Skip to main content

Privacy policy

The Data Protection ACT 1998 and General Data Protection Regulation (GDPR) set out requirements for the use and processing of your data. The following explains how your data will be used and our compliance with legislation. Totus Neurorehabilitation Ltd acts as a data processor in line with definitions in the General Data Protection Regulations. We have an appointed Data Protection Officer.
For all queries relating to Data Protection please contact Totus Neurorehabilitation Ltd on or call 07868 505269.

Lawful Processing of data

Totus Neurorehabilitation Ltd is registered with the Information Commissioners Office (ICO) to holds data relevant to the service we provide. Personal data is held under GDPR for the following reasons:
  • Contract – the processing of your data is necessary to fulfil therapy services offered.
  • Legal Obligation – the processing of your data is necessary to meet the legal obligations related to your compensation claim.
We use data to plan and implement the service, and to improve service delivery and effectiveness. We use data to support compliance with all regulatory requirements. We use personal data to maintain staff and beneficiary safety. We use data for marketing and promotion of Totus Neurorehabilitation Ltd.
We are not involved in the large-scale processing of personal data. Personal data is used only to provide a dedicated service.

Data that we collect

Where we are requested to provide a service to a patient (beneficiary) we may collect and process the following information about the beneficiary and (with their consent) significant others such as relatives or litigation friend:
  • Full Name
  • Date of Birth
  • Gender
  • Address
  • Home or mobile telephone number
  • Occupation
  • Clinical records relating to the content of therapy sessions completed
We will collect and process sensitive medical and personal information about the beneficiary in order to provide clinical therapy services, this may include:
  • NHS Number
  • Hospital number
  • Medical records
  • Medico-legal documents
  • GP details
We will collect and process details of third parties involved in the beneficiary’s care (for example family members, Case Managers, Insurer, Solicitor, Case Manager, other health care professionals) including:
  • Full Name
  • Profession
  • Work address
  • Work telephone number
  • Financial details
  • Contracts relevant to the service offered
We may collect video footage and photographs for clinical purposes, however, these will be collected following signed consent from the beneficiary.
By providing personal information relating to the beneficiary directly to Totus Neurorehabilitation Ltd, you are agreeing to the processing of that information for the purposes for which it was given.

Sharing of the Data we collect

The data collected will only be shared with the explicit agreement of the individual. In the case of the beneficiary the sharing of clinical information with third parties will only be completed with signed consent, which can be withdrawn at any time. The exceptions to this consent include:
  • Risk of harm to self or others
  • Legal compliance as ordered by a court or tribunal


We are required to inform you of sub-processors that we use in the processing and storage of your data. The sub-processors we use and location of their privacy policies are:
Google mail and G-Suite –

Data Processing Safeguards

In line with GDPR the Totus Neurorehabilitation Ltd data protection policy is available on request. This details our process in the event of a data breech. Our data protection risk assessment is reviewed yearly. All Associate therapists must be registered with the Information Commissioners Office and are expected to abide by GDPR. We only use software from accredited sources.

Right to Access, Erasure, Correction and Transfer

Individuals have the right to request access to their records; this is called a subject access request. A subject access request can be made by email to As health professionals we hold the right to withhold access if we believe that access would cause harm. In such circumstances we would make reasonable effort to discuss this with the individual and approach the request within a best interests framework.
Individuals have the right to request erasure and correction of their data, or transfer to another data controller. This request can be denied if the data relates to your health care, such requests will be managed on a case by case basis.
We do not sell data to other recipients, we do not transfer data outside of the UK.

Retention Period

The retention period for clinical therapy records is 7 years from the completion of treatment. At this time all records, paper and electronic will be destroyed. Data concerning cognitive assessment scores are kept for 20 years.

Website use

We are committed to safeguarding the privacy of our website visitors.
By visiting the website and submitting information on the contact form you agree that we can use your personal data as described in the privacy policy. When you contact us through the contact form we collect your name, email address, telephone number and any additional information you provide.
Our website may include links to third party services and websites. This privacy policy does not extend to third party services or websites. We cannot be responsible for the privacy policies and practices of the owners or operators of any third party site and recommend that you view the privacy policy for each site you visit.


Cookies are small files transferred to your computer’s hard drive through your web browser. They are used to make websites work more efficiently, and provide information to the owners of the site.
Our website uses cookies to provide users with the most relevant and useful information about our services and to help our website run effectively. For more information about cookies we use, please read our cookie policy.
Our privacy policy is reviewed periodically. Please check back regularly to view our latest version.
April 2024