Privacy Policy (GDPR Compliant)

The Basics First Osteopathy

At The Basics First Osteopathy, I take your privacy seriously and comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This Privacy Policy explains how I collect, use, store, and protect your personal information across all services — including osteopathy, exercise rehabilitation, online coaching, consultations, and website interactions such as newsletter signups or free resource downloads.

1. Data Controller

The Data Controller is:

Fabio Masini
Trading as The Basics First Osteopathy
Based in London, UK
📩 Email: info@thebasicsfirst.com

2. Data I Collect

Depending on how you interact with my services, I may collect:

For clinical or health-related services:

Full name and contact details
Date of birth
Relevant medical history and clinical notes
Assessment findings and treatment records
Booking and payment details (processed securely via third-party providers)

For online services and website interactions:

Name and email address
Coaching questionnaire responses
Basic website analytics (IP address, browser type, pages visited via cookies)

3. Legal Basis for Processing

Your data is processed in line with GDPR under:

Article 6(1)(b) – Contractual necessity (appointments, coaching services)
Article 9(2)(h) – Healthcare provision (osteopathy and rehab services)
Article 6(1)(a) – Consent (newsletters, free resources, marketing)

4. Why I Collect This Data

Your information is used to:

Provide safe and effective treatment or coaching
Maintain accurate healthcare and service records
Contact you regarding bookings or service updates
Send educational or marketing content only if you consent

4a. Marketing Communications Consent

If you subscribe to free resources or newsletters, I will send occasional training tips, health guidance, and service updates.
You can unsubscribe at any time by clicking the link in any email or contacting me at info@thebasicsfirst.com.
I never sell or share your data for marketing purposes.

5. Data Storage & Security

Your data is stored securely:

Electronic records are encrypted and password-protected
Paper records (if used) are stored securely
Data is never shared without your consent unless required by law (e.g. safeguarding)

6. Third-Party Processors

I may use trusted GDPR-compliant platforms such as:

Stripe or PayPal (payments)
MailerLite (email newsletters)
Online booking systems

These services have their own privacy policies and security measures.

7. Cookies & Website Tracking

This website uses essential cookies to function properly. Analytics cookies may be used with your consent. You can disable cookies anytime in your browser settings.

8. Data Retention

Clinical records: 7 years after your last appointment (or until age 25 for minors)
Coaching records: up to 7 years
Marketing data: kept until you unsubscribe or request deletion

9. Your Rights

Under GDPR, you have the right to:

Access your data
Request corrections
Request deletion (where applicable)
Withdraw consent
File a complaint with the ICO: www.ico.org.uk

10. Contact

If you have questions about this Privacy Policy or your data rights, you can contact me at:
📩 info@thebasicsfirst.com

11. Policy Updates

This policy may be updated periodically to reflect changes in services or legislation. The latest version will always be available on this website.