Privacy Policy & GDPR Statement

Last updated: 22/09/2025

Who I Am

I’m Angelica Drobny, a Health and Care Professions Council (HCPC) registered Physiotherapist, a member of the Chartered Society of Physiotherapy (CSP), and a Chartered Institute for the Management of Sport and Physical Activity (CIMSPA) registered personal Trainer, operating under Beyond Baseline. I provide physiotherapy and health coaching in-person and online, as well as sports massage services.

What Information I Collect

To provide safe and effective care, I may collect the following personal data:

  • Basic details: name, date of birth, address, contact information.

  • Health and medical information relevant to assessment and treatment.

  • Lifestyle, exercise, and wellbeing information you share with me.

  • Payment and billing information (for invoicing and accounting purposes).

How I Collect Information

  • Information you provide directly (via booking forms, assessments, questionnaires, or consultations).

  • Notes I make during or after our sessions.

  • Optional communication via email, phone, or messaging services.

Why I Collect Your Data (Lawful Basis under GDPR)

I collect and store your personal data in order to:

  • Provide safe, appropriate, and effective physiotherapy/health services (legal basis: healthcare provision).

  • Maintain accurate records in line with HCPC and CSP professional standards (legal basis: legal obligation).

  • Communicate with you regarding your appointments, care, and services (legal basis: contract).

  • Where applicable, send updates about my services or resources (legal basis: consent, which you can withdraw at any time).

How Your Data is Stored

  • Clinical notes and sensitive information are securely stored in Splose, a GDPR-compliant practice management system.

  • Only I (the practitioner) have access to these records.

  • Data is encrypted and password-protected, with audit trails for access.

  • No paper notes are used unless in exceptional circumstances, in which case they are securely stored and destroyed once digitised.

How Long Your Data is Kept

  • Adult health records are retained for a minimum of 8 years after the last treatment date, in line with HCPC and CSP guidance.

  • For minors, records are retained until the 25th birthday (or 26th if aged 17 at conclusion of treatment).

  • After this time, data will be securely destroyed.

Sharing Your Information

  • I do not share your data with third parties unless required by law (e.g. safeguarding, court order, or public health reasons).

  • With your explicit consent, I may share relevant information with other healthcare professionals (e.g. GP, consultant, or other therapists) to support your care.

Your Rights Under GDPR

You have the right to:

  • Access the personal data I hold about you.

  • Request corrections if your data is inaccurate or incomplete.

  • Request deletion of your data (where legally permissible).

  • Restrict or object to processing of your data.

  • Data portability (where applicable).

  • Withdraw consent for communications at any time.

To exercise your rights, please contact me at: angelicajdrobny@gmail.com

Cookies & Website Data

  • My website may collect limited information (such as cookies or analytics) to improve browsing experience.

  • You can disable cookies in your browser settings if you prefer.

Complaints

If you have any concerns about how I handle your data, please contact me first.
If unresolved, you have the right to raise a complaint with the Information Commissioner’s Office (ICO): www.ico.org.uk.