Scope

This document refers to personal data, which is defined under UK data protection law as information relating to a living individual (the “Data Subject”) who can be identified from that data (and other information in, or likely to come into, our possession), and which is not already in the public domain.

United Kingdom applies the UK General Data Protection Regulation (UK GDPR) in conjunction with the Data Protection Act 2018. These laws seek to protect and enhance the rights of UK data subjects. These rights include safeguarding personal data, protection against the unlawful processing of personal data, and ensuring the lawful transfer of personal data outside of the UK and within the EEA (where appropriate under adequacy decisions and related mechanisms).

1.Introduction: Aynsley Fry Limited T/A Gecko Clinic

Aynsley Fry Limited T/A Gecko Clinic, permanently based at Units 3 Frilsham Home Farm, Yattendon, RG18 0XT (hereafter referred to as “Gecko”), is pleased to provide the following information.

 

2. Who We Are

Gecko offers various health-promoting services including fitness, nutrition, and healthcare treatments focused on diagnosing and managing a variety of musculoskeletal and health conditions.

All respective treatments are carried out in accordance with:

Health and Care Professions Council Standards of Proficiency (https://www.hcpc-uk.org/standards/standards-of-proficiency/)

Chartered Society of Physiotherapy Code of Professional Values and Behaviours (https://www.csp.org.uk/system/files/csp_code_of_professional_values_behaviour_full.pdf)

General Osteopathic Council’s Standard of Practice (https://www.osteopathy.org.uk/standards/osteopathic-practice/)

The practice may also offer additional treatments, and our staff will be happy to provide you with more details upon request.

 

3. Personal Data

3.1. Medical and Treatment Data

    • To provide our services and/or treatment, Gecko may require detailed medical information from you. We will only collect what is relevant and necessary for your care.
    • When you visit our practice, we create records that may include details about your medication, treatments, and other factors impacting your health.
    • These records are held securely and are not shared with anyone not involved in your treatment unless required by law or with your explicit consent. Pre-vetted administrative staff may handle data purely for data storage/administrative purposes and have all signed confidentiality agreements.
    • By seeking our services, you give your explicit consent for Gecko to document and process your personal and medical data.
    • Your contact details (phone number, email address, postal address) may be used to send appointment reminders, reports, or other information related to your treatment.
    • In certain cases relating to ongoing care, medical diagnoses, or insurance matters, sharing your data with third-party healthcare professionals (e.g., GPs, consultants, surgeons) or insurance companies may be necessary. We will inform you to seek your consent beforehand unless legally obliged otherwise.

3.2. Marketing Communications

    • With your explicit consent, Gecko may use your contact details to respond to inquiries or send information that may be of interest to you about our services.
    • You can opt into Gecko’s newsletter(s) to receive periodic updates. You may unsubscribe at any time by following the instructions in the communication or by contacting us directly.

3.3. Data Collected via Marketing Forms, Surveys, and Website

    • We may collect certain personal details via online forms, surveys, records of correspondence, phone calls, and website visits. This may include IP addresses or other unique online identifiers.
    • Our website, www.geckofitness.com, uses cookies to help us identify and track visitors and their website preferences. You may set your browser to refuse cookies before using our website, understanding that certain website features may not function correctly without them.

3.4. Data Minimisation

    • Gecko will only collect information necessary to provide our services and will not sell or broker your data.

 

4. Legal Basis for Processing Personal Data

Under the UK GDPR, we rely on various legal bases to process your personal data, including:

    • Consent: Where you have given clear and explicit consent for processing your personal data for specific purposes.
    • Contractual obligation: To fulfill contractual obligations, such as providing healthcare services you have requested.
    • Legitimate interests: In certain cases, we may process data based on our legitimate interest to respond to inquiries or to provide and promote healthcare services, provided these do not override your rights and freedoms.

 

5. Legitimate Interests Pursued by Gecko

Gecko promotes health and fitness services for its patients.

We process personal data to:

    • Provide safe, effective treatment and care.
    • Communicate with you regarding appointments, billing, and follow-up.
    • Promote related health and fitness services that may be of interest.

 

6. Consent

By agreeing to this Privacy Notice, you consent to Gecko processing your personal data for the purposes outlined. You may withdraw consent at any time by contacting us via the postal address, email, or telephone number provided at the end of this notice.

 

7. Disclosure of Personal Data

    • Gecko keeps your personal information secure. Only those staff members involved in your care or administrative tasks will access your records.
    • We will not disclose your personal information unless legally compelled to do so or when it is necessary to uphold our Terms and Conditions (e.g., detecting, preventing, or addressing fraud, security breaches, or other technical issues).
    • We may also disclose your information to enforce our Terms and Conditions or protect the rights, property, or safety of Gecko’s staff and patients.

 

8. Retention Policy

    • Gecko will process personal data throughout the duration of your treatment or service provision. We will continue to store your medical records in line with our Record Retention Policy, which typically requires holding adult patient records for eight years following the conclusion of treatment to meet medico-legal obligations.
    • After eight years, personal data is securely deleted unless a minimal record must be retained to meet future obligations (proof of erasure).
    • In cases involving minors (under 18 at the time of treatment), records may be retained until they reach the age of 25 (i.e., 7 years after turning 18).

 

9. Data Storage

    • All personal data is primarily held in the United Kingdom.
    • Patient data is stored by TM3 Blue Zinc Ltd, which has a dedicated information security team to ensure data protection at the highest possible level. Data is stored in an ISO27001-accredited, secure, and monitored UK data centre.

 

10. Your Rights as a Data Subject

While Gecko holds or processes your personal data, you have the following rights under the UK GDPR:

1. Right of Access: Request a copy of the personal data we hold about you.

2. Right to Rectification: Correct data that is inaccurate or incomplete.

3. Right to Erasure (‘Right to be Forgotten’): Under certain circumstances, request the deletion of the data we hold about you.

4. Right to Restrict Processing: Where certain conditions apply, request restricted processing of your data.

5. Right to Data Portability: Have the data we hold about you transferred to another organisation in a safe and secure way.

6. Right to Object: Object to certain types of processing, such as direct marketing.

7. Right to Object to Automated Processing, including Profiling: Not to be subject to automated decision-making or profiling that produces significant effects.

If Gecko refuses your request under rights of access, we will provide you with the rationale, and you have the right to challenge this decision through legal avenues. Upon request, Gecko can confirm what information we hold about you and how it is processed.

 

11 -You can request the following information:

    1. Identity and the contact details of the person or organisation (Gecko) that has determined how and why to process your data.
    2. Contact details of the data protection officer, where applicable.
    3. The purpose of the processing as well as the legal basis for processing.
    4. If the processing is based on the legitimate interests of Gecko and information about these interests.
    5. The categories of personal data collected, stored and processed.
    6. Recipient(s) or categories of recipients that the data is/will be disclosed to.
    7. How long the data will be stored.
    8. Details of your rights to correct, erasure, restrict or object to such processing.
    9. Information about your right to withdraw consent at any time.
    10. How to lodge a complaint with the supervisory authority (ICO).
    11. Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and the possible consequences of failing to provide such data.
    12. The source of personal data if it wasn’t collected directly from you.
    13. Any details and information of automated decision making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing.

 

12 – To access what personal data is held, identification will be required

Gecko will accept the following forms of identification (ID) when information on your personal data is requested: a copy of your driving licence, passport, birth certificate and a utility bill not older than three months. A minimum of one piece of photographic ID listed above and a supporting document is required. If Gecko is dissatisfied with the quality, further information may be sought before personal data can be released. All requests should be made to

 

13. Complaints

If you wish to raise a complaint about how Gecko has handled your personal data (or if you are not satisfied with our response to a request or concern), you have the right to complain to us directly. If you do not receive a response within 30 days, or if you remain dissatisfied, you can escalate your complaint to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection.

Gecko Contact:

  Aynsley Fry

  Email: aynsleyfry@geckofitness.com  Mobile: 07917 692 303

  Address: Unit 3, Frilsham Home Farm Business Centre, Yattendon, RG18 0XT

ICO Contact:

Wycliffe House, Water Lane, Wilmslow, SK9 5AF

Telephone: +44 (0)303 123 1113

Email via ICO’s online contact form](https://ico.org.uk/global/contact-us/email/

Last Updated: 14.03.2025

Gecko is committed to continually reviewing and updating our privacy practices and policies, and as a result, this policy may be amended from time to time. Any changes will be posted on our website.

If you have any questions or concerns about how we handle your personal data, please feel free to contact us at any time info@geckofitness.com 01635 767 003

Gecko Fitness app now available to download in your app store