The PH website is operated by the Hurley Group Limited. (‘we’/’us’)

We are committed to protecting and respecting your privacy and confidentiality.

This policy sets out the basis on which any personal data (“Personal Data”, which does not include Sensitive Personal Data as defined hereafter) and sensitive personal data such as health information (“Sensitive Personal Data”) we collect from you, or that you provide to us, will be collected, used, stored, disclosed and otherwise processed by us. Please read the following carefully.

GDPR - General Data Protection Regulation

For the purpose of the Data Protection Act 1998 (the “Act”), the data controller is Hurley Group Limited.



If you use or register with the NHS Booking Application or PH Websites, or if you otherwise provide us with Personal Data, you will be deemed to have given your explicit consent to the collection, use, storage, disclosure and other processing of that Personal Data as described in this privacy policy.


Information we may collect from you

We may collect and process the following personal data about you:

  • Your email address/ contact telephone number, provided to us for the purposes of accessing the websites or Booking App and for sending alerts and messages.
  • If you contact us, we will keep a record of that correspondence.
  • We may also ask you to complete surveys that we use for research purposes that you access and other communication data.
  • Any material you upload to the site, whether photographs, other images or documents.
  • Records of booked cancelled and attended appointments, including locations and the name of the clinician/ therapist delivering care.

We do not collect patient names, date of birth or any clinical records related to delivery of care (Sensitive Personal Data) through the Website or Booking App. Patients are identified through a Unique Patient Identifier.

Patients should use the website or Booking App for administrative purposes only and SHOULD NOT discuss issues related to their personal health or clinical care (Sensitive Personal Data) on the Website or Booking App.

If you are a clinician or therapist delivering care to our patients through the NHS Booking App, please also read the separate section below.


IP addresses

We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information to our advertisers. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual.


Device information

Each time you use our Booking App, we may also collect information about your device. This may include information on the type of mobile device that you are using and its unique device identifier (for example the IMEI number, the device’s mobile number, the MAC address of the device’s wireless network interface or push ID), the mobile operating system that you are using and mobile network information.


Where we store your personal data

The Personal Data (but not Sensitive Personal Data) that we collect from you will be transferred tom and stored at, a destination within the European Economic Area (“EEA”). It will also be processed by staff operating within the EEQ who work for us or for one of our suppliers. Such staff may be engaged in, among other things, the provision of support services. By submitting your Personal Data, you agree to this transfer, storing or processing.

For auditing purposes we also store in our database a record of every appointment booking, but this does not include any Personal Data or Sensitive Personal Data.

Where we have given you (or where you have chosen) a password which enables you to access certain parts of the Website or Booking App, you are responsible for keeping this password confidential. You must not share a password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although we use SSL technology for all communication with the Website, we cannot guarantee the security of any data you transmit to the Website, or for the transfer of your data to the service; any transmission is at your own risk.


Uses made of the information

We use Personal Data held about you in the following ways:

  • To enable you access to the Website and Booking App and to communicate referral codes to you
  • To send you alerts/ notifications/ messages related to treatments referrals or appointment changes
  • For administration and internal operations, including troubleshooting, data analysis, data security, testing, research, statistical and survey purposes.
  • To notify you about changes to the Website or Booking App that may affect you.
  • To ensure that content from the Website or Booking App is presented in the most effective manner for you and for your computer/ device
  • To allow you to participate in the interactive features of our service, when you choose to do so.
  • To notify you about changes to our service

We will never pass your Personal Data or Sensitive Personal Data to a third party for marketing purposes.


Disclosure of your information

We will share the ability to contact/ communicate with you via the website or Booking App with the clinicians/ therapist delivering your care.

We may disclose your personal information (but not your Sensitive Personal Data) to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.

We may disclose your Personal Data (but not your Sensitive Personal Data) to third parties for the purposes of any performance or contract monitoring.

If we or a substantial proportion of our assets are acquired by a third party, or our contract for delivery of clinical services transfers to a third party under NHS commissioning arrangements, the Personal Data (but not Sensitive Personal Data) held by the website or Booking App will be one of the transferred assets.

If we are under a duty to disclose or share your Personal Data (but not your Sensitive Personal Data) in order to enforce or apply agreements; or to protect the rights, property, or safety of ourselves, our patients, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

We may disclose your Personal Data and Sensitive Personal Data to third parties if we are under a duty to disclose or share your Personal Data or Sensitive Personal Data in order to comply with any legal obligation.


Your rights

The Website may, from time to time, contain links to and from other websites. If you follow a link to any of these websites, please note that these websites should have their own privacy policies and that we do not accept any responsibility or liability for those policies. Please check those policies before you submit any Personal Data or Sensitive Personal Data to those websites.


Access to information

You have the right to access information held about you and you can exercise your right of access if you wish. Any such access request may be subject to a fee of £10 to meet our costs in providing you with details of the information we hold about you.


Changes to our privacy policy

Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail.


For clinicians and therapists using the website or app

Over and above what we say to patients and visitors about privacy (as set out above) we will use, process and disclose your personal data in accordance with the DPA.

Your personal data will include:

  • Your facial image/ photo
  • Name
  • Address and contact details
  • Location, using GPS technology
  • Your profile including details of special interests or areas of experience
  • Records of correspondence between you and your patients
  • Any other personal data we may collect from you or otherwise receive from third parties

You are required to notify us promptly of any changes to your personal data.

Our use of your personal data may include:

  • Responding to any queries you may have
  • Contacting you in respect of your registration ad profile on the Website and Booking App
  • Monitoring activity in relation to any agreement between you and us
  • Analysis and research
  • We may monitor your use of our technology, systems and patient personal data for the purposes of record keeping; to establish facts, to establish compliance; to prevent, detect or investigate crime or wrongdoing; to prevent the unauthorised use of our proprietary technology or patient data; to monitor non-compliance with any agreement between you and us.

Clinician and Therapists will comply with the DPA, our privacy policy and other policies and procedures designed to protect patient confidentiality and use of personal patient data as notified to them by us from time to time.

Clinicians and therapists will:

  • Use such personal data only in so far as is necessary for the purpose of carrying out treatments
  • Not disclose personal data unless specifically authorised by us to do so.
  • Comply with our instructions in respect of personal data
  • Not disclose personal data to any third party other than on our written instructions or as required by law.