Privacy Policy

Last updated Jan 2024

Goal of the Data Protection Policy

The goal of this Data Protection Policy is to provide a comprehensive overview of our commitment to data protection, ensuring compliance with the European General Data Protection Regulation (GDPR) and serving as a basis for statutory data protection inspections.


Starting Point Chiropractic is committed to safeguarding the privacy and security of personal data. This policy outlines our approach to data protection and our commitment to comply with all relevant legal frameworks.

Security Policy and Responsibilities in the Company

  • Define and document data protection goals based on principles and corporate objectives.
  • Identify roles and responsibilities, including representatives, operational data protection officers, coordinators, and data protection team members.
  • Commitment to continuous improvement of the data protection management system.
  • Provide training, sensitization, and obligations for all employees regarding data protection.

Legal Framework in the Company

  • Adhere to industry-specific legal or conduct regulations for handling personal data.
  • Comply with the requirements of internal and external parties.
  • Ensure compliance with applicable laws, including any special local regulations.


  • Conduct internal and external inspections regularly.
  • Determine protection needs concerning confidentiality, integrity, and availability.

Existing Technical and Organizational Measures (TOM)

Implement appropriate technical and organizational measures based on Art. 32 GDPR, including but not limited to:

  • Pseudonymisation (Art. 32 (1) (a) GDPR; Art. 25 (1) GDPR)
  • Encryption (Art. 32 (1) (a) GDPR)
  • Confidentiality (Art. 32 (1) (b) GDPR)
  • Access Control
  • Entry Control
  • Authorization Control
  • Separation Control
  • Integrity (Art. 32 (1) (b) GDPR)
  • Transfer Control
  • Input Control
  • Availability and Resilience (Art. 32 (1) (b) GDPR)
  • Availability Control
  • Resilience Control
  • Recoverability (Art. 32 (1) (c) GDPR)
  • Procedures for Regular Review, Assessment, and Evaluation (Art. 32 (1) (d) GDPR; Art. 25 (1) GDPR)
  • Data Protection Management System
  • Incident Response Management System
  • Data Protection by Design and Default
  • Order Control

Types of Personal Information We Collect

We currently collect and process the following information:

Personal contacts, and characteristics (e.g., name and contact details)

How We Collect and Use Personal Information

Most of the personal information we process is provided directly by you for reasons such as contact purpose and profile setup and marketing purposes.

We use this information to setup patient profile and marketing purposes.

We may share this information with Practicehub, Meta or Google.

Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing this information are: [delete as appropriate]

Your consent. You can withdraw your consent at any time by contacting to us.

  • We have a contractual obligation.
  • We have a legal obligation.
  • We have a vital interest.
  • We need it to perform a public task.
  • We have a legitimate interest.

How We Store Your Personal Information

Your information is securely stored, and we adhere to the strict standards outlined by the General Chiropractic Council (GCC) in their Code for the maintenance of medical records. We are committed to ensuring that your personal information is kept secure and retained only for as long as necessary for the purposes for which it was collected. If you wish to exercise your right to have your data deleted, please contact us at [contact email/phone]. We will promptly respond to your request within [specified time frame]. Upon verifying your identity, we will securely delete your data from our records.