<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=611528168555467&amp;ev=PageView&amp;noscript=1">

Privacy Policy

RE-COV PHYSIO LTD.

Effective Date: 1 February 2025
Last Updated: 13 January 2026

1. Introduction

RE-COV PHYSIO LTD (“we”, “us”, “our”) is committed to protecting and respecting your privacy.

This Privacy Policy explains how we collect, use, store, and protect your personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable UK laws.

This policy applies when you use any of our services (“Services”), including but not limited to:

  • Our website

  • Physiotherapy consultations (in-person and online)

  • Digital programs, including Built to Run

  • Mobile applications and exercise platforms

  • Gym partnerships and professional services

  • Sales, marketing, and advertising activities

  • Events or other interactions with us

By accessing or using our Services, you acknowledge that you have read and understood this Privacy Policy.

For any questions, contact us at info@re-cov.co.uk.

2. Data Controller

The Data Controller for your personal data is:

Mr Matthew Freaney
RE-COV PHYSIO LTD
71–75 Shelton Street
Covent Garden, London
WC2H 9JQ

📧 info@re-cov.co.uk

3. What Information We Collect

We collect and process the following categories of personal data, depending on the service you use.

A. Personal Identification Information

  • Name

  • Date of birth

  • Email address

  • Phone number

  • Postal address

B. Health & Training Data (Special Category Data)

Depending on the service, this may include:

  • Medical history and pre-existing conditions

  • Injury history and relevant symptoms

  • Physiotherapy assessments and clinical notes

  • Running history and training background (e.g. Built to Run screening questions)

  • Exercise tolerance and relevant health disclosures

This data is collected only where necessary and handled with additional safeguards.

C. Financial & Payment Information

  • Payment details (processed securely via Stripe)

  • Billing address

We do not store full payment card details.

D. Booking, Program & Communication Data

  • Appointment dates and confirmations

  • Program delivery records

  • Email correspondence and support messages

  • Exercise program access and usage data

E. Marketing & Preferences

  • Email subscription status

  • Communication preferences (with opt-out available at all times)

F. Gym Partnership Information

  • Gym name and location

  • Contact details of gym representatives

  • Business metrics (member numbers, pricing structures, organisational details)

G. Technical & Usage Data

  • Device type, browser, operating system

  • IP address and approximate location

  • Access timestamps and pages viewed

  • Interaction and usage data (including analytics)

4. How We Collect Your Data

We collect data in the following ways:

  • Directly from you via forms, questionnaires, purchases, and communications

  • Through online consultations (e.g. Zoom)

  • Through HubSpot forms and CRM systems

  • Through exercise platforms used to deliver programs (e.g. Physitrack)

  • From gym partners during professional discussions

  • Automatically via cookies and tracking technologies

5. Legal Basis for Processing

Under UK GDPR, we rely on the following lawful bases:

  • Contractual necessity – to provide services or programs you purchase

  • Consent – for marketing communications and processing health data where required

  • Legal obligation – to retain records and meet regulatory requirements

  • Legitimate interests – to operate, improve, and secure our services

  • Vital interests – in rare emergency situations involving health and safety

You may withdraw consent at any time.

6. How We Use Your Data

We use your data to:

  • Deliver physiotherapy services and digital programs (including Built to Run)

  • Match users to appropriate exercise programs based on provided information

  • Maintain professional records in line with legal obligations

  • Process payments and manage subscriptions

  • Communicate regarding appointments, programs, and support

  • Improve services and user experience

  • Send marketing communications (only where consented)

7. Digital Programs (Including Built to Run)

For digital products such as Built to Run:

  • We collect limited health and training information to match users to appropriate plans

  • This screening process does not constitute a medical diagnosis or clinical assessment

  • Data is used solely for program delivery and support

  • No health data is shared with advertising platforms

8. How We Store & Protect Your Data

We use GDPR-compliant platforms with appropriate safeguards, including:

Platform Purpose Security Measures
Zanda (Power Diary) Clinical records & bookings Encrypted, GDPR-compliant
HubSpot CRM, forms, digital programs GDPR-compliant, access controls
Stripe Payment processing PCI-DSS compliant
Zoom Online consultations Encrypted
Physitrack Exercise program delivery Secure access controls
Gmail Secure communications Encryption, 2FA

We apply encryption, role-based access, two-factor authentication, and secure infrastructure.
While no system is 100% secure, we act promptly if a data incident occurs.

9. Data Retention

We retain data only as long as necessary:

  • Clinical records:

    • Adults: minimum 8 years after last contact

    • Children: until age 25 (or 26 if treated at 17)

  • Digital program data: retained for service delivery and support

  • Financial records: retained for 7 years

  • Marketing data: deleted within 48 hours of unsubscribe

  • Gym partnership data:

    • Declined: 24 months

    • Active: duration of relationship

10. Sharing Your Data

We do not sell or rent your personal data.

Data may be shared only with:

  • Trusted service providers (HubSpot, Stripe, Physitrack, etc.)

  • Regulatory or legal authorities when required

  • Medical professionals in emergency situations

Health data is never shared for marketing purposes.

11. Advertising & Meta Platforms

We use Meta (Facebook & Instagram) advertising tools.

This may involve:

  • Website tracking pixels

  • Conversion tracking

We do not share health, injury, or screening data with Meta.
All advertising data is processed in accordance with Meta’s own Privacy Policy.

12. Your Rights Under UK GDPR

You have the right to:

  • Access your data

  • Correct inaccurate data

  • Request deletion (subject to legal limits)

  • Restrict or object to processing

  • Withdraw consent

  • Request data portability

  • Request human review of automated decisions

Requests can be made to info@re-cov.co.uk.

13. Cookies & Tracking

We use essential and optional cookies to support functionality and analytics.
You can manage cookie preferences via your browser or our cookie preference tools.

A separate Cookie Policy is available on our website.

14. International Data Transfers

Where data is processed outside the UK/EEA, appropriate safeguards (such as Standard Contractual Clauses) are used.

15. Children’s Privacy

Our Services are not intended for individuals under 18.
If data from a minor is identified, it will be deleted promptly.

16. Updates to This Policy

This policy may be updated periodically.
The latest version will always be available on our website.

17. Complaints & Contact

Data Protection Officer: Mr Matthew Freaney
📧 info@re-cov.co.uk
📞 +44 7356 225826

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

🌐 www.ico.org.uk
📞 0303 123 1113