Skip to content
Hardiman

Legal

Privacy policy

Last updated 3 July 2026

This policy explains how we collect, use, and protect your personal information, including the health information we hold to provide your care. Hardiman Performance is a trading name of Hardiman Performance Ltd, a company registered in England and Wales, operating from 637 Hitchin Road, Luton, Bedfordshire LU2 7UP.

We are the data controller for the information we hold about you. We are registered with the Information Commissioner’s Office under registration number ZA407915. For any question about your data, contact us at admin@hardimanperformance.com or call 01582 318980.

The information we collect

You can browse this website without giving us any personal information. We collect personal information when you contact us, book an appointment, or attend the clinic. Depending on how you interact with us, this can include:

  • Your name, date of birth, address, email, and phone number.
  • Health information you give us: your symptoms, medical history, medication, and the clinical notes, assessments, and treatment records we create during your care.
  • Payment details, processed securely by Stripe for online payments or by our card terminal in the clinic. We do not store full card numbers.
  • Booking and appointment details, held in our practice management system.
  • Technical and usage information when you visit the website, such as your browser type and pages viewed, collected through analytics cookies (see Cookies below).

How we use your information and our lawful basis

Under UK GDPR we must have a lawful basis for using your information. We rely on the following:

  • To provide your care and run the clinic. For your personal information, our basis is the performance of our contract with you. For your health information, which is a special category of data, we rely on the provision of health care by a professional bound by a duty of confidentiality (UK GDPR Article 9(2)(h)).
  • To manage bookings, payments, and reminders, and to respond to your enquiries.
  • To meet our legal and regulatory duties, including the record-keeping standards of the General Osteopathic Council and our obligations to insurers and tax authorities.
  • To send occasional email updates where you have opted in. You can unsubscribe at any time using the link in any email.
  • To improve the website, where you have given consent to analytics cookies. You can withdraw this at any time.

Who we share it with

We never sell your data. Your clinical records are confidential and shared only with your consent or where the law requires it. We use a small number of trusted providers who process information on our behalf under contract:

  • Cliniko, our practice management system, which holds your booking and clinical records and sends appointment confirmations and reminders.
  • Vercel, which hosts this website.
  • Google Analytics, for website usage statistics, where you have consented.
  • Stripe, which processes online payments.
  • Mailchimp, which we use to send email updates to people who have opted in to receive them.

With your consent we may also share relevant information with your GP, another healthcare professional, or your insurer. We may disclose information without consent where we are legally required to, or to protect someone from serious harm.

Cookies and analytics

This website uses essential cookies needed for it to work, and analytics cookies that help us understand how the site is used. Analytics cookies are only set with your consent. You can manage or withdraw consent through your browser settings at any time.

How long we keep your information

We keep clinical records for 8 years after your last appointment, in line with professional record-keeping guidance and the NHS Records Management Code of Practice. Records for patients under 18 are kept until their 25th birthday, or longer where guidance requires. Other information is kept only as long as needed for the purpose we collected it, or to meet a legal obligation.

Your rights

You have the right to:

  • Ask for a copy of the information we hold about you.
  • Ask us to correct information that is wrong or incomplete.
  • Ask us to delete information, though we may need to keep clinical records to meet our legal and professional duties.
  • Object to or ask us to restrict certain uses of your information.
  • Withdraw consent where we rely on it, such as for analytics.

To exercise any of these rights, contact us at admin@hardimanperformance.com. If you are unhappy with how we have handled your information, you can complain to the Information Commissioner’s Office at ico.org.uk, though we would ask you to raise it with us first so we can put it right.

How we keep it secure

We hold your information securely, limit access to those who need it to provide your care, and use providers who maintain appropriate security standards. Clinical records are confidential and stored within our practice management system.

Changes to this policy

We may update this policy from time to time. The date at the top shows when it was last changed. Any significant change will be reflected here.

CallBook online