to ensure the highest level of security for your transactions.

Mobile Devices and Phone Numbers

While we do our best not to save your telephone numbers on individual therapists' phones, there are instances where contact with the therapist may be preferred via mobile phone. In such cases, therapists may store your name and number on their phones. We have policies and procedures in place to enhance the security of this information, ensuring that medical information is not provided via phone messaging systems and that your address or further personal details are not stored on therapists' mobile devices.

Your Rights Under GDPR

Under GDPR, you have the following rights regarding your personal data:

  • Right of access: You are entitled to ask for a copy of the information that we hold about you through a subject access request

  • Right to rectification: You can request that we correct any inaccurate or incomplete personal data

  • Right to erasure: You can request deletion of your personal data in certain circumstances

  • Right to restrict processing: You can request that we limit how we use your personal data

  • Right to data portability: You can request that we transfer your data to another organisation

  • Right to object: You can object to certain types of processing

  • Rights related to automated decision making: You have rights regarding automated decision making and profiling

Cookies Policy

Our website uses cookies to improve your browsing experience and provide personalised content. Cookies are small text files stored on your device when you visit our website.

Types of cookies we use:

  • Essential cookies: Required for the website to function properly

  • Performance cookies: Help us understand how visitors use our website

  • Functional cookies: Remember your preferences and settings

You can control and manage cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our website.

Contact Us

To make a request or to have any inaccuracies in your information corrected, please write to us at the address provided below, including:

  • Your full name and address and contact telephone number

  • Details of the specific information you require and any relevant dates

Data Protection Enquiries:

Data Controller:
HJY Therapy Ltd trading as Home Links Physiotherapy
1 Gemini Court, 42a Throwley Way,
Sutton, Surrey, SM1 4AF
Email: [email protected]

Franchisor (for oversight or escalation):
Home Links Physiotherapy Franchising Ltd
Email: [email protected]

If you have any questions about how we handle your personal data, wish to make a subject access request, or request correction, please contact us at the addresses above.

Complaints

If you have any complaints about how we process your personal information or any other matter, please contact us in the first instance via email at [email protected] or by letter to the following address:

The Company Director

HJY Therapy Ltd trading as Home Links Physiotherapy

1 Gemini Court, 42a Throwley Way,

Sutton, Surrey, SM1 4AF

If you remain dissatisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO). You can contact the ICO at:

Information Commissioner's Office

Wycliffe House, Water Lane

Wilmslow, Cheshire, SK9 5AF

Tel: 0303 123 1113

Website: https://ico.org.uk/for-the-public/

Area Served / Franchise Territory

Home physiotherapy services are provided within the officially licensed franchise territory covering the following areas - Croydon, South Croydon, Purley, Sanderstead, Selsdon, Shirley, Addiscombe, Thornton Heath, Norbury, Crystal Palace, Upper Norwood, South Norwood, Penge, Anerley, Beckenham (SE20 areas), Sutton, Carshalton, Wallington, Banstead, Coulsdon, Kenley, Whyteleafe, Caterham, Warlingham, and surrounding areas, in the postcode districts: CR0, CR2, CR3, CR4, CR5, CR6, CR7, CR8, CR9, SE19, SE20, SE25, SM1, SM2, SM3, SM4, SM5, SM6, SM7, SW16.

Changes to This Privacy Statement

We reserve the right to update or amend this privacy statement to reflect changes in our practices or legal requirements. Any updates will be posted on our website and communicated to you as appropriate.

Last updated: 4th December 2025

References

NHS Records Management Code of Practice. Available at: https://transform.england.nhs.uk/information-governance/guidance/records-management-code/records-management-code-of-practice/

Chartered Society of Physiotherapy (CSP) Record Keeping Guidance. Available at: https://www.csp.org.uk/system/files/publication_files/RecordKeepingFINAL_Sara%20Conroy.pdf

UK Government Data Protection Guidance. Available at: https://www.gov.uk/data-protection

Information Commissioner's Office (ICO) - Find out about your rights and data protection and information rights: https://ico.org.uk/for-the-public/

Thank you for entrusting us with your care. Your privacy and confidentiality are of the utmost importance to us.

HJY Therapy Ltd (Company Number 16293433) trading as Home Links Physiotherapy

Registered Office: HJY Therapy Ltd, 1 Gemini Court, 42a Throwley Way, Sutton, Surrey, SM1 4AF

Registered in England and Wales

Ready to Start Your Recovery Journey?

Contact us by phone, or email to speak with an administrator who will arrange a call with one of our qualified physiotherapists to discuss your needs and start your care correctly. Alternatively complete our enquiry form, and we will get in touch.

Subscribe to 'The Link' Newsletter

LOCATIONS

Croydon, South Croydon, Purley, Sanderstead, Selsdon, Shirley, Addiscombe, Thornton Heath, Norbury, Crystal Palace, Upper Norwood, South Norwood, Penge, Anerley, Sutton, Carshalton, Wallington, Banstead, Coulsdon, Kenley, Whyteleafe, Caterham, Warlingham, and surrounding areas.

OPENING HOURS

Monday to Friday, 9:00am–5:00pm

© 2025 HJW Therapy Ltd, trading as Home Links Physiotherapy Croydon & Sutton. Company Number: 16293433. Registered in England and Wales. Registered office: 1 Gemini Court, 42a Throwley Way, Sutton, Surrey, SM1 4AF. All rights reserved.