Referred Client Privacy Policy

Who We Are

Sano Physiotherapy Ltd (‘we’ or ‘us’ or ‘our’) gather and process your personal information in accordance with this privacy notice and in compliance with the relevant data protection Regulation and laws. This notice provides you with the necessary information regarding your rights and our obligations, and explains how, why and when we process your personal data.

Sano Physiotherapy’s registered office is at 42 Lidget Hill, Pudsey, Leeds, LS28 7DR and we are a company registered in England and Wales under company number 7418646. We are registered on the Information Commissioner’s Office Register; registration number Z2626574, and act as the data processor when processing your data. Our designated Data Protection Officer/Appointed Person is Marcus Rogers who can be contacted at

Information That We Collect

Sano Physiotherapy Ltd processes your personal information to meet our legal, statutory and contractual obligations and to provide you with our products and services. We will never collect any unnecessary personal data from you and do not process your information in any way, other than as specified in this notice.

The personal data that we may collect is: –

  • Name
  • Date of Birth
  • Home Address
  • Personal Email
  • Home Telephone Number
  • Mobile Telephone Number
  • Health/Medical Information
  • Employer, Job Role and Line Manager

We collect information in the below ways: –

  • Personal information provided by medico-legal/occupational health/other contracted bodies to whom we provide physiotherapy services on a contractual basis
  • Additional information provided by data subjects and/or referring bodies over the phone
  • Face-to-face and remote assessments with data subjects

How We Use Your Personal Data (Legal Basis for Processing)

Sano Physiotherapy Ltd takes your privacy very seriously and will never disclose, share or sell your data without your consent; unless required to do so by law. We will not hold or send your personal data outside the European Economic Area. We only retain your data for as long as is necessary and for the purpose(s) specified in this notice. Where you have consented to us providing you with promotional offers and marketing, you are free to withdraw this consent at any time.  The purposes and reasons for processing your personal data are detailed below: –

  • We collect your personal data in order to deliver a contracted service and to provide you with allied health professional treatment in line with our contracted referring bodies.
  • If you were referred to us officially and/or under contract by a third party (such as your employer or a medico-legal company) we may be required to provide occasional summary reports and keep them updated on your progress. If you were referred by your employer this may be to your line manager, occupational health team, or HR team (depending on who referred you)
  • We will occasionally send you marketing information where we have assessed that it is beneficial to you as a customer and in our interests. Such information will be non-intrusive and will only be sent on receipt of a double opt-in initial contact form.
  • We may use your data for billing and invoicing
  • We may occasionally use reduced data to perform internal research, statistical analysis and improving our services.
  • We may be required to share your information with regulators (such as the HCPC) when investigating complaints.
If you were referred into our Back in Action UK service:

It is our normal practice to provide your employer with a report giving relevant information about your injury, your fitness for work and your treatment plan. These reports are sent after your first appointment, any change in your work recommendations and after your final appointment.

The proposed content of the report will be discussed with you by the physiotherapists prior to sending the report. As well as discussing the contents of the report you have a right to have a copy of the report.

It is our contractual obligation to notify your employer, who pays for this service, of your attendance or non-attendance.

Anonymised information may be used for clinical audit and research purposes and in service reports to your employer. Please discuss any concerns or objections with your physiotherapist.


Your Rights

You have the right to access any personal information that Sano Physiotherapy Ltd processes about you and to request information about: –

  • What personal data we hold about you
  • The purposes of the processing
  • The categories of personal data concerned
  • The recipients to whom the personal data has/will be disclosed
  • How long we intend to store your personal data for
  • If we did not collect the data directly from you, information about the source

If you believe that we hold any incomplete or inaccurate data about you, you have the right to ask us to correct and/or complete the information and we will strive to do so as quickly as possible; unless there is a valid reason for not doing so, at which point you will be notified.

You also have the right to request erasure of your personal data or to restrict processing (where applicable) in accordance with the data protection laws; as well as to object to any direct marketing from us. Where applicable, you have the right to data portability of your information and the right to be informed about any automated decision-making we may use.

If we receive a request from you to exercise any of the above rights, we may ask you to verify your identity before acting on the request; this is to ensure that your data is protected and kept secure.

Safeguarding Measures

Sano Physiotherapy takes your privacy seriously and takes every reasonable measure and precaution to protect and secure your personal data. We work hard to protect you and your information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures in place, including, but not restricted to: –

SSL certification, TLS encrypted email, restricted access, IT authentication, firewalls, anti-virus/malware, password protected documents, secure off-site backups.

Consequences of Not Providing Your Data

You are not obligated to provide your personal information to Sano Physiotherapy however, as this information is required for us to provide you with our services we will not be able to offer some/all our services without it.

How Long We Keep Your Data

Sano Physiotherapy only ever retains personal information for as long as is necessary and we have strict review and retention policies in place to meet these obligations. We are required under UK tax law to keep your basic personal data (name, address, contact details) for a minimum of 6 years after which time it will be destroyed.

Sano Physiotherapy complies with the Chartered Society of Physiotherapy data retention guidelines in which medical data is required to be kept for the following periods before destruction:


  • Children and Young People
    • Retain until the patient’s 25th birthday or 26th if young person was 17 at conclusion of treatment, or 8 years after death.
  • Mentally disordered persons within the meaning of the Mental Health Act
    • 20 years after the date of last contact between the patient/client/service user and any health/care professional employed by the mental health provider, or 8 years after the death of the patient/client/service user if sooner
  • Maternity records (including all obstetric and midwifery records, including those of episodes of maternity care that end in stillbirth or where the child later dies)
    • 25 years after the birth of the last child
  • All other hospital records (other than non-specified secondary care records)
    • 8 years after the conclusion of treatment or death
  • Records relating to those serving a prison sentence
    • Not to be destroyed.
  • Records relating to those serving in HM Armed Forces
    • Not to be destroyed

Where you have consented to us using your details for direct marketing, we will keep such data until you notify us otherwise and/or withdraw your consent.

Special Categories Data

Owing to the products, services or treatments that we offer, Sano Physiotherapy often needs to process sensitive personal information (known as special category data) about you, to provide you with allied health professional services. Where we collect such information, we will only request and process the minimum necessary for the specified purpose and identify a compliant legal basis for doing so.

Where we rely on contractual obligation to process special categories of data we will obtain your data through a data controller who forwards your data to us in order for us to provide the service that we are contracted to deliver.

Lodging A Complaint

Sano Physiotherapy only processes your personal information in compliance with this privacy notice and in accordance with the relevant data protection laws. If, however you wish to raise a complaint regarding the processing of your personal data or are unsatisfied with how we have handled your information, you have the right to lodge a complaint with the supervisory authority.

Sano Physiotherapy Ltd

Marcus Rogers

42 Lidget Hill


LS28 7DR

T: 03300 41 46 70



Information Commissioner’s Office

0303 123 1113