Privacy Policy

Version Date: 31 May 2026

Who we are

Pelvix Specialist Pelvic Physiotherapy is a private healthcare clinic at Hillcrest, 143 Wellsway, Keynsham BS31 1JA, owned and operated by Megan Jackson (HCPC registered).

For the purposes of UK data protection law (UK GDPR and the Data Protection Act 2018), Megan Jackson is the sole Data Controller for Pelvix. Our associate clinicians are self-employed and deliver care using Pelvix’s clinical systems and under Pelvix’s data governance — they do not hold patient records independently.

We are registered with the UK Information Commissioner’s Office (ICO) under registration number ZB365604.

What this policy covers

This policy explains how we collect, use, store and share personal information about you when you visit our website, make an enquiry, book an appointment, or attend Pelvix for treatment. It also explains your rights under UK data protection law and how to contact us if you have questions.

What information we collect

When you enquire or book an appointment we collect:

Your name, address, date of birth, email address and phone number
Information you provide on our health questionnaire — including symptoms, medical history, medication, lifestyle factors, and details relevant to the reason for your appointment
Your health insurance provider, policy number and authorisation reference (if applicable)
Your GP's name and surgery (if you choose to share this for clinical correspondence)

When you attend an appointment we collect:

Notes about your assessment, treatment and outcomes
Photographs (only with your specific written consent, where clinically useful)
Audio recordings of the consultation, used by our AI-assisted note-taking tool Heidi — see 'How we use AI tools' below
Payment information processed through our payment provider Stripe (we do not see or store your card number)

When you visit our website we collect:

Health data (‘special category data’)

The clinical information we collect is classed as ‘special category data’ under UK GDPR. We treat this information with particular care. We only collect and use it where it is necessary for the provision of your healthcare, and we apply additional safeguards: access is limited to the clinician(s) directly involved in your care and to our Practice Administrator for booking-related tasks.

Our lawful basis for processing your data

We process your personal data on the following lawful bases under UK GDPR:

Article 6(1)(b) — performance of a contract (so we can deliver the appointment and treatment you have booked)
Article 6(1)(c) — compliance with legal obligations (record retention, tax, regulatory)
Article 6(1)(f) — our legitimate interests (running the practice safely and efficiently)
Article 9(2)(h) — provision of health care (this is the lawful basis we rely on for processing your special category clinical data)

How we use AI tools

We use two AI-assisted tools to help us deliver care more effectively:

Heidi — AI-assisted note-taking. During your appointment we use Heidi (Heidi Health) to help write up clinical notes. Heidi processes an audio recording of the consultation to produce a structured summary, which the clinician then reviews and finalises in your medical record. The audio recording is automatically deleted from Heidi within one day. The transcribed clinical information held inside Heidi is automatically deleted after one week. Once your record has been finalised it is stored in your secure clinical record in Cliniko. Heidi is UK-hosted, ISO 27001 and SOC 2 Type 2 certified, and aligned with NHS standards for clinical data handling.
Bonnie — AI receptionist. Initial enquiries to Pelvix may be handled by Bonnie, our AI assistant, who can answer common questions and help with booking. Anything Bonnie cannot answer is escalated to Megan or to our Practice Administrator, and you can always ask to speak to a person. Bonnie is built on the Aeva AI platform (a Cliniko-integrated AI receptionist solution for allied health practices), with Aeva acting as our data processor under a written agreement. Bonnie processes the information you provide to her — typically your name, contact details, and the nature of your enquiry — to route your query appropriately.

Who we share your information with

We share your information with the following categories of recipient, only as necessary for your care or for the running of the practice:

Within Pelvix. Your clinician, the wider clinical team where clinically relevant, and our Practice Administrator for booking, billing and enquiries.

Your GP, consultant, or referring clinician. We may send a brief summary of your assessment and treatment to your GP or referring consultant, with your consent.

Your health insurer. If you are claiming on private medical insurance, we share appointment details, treatment information and invoices with your insurer as required to process your claim. We currently work with most major UK health insurers.

Our data processors. These are third-party providers who process your data on our behalf, under written contract and only on our instructions:

Cliniko — our clinical record and practice management system (UK-hosted for UK accounts; see Cliniko's GDPR information at https://help.cliniko.com/en/articles/4792789-how-cliniko-helps-you-comply-with-uk-gdpr and their privacy policy at https://www.cliniko.com/policies/privacy/)
Heidi (Heidi Health) — AI-assisted clinical note-taking (UK-hosted)
Aeva AI — the AI receptionist platform behind Bonnie (Cliniko-integrated)
Peptalkr — email and SMS automation integrated with Cliniko (appointment reminders, recalls, intake forms)
Stripe — payment processing
Google (Workspace, Gmail, Google Analytics 4, Google Tag Manager) — email, scheduling, and website analytics
Cloudflare — content delivery network and website security (proxies visitor traffic to our site)
Our website hosting provider

Where required by law. We may disclose information where we are legally compelled to do so (for example, a court order, or a safeguarding concern that meets the relevant threshold).
We do not sell, rent or share your information for marketing purposes.

International data transfers

Some of the companies we use are headquartered outside the UK. Where this is the case, your data is either stored in the UK by default (Cliniko for UK accounts, Heidi for UK accounts) or is transferred only under appropriate safeguards — UK adequacy decisions, the UK International Data Transfer Agreement, or other lawful transfer mechanisms.

How long we keep your information

We follow the record-keeping retention periods set out by the Chartered Society of Physiotherapy (CSP):

Adult clinical records — retained for 8 years from the date of your last treatment
Records of children and young people — retained until the patient's 25th birthday (or 26th birthday if the last treatment was when they were 17)
Records of patients who have died — retained for 8 years after the date of death

Records relating to financial transactions are retained for 6 years to meet HMRC requirements. Marketing or general enquiry data (where you have not become a patient) is kept for no more than 2 years from your last interaction with us, unless you ask us to delete it sooner.

Your rights

Under UK GDPR you have the right to:

Access the personal data we hold about you (a 'subject access request')
Have inaccurate data corrected
Have your data deleted in certain circumstances (note: we cannot delete clinical records before the legal retention period above has elapsed)
Restrict or object to certain processing
Have your data transferred to another provider (data portability)
Withdraw consent at any time, where we are relying on your consent

To exercise any of these rights please email us at admin@pelvix.co.uk. We will respond within one calendar month, as required by law.

If you are not satisfied with how we have handled a request, you have the right to complain to the Information Commissioner’s Office (ICO) at https://ico.org.uk, by phone on 0303 123 1113, or in writing to the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.

Our website uses cookies to help it function and to give us anonymous insight into how visitors use the site (via Google Analytics 4). On your first visit you will be asked to accept or reject non-essential cookies. You can change your choice at any time via your browser settings. Essential cookies (those needed to make the booking flow and login work) cannot be turned off.

How we keep your information secure

Your information is stored on secure systems run by certified providers (Cliniko, Heidi, Stripe, Google Workspace). Access to clinical records is restricted to the clinicians involved in your care and our Practice Administrator. We use strong passwords, two-factor authentication where available, and we never store clinical information in unsecured locations (unencrypted email attachments, personal devices, etc.). No system can be made completely secure, but we take all reasonable steps to protect your information.

Children and young people

Most of our patients are aged 16 and over, who give their own consent for treatment and for the processing of their personal data.

On occasion we also see young people aged 13 to 15. In these cases we ask for the written consent of a parent or guardian for the appointment and for the processing of the young person’s personal data. Where the young person has the capacity to understand what is involved (Gillick competence), we will also seek their own consent. We do not see patients under the age of 13.

Changes to this policy

We review this policy at least once a year and will update it whenever something material changes in how we handle your information. The ‘last updated’ date at the top of the policy will tell you when the most recent change was made. For significant changes that affect you personally, we will contact you directly.

If you have any questions about this policy, or about how we handle your information, please contact us:

Privacy Policy

Privacy Policy

About Us

Get in touch