Book Now
Book Now

Privacy Policy

Last updated: 24 March 2025

This Privacy Policy explains how Jennifer Barr Chiropractic Ltd, trading as Marylebone Chiropractic Clinic and Ealing Broadway Chiropractic Clinic, collects, uses, and protects your personal information. It applies to visitors of both clinic websites and to patients of our practices.

We are committed to safeguarding your privacy in line with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and guidance from the Information Commissioner’s Office (ICO).

1. Who we are

Data Controller: Jennifer Barr Chiropractic Ltd

  • Marylebone Clinic: The LightCentre, Unit 4, 10 Portman Square, London, W1H 6AZ

  • Ealing Broadway Clinic: Office 8+9, First Floor, Ealing Cross, 85 Uxbridge Road, London, W5 5BW

Email: reception@ealingbroadwaychiropracticclinic.com
Telephone: +44 (0)20 8987 8015

2. What information we collect

We collect and process personal data in three main contexts:

a) Website visitors

  • Contact details you provide (e.g. via forms, email, or phone).

  • Usage data such as IP address, browser type, and pages visited, collected through cookies and analytics.

b) Appointment bookings via JaneApp

  • When you book and pay for an appointment, you are redirected to JaneApp, our third-party booking and payment provider.

  • JaneApp collects your name, contact details, and payment information directly.

  • We only access the information necessary to confirm and manage your appointment. We do not store your payment card details.

c) Patients in clinic

  • When you attend the clinic, we create and maintain health and treatment records (e.g. medical history, consultation notes, care plans).

  • These records are special category data under UK GDPR, processed only as required to provide healthcare.

3. How we use your information

We process personal data to:

  • Provide chiropractic care and manage appointments.

  • Respond to enquiries.

  • Maintain clinical and financial records as required by law.

  • Improve our websites and services using anonymised analytics.

  • Send marketing communications (only if you have opted in).

  • Comply with regulatory obligations.

4. Legal bases for processing

We rely on the following lawful bases:

  • Contract – to provide care and manage appointments.

  • Legal obligation – to retain clinical and financial records.

  • Consent – for marketing emails and optional cookies/analytics.

  • Legitimate interests – to improve services, provided your rights are not overridden.

  • Special category data (health information) – processed under Article 9(2)(h) UK GDPR, as necessary for medical diagnosis and the provision of healthcare.

5. Cookies and analytics

Our websites use cookies to function properly and to improve performance.

  • Essential cookies – required for site security and functionality.

  • Statistics cookies – we use Google Analytics 4 (GA4) to understand how visitors use our websites. Data is anonymised and retained up to 26 months. These cookies only run with your consent.

  • Marketing cookies – may be set by services such as Facebook if you interact with embedded social media features.

You can manage cookie preferences at any time via the banner or your browser. See our Cookie Policy for full details.

6. Sharing your data

We may share your personal data with:

  • Service providers – including IT hosting, website support, and JaneApp (booking and payments).

  • Healthcare professionals – where referral or collaboration is required (with your consent).

  • Regulators or authorities – where legally required.

Where data is transferred outside the UK/EEA (e.g. by Google or Facebook), it is subject to UK GDPR safeguards, such as standard contractual clauses.

We do not sell your data.

7. Data retention

  • Patient records – retained in line with statutory healthcare requirements.

  • Enquiries – typically retained for up to 12 months.

  • Analytics data – retained according to GA4 settings (up to 26 months).

  • Consent records – retained for as long as required by law.

8. Your rights

You have the right to:

  • Access the personal data we hold about you.

  • Request correction of inaccurate or incomplete data.

  • Request erasure of data, where legally permitted.

  • Restrict or object to processing.

  • Withdraw consent at any time (for marketing or cookies).

  • Request transfer of your data (data portability).

  • Lodge a complaint with the Information Commissioner’s Office (ICO).

To exercise these rights, please contact us using the details in section 1.

9. Security

We take appropriate measures to protect your personal data. However, no system is completely secure, and we cannot guarantee absolute security.

10. Children’s privacy

Our websites and services are not directed to children under 13. We do not knowingly collect personal data from children without parental consent.

11. Updates to this policy

We may update this Privacy Policy from time to time. The latest version will always be available on our websites.