Privacy Policy

Last updated: 26/06/2026

This Privacy Policy explains how JMK Osteopathy collects, uses, stores, and protects your personal data. It applies to anyone who visits the website, books an appointment, or receives treatment at our clinics in Beauchief and Todwick, Sheffield.

JMK Osteopathy is run by Josh Kelsall, a registered osteopath with the General Osteopathic Council (GOsC). Josh is the sole data controller for your personal information and is committed to protecting your privacy in line with UK GDPR and the Data Protection Act 2018.

1. Who we are

Data Controller: Josh Kelsall, JMK Osteopathy Clinic locations: 63 Strelley Avenue, Beauchief, Sheffield, S8 0BE / 5 Grange Gardens, Todwick Grange, Sheffield, S26 1JR Contact email: JMKOsteopathy@gmail.com Phone: 07762 869791 Registered with: General Osteopathic Council (GOsC)

2. What data we collect

Depending on how you interact with JMK Osteopathy, we may collect the following:

When you visit the website

  • Cookies and analytics data (e.g. pages visited, browser type, general location)

  • Anonymised information about how you use the site

When you make an enquiry or book an appointment

  • Your name

  • Contact details (email, phone number, address)

  • Reason for booking or general nature of your enquiry

During your appointment

  • Detailed medical history relevant to your treatment

  • Information about your symptoms, medical conditions, medications, and lifestyle

  • Records of treatments provided, advice given, and clinical notes

  • Where appropriate, your GP's contact details

When you pay for treatment

  • Payment information (handled securely by SumUp — JMK Osteopathy does not store card details directly)

If you sign up to receive emails

  • Your name and email address

  • Your preferences about which emails you'd like to receive

3. Why we collect your data and the legal basis

JMK Osteopathy collects and uses your data only where there is a lawful basis to do so:

Purpose Legal basis Booking, providing, and managing your osteopathic treatment Contract (delivery of healthcare services) Holding and managing your medical records Legal obligation (regulatory requirement set by GOsC) Communicating with you about your appointments Contract Processing payments Contract Sending you marketing emails or newsletters Consent (which you can withdraw at any time) Improving the website and its content Legitimate interests Complying with legal, accounting, or regulatory obligations Legal obligation

Sensitive medical information is treated with additional care and is only processed under the specific legal basis allowing healthcare professionals to provide direct care.

4. How we store and protect your data

JMK Osteopathy takes the security of your data seriously.

Paper records Paper notes are stored in a locked filing cabinet at each clinic. Only Josh, as the treating osteopath, has access to the code. Records are filed immediately after each appointment and are never left visible to other patients.

Electronic records Clinical notes, contact details, and appointment information are stored within Cliniko, our practice management system. Cliniko is fully GDPR-compliant and registered with the Information Commissioner's Office. Access is protected by a unique password and the system automatically times out after periods of inactivity.

All devices used to access patient information are protected with passwords or biometric authentication.

Retention periods

  • Adult medical records: retained for 8 years from the date of last treatment

  • Children's medical records: retained until the patient's 25th birthday

  • Marketing email subscribers: retained until you unsubscribe

  • Website analytics: typically retained for 14 months

These retention periods are set in line with guidance from the General Osteopathic Council.

5. Who we share your data with

JMK Osteopathy does not sell your personal data or share it for marketing purposes. We may share your data with the following third parties, only where necessary:

Third party Purpose Cliniko Booking system, appointment reminders, and clinical record storage SumUp Payment processing Brevo Email marketing (only if you have opted in) Squarespace Hosting of the JMK Osteopathy website Google Website analytics Elfsight Display of Google reviews on the website Gmail Email communication

All of these providers are GDPR-compliant and we have reviewed their data handling practices.

We may also share your data where legally required — for example, with the General Osteopathic Council in the event of a regulatory matter, or with healthcare professionals (such as your GP) only with your explicit consent.

6. Cookies

The JMK Osteopathy website uses cookies to help the site function and to understand how visitors use it. You will be presented with a cookie banner the first time you visit, allowing you to accept, reject, or customise which cookies are used.

Essential cookies (required for the website to function) cannot be disabled. Non-essential cookies (such as analytics) will only be set with your consent.

7. Your rights

Under UK GDPR, you have the following rights:

  • Right to be informed — to know what data we hold and why

  • Right of access — to request a copy of your personal data

  • Right to rectification — to have inaccurate data corrected

  • Right to erasure — to have your data deleted, subject to legal retention requirements

  • Right to restrict processing — to limit how we use your data

  • Right to data portability — to have your data transferred to another provider

  • Right to object — to processing for specific purposes such as marketing

  • Right to withdraw consent — at any time, where consent was the legal basis for processing

To exercise any of these rights, please contact JMKOsteopathy@gmail.com. Requests will be responded to within one month.

Please note that your medical records are required to be retained for 8 years (or until a child's 25th birthday) under General Osteopathic Council regulations. During this period your right to erasure of those specific records is limited by this legal obligation.

8. Marketing

You will only receive marketing emails from JMK Osteopathy if you have specifically opted in. Every marketing email includes a clear unsubscribe link. You can also email JMKOsteopathy@gmail.com to be removed from any marketing list at any time.

JMK Osteopathy does not use your data for marketing purposes without your explicit consent.

9. Data breaches

In the unlikely event of a data breach that risks your rights and freedoms, JMK Osteopathy will notify the Information Commissioner's Office within 72 hours and inform affected individuals without undue delay.

10. Complaints

If you have any concerns about how JMK Osteopathy handles your personal data, please contact Josh in the first instance at JMKOsteopathy@gmail.com.

You also have the right to complain directly to the Information Commissioner's Office (ICO):

Information Commissioner's Office Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF Website: ico.org.uk Phone: 0303 123 1113

11. Changes to this policy

This Privacy Policy may be updated from time to time to reflect changes in our practices or in legal requirements. The "Last updated" date at the top of this page will always show the date of the most recent revision. Significant changes will be communicated where appropriate.

12. Contact

For any questions about this Privacy Policy or how your data is handled, please contact:

JMK Osteopathy Email: JMKOsteopathy@gmail.com Phone: 07762 869791