Request Our Factsheet

Hello, please leave your details below and we'll email you a copy of our 10-point fact sheet.

Data Capture - Fact Sheet

Request Our Brochure

For more details about what we do and how we work and how we can help your clients overcome pain, leave your details here and we will email you a copy of our brochure.

Data Capture Brochure

Reach Out

Reach Out

Make a Referral

Referral Form

About the Client

Assessment Required

About You

Privacy Policy

We respect the privacy of our clients and of everyone who visits our website, www.retrainingpain.co.uk (Our Site).  Retraining Pain Ltd (we /us / our) will only collect and use personal data in ways that are described in this Privacy Notice, and that are consistent with our obligations and your rights under the Data Protection Legislation.

1.Definitions and interpretation

In this Privacy Notice, the following terms shall have the following meanings: 

Client:  means an individual client or prospective client who engages our services or who purchases products from us, or on whose behalf our services are engaged or our products purchased or in relation to whom enquiries are made with a view to us providing those products or services;

Data Protection

Legislation:  means all applicable data protection and privacy legislation in force from time to time in the UK including the UK GDPR; the Data Protection Act 2018 (DPA 2018) (and regulations made thereunder); the Privacy and Electronic Communications Regulations 2003 (SI 2003/2426) as amended and all other legislation and regulatory requirements in force from time to time which apply to a party relating to the use of personal data (including the privacy of electronic communications); and

UK GDPR  means the retained EU law version of the General Data Protection Regulation ((EU) 2016/ 679).

2.Information about us

Retraining Pain Ltd is a limited company incorporated in England & Wales with company number 12711973, whose registered office address is at Heritage Exchange, Wellington Mills, 70 Plover Road, Lindley, Huddersfield, West Yorkshire HD3 3HR.  We are the controller and responsible for your personal data. 

If you have any questions relating to your personal data or this Privacy Notice, you may contact us at admin@retrainingpain.co.uk.

Our Site may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for the way in which they handle personal data. We encourage you to read the privacy policy or privacy notice of every website you visit.

4. Your personal data

Personal data is any information about you that enables you to be identified. Personal data covers your name and contact details, but also information such as identification numbers, electronic location data and other online identifiers.  It does not include data where your identity has been removed (anonymous data).

It is important that your personal data is kept accurate and up-to-date.  If any of the personal data we hold about you changes, please let us know.

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you do not provide that data when requested, we may not be able to perform that contract.  In this case, we may have to cancel a product or service contract you have with us.  We will notify you if this is the case.

5. Your rights in relation to your personal data

Under the Data Protection Legislation, you have the following rights.  More information on how to exercise these rights follows later in this Privacy Notice.

  • The right to be informed about our collection and use of your personal data.
  • The right to access your personal data. 
  • The right to rectify your personal  data if any of it is inaccurate or incomplete.
  • The right to request deletion of your personal data(subject to certain legal requirements) or to withdraw consent to us using it.
  • The right to prevent processing of your personal data.
  • The right to restrict the use of your personal data for particular purposes.
  • The right of portability, enabling you to ask for a copy of your personal data to re-use with another business.
  • Rights relating to automated decision-making and profiling. We do not however use your personal data in this way.
  • The right to lodge a complaint with the Information Commissioner’s Office (ICO) at www.ico.org.uk if you believe your privacy or data protection rights have been breached.  We would always appreciate an opportunity to work with you to resolve any issues or complaints you may have before you approach the ICO.

For more information about our use of your personal data or exercising your rights set out above, please contact us at  admin@retrainingpain.co.uk.

6. What data we collect and how we collect it

Depending upon whether you are simply browsing Our Site or are a Client, we may collect and hold some or all of the personal data set out below.  If you are a Client, your personal data may be provided to us directly, or by a third party funding our services on your behalf (for example an insurance company or solicitor)

Please also see our Cookie Policy on Our Site regarding our use of cookies and similar technologies. 

We collect the following types of personal data:

Contact and Biographical Information: This may include your name, email address, postal address, phone number, and other similar contact details that you provide when contacting us through Our Site, by email or telephone. 

Account Information: If you create an account via Our Site, for example to purchase one of our digital courses or programmes, we may collect information associated with your account, such as your username, password, and profile details.

Payment Information: If you purchase goods or services from us, we may collect payment information, including credit card details, billing address, and transaction history. However, please note that we use a payment processor to collect payments via Our Site and do not store full credit card numbers on our servers.

Communication Data: This includes any correspondence or communication between you and us.

Usage Information: We automatically collect information about your usage of Our Site, including pages visited, time spent on the site, clickstream data, and referring URL, using our analytics software.  This data helps us analyse website performance and user preferences.

Technical Information: We may collect technical information about your device and browser, using our analytics software, including your IP address, browser type and version, device type, operating system, and platform.

Social Media Data: If you interact with our social media pages or use social media features integrated into Our Site, we may collect information from your social media profiles, such as your social media handles and activities.

Cookies and Tracking Technologies: We may use cookies and similar tracking technologies to collect information about your browsing behaviour and preferences. For more details, please see our Cookie Policy.

Client information: If you are a Client, we may collect (in addition to the data set out above) your date of birth, GP details, the type of service you require and your case manager details.  We may also collect a copy of your photo identity document (such as a passport or driving licence), your gender, marital status and employment history.  If you are self-funded, we may also collect emergency contact details from you.  We collect this information directly from Clients, or from third parties who approach us to provide products or services to Clients, or from employers where relevant.

Sensitive or special category data: If you are a Client, we may collect information relating to your mental and physical health and fitness, including existing or previous medical conditions, but only where (and to the extent that) this is relevant to the services we provide, for example to assess your working capacity. 

Examples of the data we collect under this category includes the reason for your referral to us, the date and type of any injuries sustained by you, any relevant reports, records, assessments and other information relating to your condition and risk information.  This may include x-rays, photographs, medical records and sickness records. 

We may also collect information relating to your race or ethnicity, religious beliefs or sexual orientation, but only if and to the extent that this information is relevant to the services we provide. 

This information may be provided to us by our Clients, by third parties who engage us to provide services to our Clients and by other healthcare professionals.  We do not collect any ‘special category’ or ‘sensitive’ personal data or data relating to criminal convictions and/or offences, or in relation to children. 

Other Information: We may collect additional information not specifically mentioned here with your consent or as required by applicable laws and regulations.

Please note that the exact information collected may vary depending on your interactions with Our Site and the products or services we offer. We only collect information that is necessary for the purposes outlined in this Privacy Notice and as permitted by Data Protection Law.

7. How we use your personal data

Under the Data Protection Legislation, we must always have a lawful basis for using personal data.

We will use your personal data in the following circumstances:

  • to perform a contract with and/ or provide our products or services to our Clients and/ or third parties who have engaged us to provide those products or services to Clients.
  • to provide medical, health and/ or social care services within the meaning of UK GDPR, in particular for the purposes of arranging or providing preventive or occupational medicine, for the assessment of the working capacity of a Client, medical diagnosis, the provision of health or social care or treatment or the management of health or social care services under a contract (including special category and sensitive personal data).
  • where it is necessary for our legitimate interests (or those of a third party), for example:
  • to develop our business
  • to protect the security or integrity of our IT systems
  • to manage our relationship with our referring organisations and/ or our Clients
  • to administer our business
  • to administer or improve Our Site
  • to maintain records for legal and regulatory compliance
  • to maintain or defend legal claims

Note that we will only rely on our legitimate interests to use your personal data if your interests and rights do not override those legitimate interests. 

  • where we need to comply with a legal or regulatory obligation.
  • where you have consented to us using or processing your personal data (for example, by completing our Client documentation disclosing any physical or mental health conditions which are relevant to the services we provide, by consenting to a third party providing that information to us, or by consenting to receiving direct marketing communications from us). You have the right to withdraw consent at any time by contacting us.
  • with your permission and/or where permitted by law, to market our products and/ or services to you.  You will not be sent any unlawful marketing or spam, and you will always have the opportunity to opt-out of marketing communications at any time.

We do not carry out automated decision making or any type of automated profiling.

We will only use your personal data for the purposes for which it was originally collected unless we reasonably believe that another purpose is compatible with those original purposes and we need to use your personal data for that purpose.

If we need to use your personal data for an unrelated or incompatible purpose to that for which it was originally collected, we will inform you and explain the legal basis which allows us to do so.

In some circumstances, where permitted or required by law, we may process your personal data without your knowledge or consent. This will only be done within the bounds of the Data Protection Legislation and your legal rights.

8. Keeping your personal data

We will only process and store our personal data for as long as is necessary taking into account the reasons for which it was first collected.

When deciding what the correct time is to keep the data for, we look at its amount, nature and sensitivity, potential risk of harm from unauthorised use or disclosure, the processing purposes, if these can be achieved by other means, and any legal and regulatory requirements.

We may keep your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation arising out of our relationship.

The law requires us to keep information about our Clients and any third parties who engage us on our Clients’ behalf (including identity, contact and payment information as well as information on the contracts we enter into with our Clients or on their behalf) for tax and regulatory purposes.  If you are a Client, we will keep your records for eight years after you stop being a Client.

In some circumstances, we may anonymise your personal data for research or statistical purposes.  In this case, we may use this information indefinitely without further notice to you.

9. Storing your personal data

The security of your personal data is essential to us.

To protect your personal data, we have put in place appropriate technical and organisational measures, including the following:

  • personal data entered by you on Our Site is secured by SSL (secure socket layer) technology in transit and at rest to improve security.  SSL secures connections and prevents impersonation or stealing of visitors’ information.
  • we only use payment processors that are compliant with PCI-DSS.  If you purchase an online course or programme from us, we will use a payment processor to process your payment.  In these circumstances, sensitive card data is never handled by us. It goes directly to our payment processor’s servers and we do not have access to this information.
  • we store personal data securely, including putting in place access controls, physical security, and secure backup procedures.  Data relating to our Clients and the services provided to them is encrypted and stored securely using Cliniko practice management software.  Please see Cliniko’s Security page for further information as to how it secures our Clients’ data.
  • we collect only the minimum amount of personal data necessary for our purposes.
  • If we are asked to share personal data, we only share the minimum data necessary to achieve the relevant purpose.
  • access to your personal data is limited to those employees, agents, contractors, and other third parties with a legitimate need to know and they are subject to duties of confidentiality.
  • we conduct regular data security audits to identify and address any vulnerabilities.
  • we keep our software, systems, and applications up-to-date with security patches and updates to address known vulnerabilities
  • we have in place procedures for dealing with data breaches.  These include notifying you, acting quickly to identify and limit the breach and any consequences of the breach and/or notifying the relevant authorities where we are legally required to do so.

10. Transferring and sharing your personal data

We may use external third parties to provide systems, technology or support which involves them processing your personal data on our behalf.  For example, we use:

  • Cliniko, to provide our practice management software, including appointment scheduling tools, Client record management and administering payments.  Cliniko’s Privacy Policy and Data Processing Addendum set out how it processes and protects personal data.
  • Mailchimp (provided by Intuit), to provide our email marketing software, and to create, manage and send marketing emails to Clients and other persons who have opted to receive them.   Mailchimp’s Privacy Statement and Data Processing Addendum set out how it processes and protects personal data. 
  • Stripe to administer our payment processes.  When you purchase certain products or services from us via Our Site, the payment information that you provide is encrypted and transmitted directly to Stripe. We do not store your payment information.  The information you input is processed by Stripe in accordance with its Data Processing Addendum.
  • Tresorit to provide us with cloud document storage.  Please see Tresorit’s Privacy and Data Protection Centre for more information on how Tresorit stores and secures personal data on our behalf.
  • Microsoft 365 Office to provide us with Outlook email software.  Outlook uses cloud-based storage provided by Microsoft.  Please see Microsoft’s Data Protection and Privacy Centre for more information on how Microsoft stores and secures your personal data.

Some of these external third parties use physical or cloud storage which is based outside the United Kingdom.  By providing any information, including personal data to us, you consent to such transfer, storage and processing.  Third countries outside the EEA may not have data protection laws that are as strong as those in the UK. We use our best endeavours to select only external third parties that require the same levels of personal data protection that would apply under the Data Protection Legislation, and ensure these levels of protection are contained in the external third parties’ privacy policies and data processing addenda. 

In addition to the third party IT and systems providers referred to above, we may also:

  • share personal data with our network of therapists, associates and case managers in order to provide our products and services to Clients and third party referrers.
  • share personal data with third parties engaged in your care, if you are a Client (including your GP, occupational therapists, physiotherapists, clinical psychologists and other health professionals and service or equipment providers).
  • share personal data where required with Benefits Agencies / the Department of Work and Pensions.
  • where relevant, share personal data with third parties who instruct us on behalf of Clients.
  • in relevant cases, share personal data with other third parties such as those acting on behalf of our Clients, as well as their opponent, insurer and/ or solicitor, in accordance with the Rehabilitation Code 2015.
  • in exceptional circumstances, share personal data (for example with your GP or the emergency services) if we consider that there is a real risk of harm to you or to others.
  • on occasion, share your personal data with our professional advisers such as lawyers, bankers, accountants, auditors and insurers. 
  • share your personal data with HM Revenue & Customs, regulators and other authorities based in the United Kingdom if they request this.
  • transfer your personal data to any new owner, if we sell, transfer, or merge parts of our business or assets.  Any new owner of our business may continue to use your personal data in the same way(s) that we have used it, as specified in this Privacy Notice.
  • be legally required to share certain personal data, which might include yours, if:
    • we are involved in legal proceedings
    • we are complying with legal obligations, for example as regards safeguarding, terrorism, money laundering or drug trafficking
    • we are complying with a court order
    • we are complying with the instructions of a government authority
  • be required to share certain personal data, which might include yours, by a regulatory body, for example in relation to a client complaint or regulatory breach or investigation.

If any of your personal data is shared with a third party, as described above, we will take steps to ensure that your personal data is handled safely, securely, and in accordance with your rights, our obligations, and the third party’s obligations under the law.  We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

We partner with Microsoft Clarity and Microsoft Advertising to capture how you use and interact with our website through behavioral metrics, heatmaps, and session replay to improve and market our products/services. Website usage data is captured using first and third-party cookies and other tracking technologies to determine the popularity of products/services and online activity. Additionally, we use this information for site optimization, fraud/security purposes, and advertising. For more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Statement.

11. Controlling and withholding your personal data

If you have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you may have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact us at admin@retrainingpain.co.uk. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law. If you are a Client and you withdraw your consent, we may not be able to continue to provide our products or services to you or assist with your treatment.

In addition to your rights under the Data Protection Legislation, set out in Section 5 above, when you submit personal data via Our Site, you may be given options to restrict our use of your personal data.  We aim to give you control over our use of your data for direct marketing purposes (including the ability to opt out of receiving marketing emails from us), which you may do by unsubscribing using the links provided.

You may access certain areas of Our Site without providing any personal data. However, to use all features and functions available on Our Site you may be required to submit or allow for the collection of certain data.

You may restrict our use of Cookies. For more information, see our Cookie Policy which is available on Our Site.

12. Accessing your personal data

If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it. This is known as a Subject Access Request.

All subject access requests should be made in writing and sent to the following email address: admin@retrainingpain.co.uk.   Please include “Subject Access request” in the email subject field.

There is not normally any charge for a subject access request, unless your request is ‘manifestly unfounded or excessive’, in which case we may charge an administrative cost.

We will aim to respond to your subject access request within one month of receiving it.  If your request is more complex, more time may be required, up to a maximum of three months.  We will keep you informed of our progress.

13. Our contact details

To contact us about anything to do with your personal data and data protection, please email us at admin@retrainingpain.co.uk.

14. Updates to this Privacy Notice

We may amend or update this Privacy Notice from time to time.  A revised Privacy Notice will be uploaded on Our Site and you will be deemed to have accepted its terms on your first use of Our Site following the revisions.  We recommend that you check this page regularly.

This Privacy Notice was last updated on 8 December 2024