Home About Services Contact Blog
Book here

Privacy Policy for Grounded Wellness Studio

Effective Date: 10/01/2025

At Grounded Wellness Studio (RLO Wellness Ltd), we are committed to protecting and respecting your privacy. This privacy policy explains how we collect, use, store, and protect your personal information in compliance with the UK General Data Protection Regulation (GDPR) and other applicable laws.

1. Data Controller

The data controller responsible for your personal information is:

Rebecca O’Kane
[email protected]

2. Information We Collect

We collect and process the following categories of personal data:

Personal Information

  • Name

  • Date of birth

  • Address

  • Phone number

  • Email address

  • Emergency contact details

Health Information

  • Medical history

  • Health records

  • Details of your current condition and treatment

Payment Information

  • Billing details and payment records

Other Information

  • Communication preferences

  • Consent preferences

  • Any additional information you provide during consultations or through forms

3. How We Use Your Information

We use your personal data for the following purposes:

  • To provide chiropractic care and related health services.

  • To follow up with patients post-appointment for aftercare or satisfaction surveys.

  • To manage your appointments and communicate with you about your care.

  • To comply with legal and regulatory requirements.

  • To process payments and manage billing.

  • To improve our services and ensure patient satisfaction.

4. Legal Basis for Processing

We process your data under the following legal bases:

  • Consent: Consent: When you have given explicit consent for us to process your data for specific purposes (e.g., marketing communications or sharing with other healthcare providers).

  • Contract: To fulfill our obligations in providing you with chiropractic care.

  • Legal Obligation: To comply with applicable laws, including maintaining accurate medical records.

  • Legitimate Interests: To manage and improve our clinic’s operations and services.

5. How We Store Your Data

We take appropriate technical and organizational measures to protect your personal data. This includes:

  • Secure electronic storage systems with encryption.

  • Locked filing cabinets for paper records.

  • Regular reviews of our data security protocols.

We retain your medical records for a minimum of 8 years after your last appointment (or until the age of 25 for minors who were under 18 at the time of their last visit), in accordance with UK healthcare guidelines.

6. Sharing Your Information

We may share your information with:

  • Other healthcare providers involved in your care (with your consent).

  • Regulatory or legal authorities when required by law.

  • Third-party service providers who assist with clinic operations (e.g., billing or IT services). All third-party service providers are contractually required to adhere to GDPR-compliant data protection standards and act solely on our instructions."

Your data will not be shared for marketing purposes without your explicit consent.

7. Marketing and Communication

We respect your preferences regarding marketing and communication. This section explains how we collect, use, and protect your personal data for marketing purposes and how you can manage your preferences.

1. Purpose of Marketing Communications

With your consent, we may use your contact information to send you:

  • Updates about our services, promotions, and special offers.

  • Newsletters or articles related to health and wellness.

  • Information about upcoming events or workshops.

2. Legal Basis for Processing

We process your data for marketing purposes based on your explicit consent, as required by the UK GDPR.

3. Communication Channels

We may contact you via:

  • Email

  • SMS or text messaging

  • Phone calls

We will only use these methods if you have provided your consent.

4. Consent and Opt-Out

You can opt into marketing communications by checking the relevant box on our forms. If you no longer wish to receive marketing messages, you can withdraw your consent at any time by:

  • Clicking the unsubscribe link in our emails.

  • Replying STOP to text messages.

  • Contacting us directly at [email protected].

We will process your request promptly and ensure no further marketing communications are sent.

5. Sharing Data for Marketing

We do not share your personal data with third parties for their own marketing purposes. However, we may use third-party services to assist with communication (e.g., email platforms or SMS providers). These providers are bound by strict data protection agreements to ensure your information is secure.

6. Your Rights

Under GDPR, you have the right to:

  • Access the personal data we hold about you, including marketing preferences.

  • Update or correct your contact information.

  • Withdraw consent for marketing communications at any time.

To exercise any of these rights, please contact us at [email protected].

8. Your Rights

Under the GDPR, you have the following rights:

  • Access: Request a copy of the personal data we hold about you.

  • Rectification: Request corrections to any inaccurate or incomplete data.

  • Erasure: Request deletion of your data (subject to legal retention requirements).

  • Restriction: Request limits on how we process your data.

  • Data Portability: Request transfer of your data to another provider.

  • Objection: You have the right to object to the processing of your data for purposes such as direct marketing or automated decision-making.

  • Withdraw Consent: Withdraw your consent where it is the basis for processing.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one month, as required by GDPR.

9. Cookies and Website Data
Our website may use cookies and similar technologies to improve user experience, analyze website performance, and gather anonymous analytics data. For more information about how we collect and use website data, including your rights regarding cookies, please refer to our Website Privacy Policy. 

10. Children’s Data

We are committed to protecting the privacy of children under the age of 18. If you are a parent or guardian and provide consent for your child’s care, we will process and retain their personal and health information in accordance with this privacy policy. For children under 16, we require parental or guardian consent before collecting or processing their data, except in cases where consent is not required by law.

11. Complaints

If you have concerns about how we handle your data, please contact us first at [email protected]. If you are not satisfied with our response, you can lodge a complaint with the Information Commissioner’s Office (ICO):

Website: https://ico.org.uk
Phone: 0303 123 1113
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

12. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. The latest version will always be available in-clinic. 

13. Contact Us

If you have any questions about this privacy policy or how we handle your data, please contact us:
[email protected]