Privacy Policy
Last reviewed 10th March 2026
This is the privacy policy of Bodycare Clinics Limited relating to the processing by Us of personal data. Under Data Protection Law We have a legal duty to protect any information We collect from You and We are committed to protecting and respecting Your privacy. We use leading technologies and encryption software to safeguard personal data, and keep strict security standards to prevent any unauthorised access to it.
In providing Our services and processing associated personal data We may be either a data controller or a data processor for the purposes of Data Protection Law. Our status as a Data Controller or a Data Processor will depend on the particular factual circumstances. In any situation where We are not the Data Controller, the Data Controller's privacy policy will also apply and We will only be able to deal with Your personal data in accordance with the instructions of the data controller.
Questions, comments and requests regarding Our privacy policy are welcomed and should be addressed to Our Data Protection Officer at Bodycare Clinics Limited, Cbx Central, Unit 5 4 Silver Fox Way, Cobalt Business Park, Newcastle Upon Tyne, NE27 0QJ OR by email to data.protection@bodycareclinics.com.
In this policy:
- Bodycare refers to Bodycare Clinics Limited, company number 05011409 of Cbx Central, Unit 5 4 Silver Fox Way, Cobalt Business Park, Newcastle Upon Tyne, England, NE27 0QJ, and We, Us, Our, Ours and Ourselves also refer to Bodycare;
- You, Your, Yours and Yourself refer to you;
- Data Protection Law refers to the DPA, the UK GDPR and all other laws and regulations relating to the collection and other processing of personal data;
- DPA refers to the Data Protection Act 2018;
- UK GDPR refers to the UK's implementation of the General Data Protection Regulation (EU Regulation 2016/679);
- personal data refers to personal data as defined in the UK GDPR (including, if relevant, health data or any other special category personal data as defined in the DPA or UK GDPR);
- special category data is defined in the UK GDPR and includes health data (amongst others);
- Data Controller is defined in the UK GDPR and is a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;
- Data Processor is defined in the UK GDPR and is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Data Controller;
- Expert means a specialist in their field who is engaged to provide expert reports or specialist advice on medical conditions;
- Instructing Party (Instructing Parties) means Your legal representative, insurer and/or Square Health Limited;
- Treatment Provider means a specialist who is engaged to provide certain treatment services including but not limited to rehabilitation services.
Information We may collect and process about You
Injured Parties
We may collect, process, store and transfer the following personal data and special categories of personal data:
- Your name
- Address
- Contact details
- Date of birth
- Details of the circumstances of the claim or incident and any damage, injury suffered by You
- Information about Your work/education and lifestyle
- Physical build (height/weight)
- Marital status
- Your GP details or details of other people who have treated You
- Medical records (for example from Your GP, hospitals or other organisations where You may have received treatment in relation to the incident) for the purpose of being reviewed by the medical expert and to aid in completion of the medical report
- Medical history (including, but not limited to current and past history, psychological history, medication, tests and investigation results)
- Details of physical examination, diagnosis and prognosis as provided by the medical examiner or other health organisations (such as hospitals or treatment providers)
We may process Your personal data for one or more of the following reasons:
- to obtain a medical report
- for arranging treatment / diagnostic services
- for arranging investigations to assist in Your case
- for customer service and complaints handling
| Purpose of processing | Our role | Lawful basis of processing |
|---|---|---|
| Provision of Expert Report (Medco) | Data Controller of all data processed |
|
| Provision of Expert Report (non-Medco) | Data Controller for certain information |
|
| Data Processor for certain information | Determined by the Data Controller (Instructing Party) | |
| Provision of treatment (including rehab treatment referral) | Data Controller for certain information |
|
| Data Processor for certain information | Determined by the Data Controller (Instructing Party) | |
| Provision of diagnostic services | Data Controller for certain information |
|
| Data Processor for certain information | Determined by the Data Controller (Instructing Party) | |
| Customer services and complaints handling | Data Controller for all information |
|
Experts and Treatment Providers
We act as the Data Controller of the information We process about You for the purposes of Your engagement with Us.
| Category of personal data | Purpose of processing | Lawful basis of processing |
|---|---|---|
| Contact details (eg name, address, telephone number, personal address, business address, email address) | Due diligence Payment processing |
|
| Date of birth | Due diligence |
|
| Professional registration numbers | Due diligence |
|
| DBS check information to include criminal conviction data | Due diligence |
|
| Passport / Driving licence | Due diligence |
|
| CV / employment history | Due diligence |
|
| Qualification / accreditation certificates | Due diligence | Contract |
| Indemnity insurance | Due diligence | Contract |
| ICO Certificate | Due diligence | Contract |
| Performance records | To review performance of the services | Contract |
| Bank details | Payment processing | Contract |
| VAT registration number | Payment processing | Contract |
| Tax status | Payment processing | Contract |
| Screenshot during remote interview | To evidence interview | Exercise or defence of legal claims |
| Recent utility bills (additional requirement for admin support/secretarial services) | Due diligence |
|
| Gender | To enable Injured Parties to choose Experts based on their preferences |
|
Where We get Your personal data from
Injured Parties
Your personal data has been provided to Us by an Instructing Party (the Data Controller). Additional personal data may be collected directly from You or an Expert, Treatment Provider or diagnostic service provider.
Experts and Treatment Providers
We collect Your personal data from You directly or it will be generated in the course of You providing the services.
Disclosure of information to third parties
Injured Parties
We may disclose Your personal data and special categories of personal data to one of more of the recipient types where necessary or as directed by the Instructing Party:
- The Instructing Party
- The referring agency who appointed Your solicitors
- Independent medical experts for the purpose of obtaining a medical report
- Independent treatment providers for the purpose of arranging treatment
- Diagnostics providers (for example hospitals) for the purpose arranging investigations to assist in Your case
- Medical Records providers
- Ministry of Justice (via Medco)
- DCX Mobile Application (where applicable)
- Any debt recovery agencies appointed by Us
- Financial/Non-Financial Auditors/Lawyers
- Third party admin/secretarial functions which medical experts engage with
In dealing with Your claim/case, We may also transfer Your information to people providing Us with support, administrative services and secure shredding services for the more efficient processing of Your claim/case. Your details will be processed in each case in strict confidence and We have set up adequate measures to ensure that Your privacy is protected when transferring Your data to third parties for the purposes of providing Our services to You.
Experts and Treatment Providers
We may share Your personal data with other third parties where We have a legal obligation to do so or to assist with investigations carried out by law enforcement, government or regulatory bodies where it is fair and lawful. For example, where a regulatory body requests Your information to carry out a task in the public interest.
We shall share Your name with Injured Parties prior to a consultation taking place.
We shall share redacted copies of Your CV with Instructing Parties for their consideration. In these circumstances, Your CV will not contain Your name or contact details.
How We store Your personal data
We use third party providers to store / host Your personal data. These third parties act as Our Data Processors. These Data Processors process Your personal data within the UK and the EEA.
Retention of Your personal data
Injured Parties
We will keep Your data on our systems for at least 7 years following completion of Your case. We may keep a limited amount of Your data for longer:
- where there are financial reasons for doing so (e.g. there are still outstanding amounts owed to Us on Your file);
- to comply with insurance requirements (i.e. for the exercise and defence of legal claims); or
- if needed by Us to comply with other legal obligations (for example Medco requirements).
The data will be deleted once it is no longer necessary.
Experts and Treatment Providers
We will keep Your data on Our systems for 15 years from the later of (i) termination of Our contract with You and (ii) any investigation, claim or complaint concerning You is concluded.
Your rights
Data Protection Law gives You various rights including the:
- right to receive a copy of Your personal data
- right to ask Us to update or correct any inaccurate personal data
- right to request Us to delete Your personal data ('right to be forgotten') unless We have a contractual/legal requirement to keep it.
We will not use Your personal data for marketing purposes without Your consent. If You have given Your consent for Us to use Your personal data whatever reason, You have the right to withdraw Your consent, including for marketing purposes. If You have elected to receive marketing materials, at any time subsequently You can ask not to receive marketing materials.
You can exercise Your data protection rights by writing to Our Data Protection Officer at Bodycare Clinics Limited, Cbx Central, Unit 5 4 Silver Fox Way, Cobalt Business Park, Newcastle Upon Tyne, NE27 0QJ OR by email to data.protection@bodycareclinics.com. If You have any concerns about Our use of Your personal data, You can make a complaint to Us using the above details. If You remain unhappy with how We've used Your data after raising a complaint with Us, Data Protection Law gives You the right to complain to Our supervisory authority, the Information Commission (www.ico.org.uk).
Cookies
Cookies are pieces of data that are often created when You visit a website, and which are stored in the cookies directory of Your computer. Cookies are created when You visit this site.
Please see Our separate Cookies Policy for further information.
Access
This website contains links to other websites. This privacy policy applies only to Our site, so You should always be aware when You are moving to another site and read the privacy statement of any other site(s) which collect personal information about You.
Where You are directed to this website from another site We may receive personal information relating to You from the other site(s). You should read the privacy policies applicable to such sites as these will govern the use of any personal information that You provide when accessing such sites and which is provided to Us. We do not pass on any personal information You have given us to any other site.
Changes
If this privacy policy changes in any way, We will place an updated version on this page.