Dr Damon Murgatroyd Osteopathy has created this privacy notice statement

The privacy notice demonstrates our firm and continuing commitment to the privacy of personal information provided by those visiting and interacting with this web site.

Information on General Data Protection Regulation from your Osteopath Dr Damon Murgatroyd

We hold the privacy of your personal information in the highest regard.

The following page discloses Dr Damon Murgatroyd Osteopathy information gathering and dissemination practices for this website.

Dr Damon Murgatroyd Osteopathy recognizes the importance of protecting your privacy

Our privacy notice policy is designed to assist you in understanding how we collect, use and safeguard the personal information you provide to us, and to assist you in making informed decisions when using our site.

This privacy notice policy will be continuously assessed against new technologies, business practices and our customers’ needs.

Our Commitment to the 2018 General Data Privacy Regulation


In the Southampton and Bournemouth clinics, for GDPR 2018, Dr Damon Murgatroyd is the ‘data controller’ (ie person who is responsible for, and controls the processing of your personal data). However, in the Poole clinic I have only a data processor role.

GDPR 2018 Privacy Notice

Below is a link to my practice’s Osteopathic GDPR Privacy Notice for you to read online, and to download. It is the same document that you will be given in the Southampton and Bournemouth clinics. The Notice, in part, relates to a legal requirement for me to obtain your signed preferences on data processing.

Link to the Notice 


Dr Damon Murgatroyd is a Registered Osteopath with the General Osteopathic Concil, and qualified doctor. He operates private practices in Southampton, Hampshire, and in Bournemouth, Dorset. He also works as an associate/self-employed osteopath in Poole, Dorset.

My Background

After qualifying as a doctor of medicine in 1984, GMC Ref No 3000340, and then as an osteopath in 1992, Reg No 1600, I have worked parallel careers as a General Practitioner, as a hospital orthopaedic physician, and as a private osteopath. From 2015 I have worked solely as an osteopath. My qualifications are: MBChB, FLCOM, DipMSMed, DipGerMed. I am a registered osteopath.

See Southampton Page 


– If you do not wish to receive marketing material, if you had previously agreed to it.

Please Remember

…That contacting us to opt-out does NOT apply to your contact information saved for purposes of dealing with your clinic booking, and for your care as a patient of this clinic.

Contact Page 

Highlights from the full GDPR Privacy Notice

  • Introduction to the GDPR information for you as my Osteopathic patient

    This information is, I hope, presented in a quick to access, and easy to understand way.

    The videos at the bottom of this page aim to answer the ‘why’ and ‘what it means for all of us’ questions.

    Your feedback will be very welcome.

  • What Information Do We Collect?

    When you visit this web site you may provide us with two types of information: personal information you knowingly choose to disclose that is collected on an individual basis, and Web site use information collected on an aggregate basis as you and others browse our Web site.  Medical records are separate from the website, as outlined below.

    1. Personal Information You Choose to Provide  

    Registration Information 
    When you register online for any of our products, services or newsletters you will provide us information about yourself.
    We review our retention periods for personal information on a regular basis. We are legally required to hold some types of information to fulfil our statutory obligations. Dr Damon Murgatroyd Osteopath will hold your personal information on our systems for as long as is necessary for the relevant activity, or as long as is set out in any relevant contract you hold with Dr Damon Murgatroyd Osteopath/

    Credit Card Information 
    You will NOT use a credit card on this site, but if that facility was available you would actually be transferred to a secure site. There are no requirements for transactions directly with employees. Our employees will not take credit card information from you.   

    eMail Information 
    If you choose to correspond with us through email, we may retain the content of your email messages together with your email address and our responses. We provide the same protections for these electronic communications that we employ in the maintenance of information received by mail and telephone.  

    2. Web Site Use Information 

    We will obtain personal data about you (such as your name, address, contact telephone number, email address, whenever you complete an online form.

    For example, we will obtain your personal data when you send us feedback, contact us for any reason, sign up to the newsletter, enter a competition, book appointments. We may also obtain sensitive personal data about you if you volunteer it during the completion of an online form. If you volunteer such information, you will be consenting to our processing it for the purpose of obtaining medical history for case history and treatment purposes

    Under the General Data Protection Regulations (2018) you have the options to discover/forget your on-line data held on this site Here

    We may monitor your use of this website through the use of cookies and similar tracking devices. For example, we may monitor how many times you visit, which pages you go to, traffic data, location data and the originating domain name of a user’s internet service provider. This information helps us to build a profile of our users. Some of this data will be aggregated or statistical, which means that we will not be able to identify you individually. 

    Similar to other commercial Web sites, our Web site utilizes a standard technology called “cookies” (see explanation below, “Use of Cookies”) and web server log files to collect information about how our Web site is used. Information gathered through cookies and Web server logs may include the date and time of visits, the pages viewed, time spent at our Web site, and the Web sites visited just before and just after our Web site. 

    3. Personal Information and Medical Information that is used in keeping medical records of your treatment

    As an osteopath who will meet and treat you for your problems, I am obliged to keep and retain accurate records, for legal reasons, for a period of time. These will be both as ‘hardcopy’ written records stored in a locked environment, and as a ‘summary’ record on digital file. The latter is NOT part of my website, and is kept as a password encrypted file. Cloud storage is with Outlook 365, which is GDPR compliant, and is itself accessed by 2-step verification. The following points are from the ICO documentation on GDPR FAQs For Small Health Sector Bodies :

    • Individuals are entitled to have personal data rectified if it is inaccurate or incomplete.
    • If we have disclosed the personal data in question to third parties, we must inform them of the rectification where possible. We must also inform the individuals about the third parties to whom the data has been disclosed where appropriate.
    • However, this doesn’t extend to medical opinions, where the data recorded accurately represents the opinion in question.
    • There is no absolute ‘right to be forgotten’.
    • People can ask for their personal data to be erased – but only when there is no compelling reason for its continued processing.
  • How Do We Use Your Personal Data? (What Do We Do With the Info?)

    Broadly speaking, we use personal information for purposes of administering our business activities, providing the products and services you requested, to process your payment (if done online), to monitor the use of the service, our marketing and promotional efforts and improve our content and service offerings, and customize our site’s content, layout, services and for other lawful purposes. These uses improve our site and better tailor it to meet your needs. 

    We will not share your information with third parties, unless on a legally required basis. Personally identifiable information or business information will not be shared with third parties for marketing purposes. 

    Occasionally, we may also use the information we collect to notify you about important changes to our Website, new services, and special offers we think you will find valuable. You may notify us at any time if you do not wish to receive these offers by emailing us via my Contact Me page, or at the link provided on the newsletter.

  • Data Security Precautions

     When you give us personal information, we take steps to ensure that it’s treated securely. Non-sensitive details (your email address etc.) are transmitted normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we take great care to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems. Online storage of personal information will use GDPR compliant methods: Microsoft 365 and Google Drive. We will not store data outside the EEA. This site’s hosting company is Kualo, who confirm that they use only UK-based servers. Please see their articleGDPR: A Shared Responsibility for Data Security , particularly the paragraph ‘The Obligations of a Data Processor’, point 7.

    Acquisition or Changes in Ownership
    In the event that the web site (or a substantial portion of its assets) is acquired, your information would be considered part of those assets, and may be part of those assets that are transferred.

  • Use of Cookies

    Like many other websites, the spineandjoints.co.uk website may use cookies. ‘Cookies’ are small pieces of information sent by an organisation to your computer and stored on your hard drive to allow that website to recognize you when you visit. While cookies collect statistical data about your browsing actions and patterns, they do not identify you as an individual. This helps us to improve our website and deliver a better more personalized web user experience. Please visit my Cookie Policy page.

    ​It is possible to switch off cookies by setting your browser preferences. For more information on how to switch off cookies on your computer, see just below. Turning cookies off may result in a loss of functionality when using our website.

    Types of cookies

    The length of time a cookie stays on your device depends on its type. We use two types of cookies on our websites.

    ​Session (Transient) cookies: these cookies are erased when you close your browser, and do not collect information from your computer. They typically store information in the form of a session identification that does not personally identify the user.

    ​Persistent (Permanent/Stored) cookies: these cookies are stored on your hard drive until they expire (i.e based on a set expiration date) or until you delete them. These cookies are used to collect identifying information about the user, such as Web surfing behavior or user preferences for a specific site.

    Opt Out​

    In order to provide website visitors with more choice on how data is collected by Google Analytics, Google has developed the Google Analytics Opt-out Browser Add-on. The add-on communicates with the Google Analytics JavaScript (ga.js) to stop data being sent to Google Analytics. The Google Analytics Opt-out Browser Add-on does not affect usage of the website in any other way. A link to further information on the Google Analytics Opt-out Browser Add-on is provided below for your convenience.

    ​For more information on the usage of cookies by Google Analytics please see the Google website. A link to the privacy advice for this product is provided below for your convenience.

     Disabling Cookies

    If you would like to restrict the use of cookies you can control this in your Internet browser. Links to advice on how to do this for the most popular Internet browsers are provided below for convenience and will be available for the Internet browser of your choice either online or via the software help (normally available via key F1).

    IP Addresses 
    IP addresses are used by your computer every time you are connected to the Internet. Your IP address is a number that is used by computers on the network to identify your computer. IP addresses are automatically collected by our web server as part of demographic and profile data known as traffic data so that data (such as the Web pages you request) can be sent to you.  

  • Marketing and Opting Out

    If you have given permission, we may contact you by email, SMS, mail, telephone, text/picture/video message about hints and tips, blogs, special offers, updates, new services that may be of interest to you. If you prefer not to receive any direct marketing communications from us, you can opt out at any time – write or email us via the Contact Me page. See ‘Your rights’, below for further information.

  • Your Rights

    Under the General Data Protection Regulation (GDPR), you have rights as an individual which you can exercise in relation to the information we hold about you.

    • ​The right to be informed
      This encompasses our obligation to provide ‘fair processing information’, typically through a privacy notice that emphasises the transparency in our data processing methods and the reasons we may process your personal data with your consent.

    • The right of access
      This allows individuals to be aware of and verify the lawfulness of the processing.

    • The right to rectification
      This gives individuals the right to have personal data rectified if it is inaccurate or incomplete.

    • The right to erasure
      Also known as ‘the right to be forgotten’ this enables an individual to request the deletion or removal of personal data where there is no compelling reason for its continued processing.

    • The right to restrict processing
      This provides individuals with the right to ‘block’ or suppress processing of personal data.

    • The right to data portability
      This permits individuals to obtain and reuse their personal data for their own purposes across different services. It allows them to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without limiting usability.

    • The right to object
      Individuals have the right to object to processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling); direct marketing (including profiling); and processing for purposes of scientific/historical research and statistics.
      You can read more about these rights at https://ico.org.uk/for-the-public/is-my-information-being-handled-correctly/

  • Children and Data

    Children are not eligible to use our services unsupervised and we ask that children (under the age of 14) do not submit any personal information to us. If you are a minor, you can use this service only in conjunction with permission and guidance from your parents or guardians. 

  • Links to Other Websites

    Our website may contain links to other websites run by other organisations. This privacy policy applies only to the Dr Damon Murgatroyd Osteopath website www.spineandjoints.co.uk ‚ so we encourage you to read the privacy statements on the other websites you visit. Dr Damon Murgatroyd Osteopath cannot be responsible for the privacy policies and practices of other sites even if you access them using links from our website.

Relevant Document Downloads

GDPR 2018 Privacy Notice

This 2-sided document refers to personal data, which is defined as information on any living person that is not already in the public domain.

Read more →

GDPR Data Protection Agreement

Consent form to store and use your medical records, and to communicate with you. Also consents (or not) to you receiving our newsletter and other promotional info from us.

Read more →

Parent/Guardian Agreement

Form for you, as parent or guardian to sign. It permits medical records to be created, and informs you of the requirement for us to retain the notes until the child is 25 years old. Also covers use of contact info as a patient, and opt-ins and opt-outs for newsletters and other promotional material.

Read more →

Data Access Request

If you wish to receive a copy of the data/information we hold about you or about a person that you are the parent/legal guardian for, then do download and complete this 2-page Access Request Form. It can then be posted or sent electronically – see my Contact Me page. There are requirements for you to send proof of identity, which are outlined on the form. No charge is made to you.

Read more →

Consent to Treatment

This form will need to be signed in clinic. It gives me, your osteopath, permission to treat you, or to treat the person for whom you are parent or legal guardian.

Read more →

Terms & Conditions of Service

What you can expect of me when I treat you as your osteopath. It also covers your obligation to provide 24 hours notice if you need to cancel your appointment, or a fee may be charged.

Read more →

GDPR and the ICO

Detailed information on how the Information Commissioner’s Office (ICO) requires companies to comply with the new General Data Protection Regulation (GDPR).

Read more →

Understanding Cookies

You may have been given a choice when you entered our site whether to accept or decline cookies. You can block all cookies (including functional cookies) by activating the setting on your browser that allows you to refuse the setting of cookies. However, if you do this you may not be able to access some parts of our site. .

Read more →

Some Helpful Videos about the GDPR from the ‘net

What is GDPR?

A quick overview.

Watch video 

The Future of Yout Personal Data (TEDx Talks)

Big data is big business and as value is created from customer insight – but, where is the moral line?

Watch video 

What is GDPR and how will it affect digital privacy around the world?

CBS News article discusses what all this means for the European consumer.

View video 

Getting healthcare ready for GDPR

The broader Healthcare sector is vastly more complex than your osteopathic clinic. Learn about some of the challenges faced by GPs, hospitals etc.

View video