Privacy Policy

Last updated: April 2026 | Applies to: shockwave-revibe.co.uk

Summary: We collect only the personal and health information we need to provide your treatment. We never sell your data. You have full rights over your information under UK GDPR and the Data Protection Act 2018.

1. Who We Are

Shockwave ReVibe is a medical clinic based in London, UK, specialising in extracorporeal shockwave therapy for musculoskeletal conditions. We are the Data Controller for all personal data collected through this website and during your treatment.

Business name: Shockwave ReVibe Clinic
Address: 22 Notting Hill Gate, London, W11 3JE
Email: care@shockwave-revibe.co.uk
Phone: 0203 004 0564
ICO Registration Number: Z3487278

If you have any questions about this policy or how we handle your data, please contact us using the details above.

2. What Data We Collect

2.1 Personal Data

Full name, date of birth, gender
Contact details: email address, phone number, home address
Appointment booking details and treatment history
Emergency contact information
Payment records (we do not store full card details)

2.2 Special Category (Health) Data

As a medical clinic, we collect and process special category data under Article 9 UK GDPR, including:

Medical history, diagnoses, and medications
Details of the condition being treated
Contraindications and clinical assessment notes
Treatment records, session notes, and progress reports
Consent forms and pre-treatment questionnaires

2.3 Website Data

IP address and browser type (via server logs)
Pages visited, time on site, referral source
Cookie data (see Section 9)
Enquiry form submissions

3. Legal Bases for Processing

We only process your data when we have a valid legal basis under UK GDPR:

Purpose	Legal Basis
Providing clinical treatment and managing appointments	Contract performance (Art. 6(1)(b)) + Explicit consent for health data (Art. 9(2)(a))
Maintaining clinical records	Legal obligation (Art. 6(1)(c)) — healthcare records retention requirements
Communicating about your care	Legitimate interests (Art. 6(1)(f)) + Health treatment necessity (Art. 9(2)(h))
Processing payments	Contract performance (Art. 6(1)(b))
Marketing emails / newsletters	Consent (Art. 6(1)(a)) — you may opt out at any time
Website analytics	Legitimate interests (Art. 6(1)(f)) — we use anonymised data only
Safeguarding and legal claims	Legal obligation / Vital interests (Art. 6(1)(c) / (d))

4. How We Use Your Data

To assess your suitability for shockwave therapy and deliver safe, effective treatment
To manage and confirm appointments (by phone, email, or SMS)
To maintain accurate clinical records for continuity of care
To process payments and issue receipts
To refer you to another healthcare professional where clinically appropriate
To send appointment reminders and post-treatment aftercare instructions
To respond to enquiries submitted via our website contact form
To send marketing communications only if you have opted in
To comply with our legal and regulatory obligations

5. Who We Share Your Data With

We do not sell your personal data. We may share it only in the following circumstances:

Your GP or other healthcare providers — only with your consent or where required for your safety
Payment processors — to process transactions securely (e.g. Stripe, Square)
Booking software providers — to manage appointments (data processing agreements in place)
Email/SMS platforms — to send appointment confirmations and reminders
Legal authorities — where required by law, court order, or to protect the safety of individuals
Professional advisors — accountants and solicitors, bound by confidentiality obligations

All third-party processors are bound by data processing agreements and may only use your data for the specified purpose.

6. Data Retention

We retain your data for as long as necessary for the purpose it was collected, and in line with UK healthcare and legal requirements:

Data Type	Retention Period
Clinical / health records (adults)	8 years from last treatment (NHS Records Management Code of Practice)
Clinical / health records (children)	Until age 25, or 8 years after last treatment — whichever is longer
Appointment and booking records	3 years
Financial / payment records	7 years (HMRC requirement)
Website enquiry form submissions	12 months
Marketing consent records	Until consent is withdrawn + 1 year

After the retention period expires, data is securely deleted or anonymised.

7. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

Right of access — request a copy of the data we hold about you (Subject Access Request)
Right to rectification — ask us to correct inaccurate or incomplete data
Right to erasure — request deletion of your data (subject to legal retention obligations)
Right to restrict processing — ask us to limit how we use your data
Right to data portability — receive your data in a structured, machine-readable format
Right to object — object to processing based on legitimate interests or for direct marketing
Right to withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing

To exercise any of these rights, please contact us at care@shockwave-revibe.co.uk. We will respond within one calendar month as required by UK GDPR. We may need to verify your identity before processing your request.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal and health data, including:

SSL/TLS encryption for all data transmitted via our website
Password-protected and access-controlled clinic management systems
Restricted staff access on a need-to-know basis
Secure storage of physical records (locked filing, limited access)
Regular staff training on data protection and confidentiality

In the event of a data breach that poses a risk to your rights and freedoms, we will notify the ICO within 72 hours and inform affected individuals without undue delay.

9. Cookies

Our website uses cookies to improve your experience. Cookies are small text files stored on your device.

Cookie Type	Purpose	Basis
Essential	Required for the website to function (session management, security)	Legitimate interests — no consent required
Analytics	Understand how visitors use our site (e.g. Google Analytics — anonymised)	Consent
Marketing	Track conversions for advertising (e.g. Google Ads, Meta Pixel)	Consent

You can manage or withdraw cookie consent at any time via our cookie banner or your browser settings. Withdrawing consent for analytics/marketing cookies will not affect your ability to use the site.

10. International Data Transfers

We aim to keep your data within the UK and EEA. Where we use third-party services that transfer data outside these areas (for example, certain cloud software providers), we ensure appropriate safeguards are in place — such as Standard Contractual Clauses (SCCs) or adequacy decisions — in line with UK GDPR Chapter V.

11. Children's Data

We do not knowingly collect data from children under 13 via our website without verifiable parental consent. Where we treat patients under 18, we collect consent from a parent or legal guardian and apply enhanced retention protections to their clinical records (see Section 6).

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The "Last updated" date at the top of this page will reflect any revisions. We encourage you to review this policy periodically. For material changes, we will notify active patients by email.

13. How to Complain

If you are unhappy with how we have handled your data, please contact us first and we will do our best to resolve your concern.

If you remain dissatisfied, you have the right to lodge a complaint with the UK's supervisory authority:

Information Commissioner's Office (ICO)
Website: ico.org.uk
Helpline: 0303 123 1113
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

14. Contact Us

For any data protection queries, Subject Access Requests, or to exercise your rights:

Shockwave ReVibe Clinic
22 Notting Hill Gate, London, W11 3JE
Email: care@shockwave-revibe.co.uk
Phone: 0203 004 0564