Privacy Notice

Ethan Green Sports Therapy

Effective Date: 1 January 2026

1. Introduction

Ethan Green Sports Therapy is a sole trader operating in England & Wales.

This Privacy Notice explains how personal data is collected, used, stored and protected when you:

  • Enquire about services

  • Purchase online sports therapy coaching

  • Book in-person mobile sports therapy

  • Submit health information

  • Communicate via email, phone or video

Ethan Green Sports Therapy is registered with the Information Commissioner’s Office (ICO) as a data controller and complies with UK GDPR and the Data Protection Act 2018.

2. Data Controller Details

Data Controller: Ethan Green Sports Therapy

Location: England & Wales

Contact Email: ethangreen.sportstherapy@gmail.com

3. What Personal Data Is Collected

The following categories of data may be collected:

3.1 Identity & Contact Data

  • Name

  • Email address

  • Phone number

  • Home address (for mobile visits)

3.2 Health & Special Category Data

  • Injury history

  • Medical conditions

  • Medication information

  • Lifestyle and activity information

  • Assessment findings

  • Treatment notes

  • Exercise plans

Health data is classified as “special category data” under UK GDPR.

3.3 Video Data (Online Clients Only)

Clients may upload injury assessment videos via Google Drive for review.

These videos are used solely for clinical assessment.

3.4 Payment Data

Payments are processed via Stripe. Card details are not stored by Ethan Green Sports Therapy.

4. How Your Data Is Collected

Data may be collected via:

  • Email communication (Gmail)

  • Google Forms (health declaration and consent forms)

  • Google Drive (temporary video uploads)

  • Direct communication via phone

  • In-person consultation

  • Stripe payment processing

5. Lawful Basis for Processing

Health data is processed by a health professional providing therapy services and is handled confidentially in accordance with professional standards.

Personal data is processed under the following lawful bases:

5.1 Contractual Necessity

To provide sports therapy services requested by you.

5.2 Legitimate Interests

To manage business operations, scheduling, communication and record keeping.

5.3 Healthcare Provision (Article 9(2)(h))

Health data is processed for the purposes of preventive or occupational medicine and the provision of healthcare.

5.4 Explicit Consent

Where required, explicit consent is obtained prior to processing health information.

6. How Your Data Is Used

Your data is used to:

  • Deliver sports therapy services

  • Conduct injury assessments

  • Design rehabilitation programmes

  • Maintain clinical records

  • Communicate regarding appointments

  • Process payments

  • Comply with legal and insurance obligations

Your data is never sold or used for unrelated marketing purposes.

7. Data Storage & Security

Reasonable technical and organisational measures are in place to protect your data.

7.1 Clinical Notes

Stored digitally within a password-protected iPad using iCloud Drive with encryption and two-factor authentication enabled.

7.2 Email Communication

Stored via Gmail with password protection and two-factor authentication enabled.

7.3 Health Forms & Video Uploads

Collected and stored within Google Forms and Google Drive under secure, password-protected access.

7.4 Phone Contact Storage

Client phone numbers may be stored on a password-protected mobile device for communication purposes only.

Health information is not stored within phone contact notes.

8. Video Retention Policy (Online Clients)

Injury assessment videos uploaded for online coaching are:

  • Reviewed for clinical purposes

  • Documented within written clinical notes

  • Deleted within 30 days of review

Videos may be retained longer only where clinically necessary or required for safeguarding or legal reasons.

9. Data Retention Periods

  • Clinical records: minimum 7 years following the end of services

  • Enquiry emails (non-clients): up to 12 months

  • Assessment videos: deleted within 30 days (unless clinically required)

  • Payment records: retained in accordance with HMRC requirements

Data is securely deleted when no longer required.

10. Data Sharing

Personal data may be processed by trusted third-party providers, including:

  • Apple (iCloud storage)

  • Google (Gmail, Forms, Drive)

  • Stripe (payment processing)

These providers act as data processors and maintain appropriate security safeguards.

Data is not shared with third parties unless:

  • Required by law

  • Necessary for safeguarding

  • Requested by you (e.g. referral to GP)

11. International Transfers

Some service providers (e.g. Google, Apple, Stripe) may store data outside the UK.

Where this occurs, appropriate safeguards are in place in accordance with UK GDPR requirements.

12. Your Rights

Under UK GDPR, you have the right to:

  • Access your personal data

  • Request correction of inaccurate data

  • Request erasure (where legally permissible)

  • Restrict processing

  • Object to processing

  • Data portability (where applicable)

  • Withdraw consent where consent is relied upon

Requests may be made via email.

13. Complaints

If you are dissatisfied with how your data is handled, you have the right to lodge a complaint with:

Information Commissioner’s Office (ICO)

www.ico.org.uk

14. Changes to This Privacy Notice

This Privacy Notice may be updated from time to time. The latest version will always be available on the website.