Privacy Policy

Privacy Notice – Website and Clinical

At The Form Practice we’re committed to protecting and respecting your privacy.

This Policy explains when and why we collect personal information, how we use it, the conditions under which we may disclose it to others and what choices you have. It relates to all our business activities, not just this website.

We may change this Policy from time to time so please check this page occasionally to ensure that you’re happy with any changes. By using our services, you’re agreeing to be bound by this Policy.


Any questions regarding this Policy and our privacy practices should be sent by email to


Date: 07 March 2019

Author: The Form Practice


1. Who are we?

We are The Form Practice, a health clinic in Cambridge. Our website address is:


The Form Practice is a sole trader.


2. How do we collect information from you?

We obtain information about you when you contact us to enquire about our services.

We collect information about you when you complete an online appointment booking or make a booking by phone, email or message.


3. What information do we collect & how is it used?

We collect information to respond to enquiries. We also collect information to allow us to fulfil our obligations to our patients – to fulfil appointments and to make a thorough assessment and diagnosis and keep a record of diagnostic reasoning and treatment. The section 3.0 below outlines what information we collect, and for what purpose.



3.0. Sensitive Data

Medical data is classified as Special Category Data. Our condition for processing this data is to fulfil our healthcare services. This is condition Article 9 2(h).



3.1. Details

The information we collect is your personal contact details in order to make appointments and respond to enquiries, this is to fulfil our contract with you. We also collect and record information about your health so that we can provide you with osteopathic care. We collect this data to fulfil our contract to provide health services to you. We use your email and telephone details to confirm appointments and provide you with information about your care. This is considered a legitimate interest but you are free to tell us you would rather we didn’t contact you. Your health data is considered Special Category data and as such the condition for processing is Article 9 2(h).


We use Cliniko as the provider of our electronic clinic software. We can reassure you that information entered in our online appointment system is handled securely. All your case history information is entered and securely stored with back-ups on the Cliniko system. Access to the system and all our devices are password protected.


From time to time we like to pass on information about health and well-being and the services we offer. Be reassured that we will not use your email or text message for marketing unless you have given us permission to do so. We obtain your consent for this and record it in Cliniko. Mailchimp is used to generate newsletters and therefore will have your name and email address on their server. You can withdraw your consent for receiving marketing at any time.


We have verified that these 3rd party services are GDPR compliant (or are working towards GDPR compliance),and are certified under the EU-US Privacy Shield Framework (or are working towards certification) where these organisations are based outside of the EU.



3.2. Privacy

Your health data is only accessed by your practitioner. Should another practitioner need to see that data they will be subject to our privacy policy. Administrative staff may have access to the Cliniko system but will not be able to see your medical data.
Your data will not be shared without your consent unless there is a legal requirement to do so.



4. Controlling your information


4.0. Health information – your rights

Please help us to keep your information accurate by telling us if there have been any changes.  We will periodically check that your information remains accurate.


You can request to see the data we hold about you. You can also ask for mistakes to be corrected. You can ask to be removed from our marketing lists. You can ask for your notes to take them to another practice.


We are unable to delete the data we hold about you. We have a legal obligation to keep your notes for 8 years or for children until they are 25 years old. After this time we will delete your record so if you come to the clinic again we will start a new record.


If you would like to read Cliniko’s privacy policy you can read it here.


5. Website Privacy



Like many other websites, The Form Practice website uses cookies. When we provide services, we want to make them easy to use, useful and reliable. Where services are delivered on the internet, this sometimes involves placing small amounts of information on your device, for example, computer or mobile phone. These include small files known as cookies.


You can manage these small files yourself.  You can find out how to do this, and learn more about Cookies in general here.


5.1.Our use of cookies

Our website uses cookies. The cookies we use are ‘1st party’ cookies.  We don’t use any ’3rd party’ cookies (these are often used to track behaviour across a range of websites, so targeted advertising can then be applied. We don’t do this!!). The following list outlines exactly what cookies this website uses, and what they are used for:



5.2.Google Analytics

Google Analytics sets cookies to help us accurately estimate the number of visitors to the website and what content is most popular. This helps to ensure that our website is responding to your needs in the best way possible.  Google Analytics sets the following cookies:


__utma (Expiry: 2 years)

__utmb (Expiry: 30 minutes)

__utmc (Expiry: At end of session)

__utmz (Expiry: 6 months)



5.3.WordPress Comments

When you leave a comment on our blog, three cookies are set to store your name, email address and website.  This is so that if you wish to leave another comment, you won’t have to re-type this information. These cookies will last for one year.



5.5.Links to other websites

Our website contains links to other third party sites. The Form Practice is not responsible for the privacy practices within any of these other sites. You should be aware of this when you leave the website and we encourage you to read the privacy statements on other websites you visit.


Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.


These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.



5.6.What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.



6. Security

The Form Practice takes security seriously. In order to protect your information from loss, misuse or unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect. These steps include the following:


– Data minimisation
– Password best practice
– Security best practice concerning devices (PCs, laptops, mobile devices), online accounts, website hosting, physical access and storage
– Staff training and accountability on data protection


A copy of our internal Data Security Policy is available on request.



6.1.Data Breaches

Our Data Security Policy includes a clear process for handling a personal data breach, should one occur. Where appropriate, The Form Practice will promptly notify you of any unauthorised access to your personal information.


7.0. Complaints

If you wish to raise a complaint on how we have handled your personal information, you can contact us directly and we will investigate the matter – Mark Smith (Co-founder) 01954 214473  or email


If you are not satisfied with our response or believe we are processing your personal information not in accordance with the law you can complain to the Information Commissioner’s Office (ICO).