Menu Close
  • Home
  • DATA GDPR & Privacy
    •

Data Handling, GDPR & Privacy Notice

Scope

This document refers to personal data, defined as any information relating to a living person (a “Data Subject”) that is not already publicly available.

The UK General Data Protection Regulation (UK GDPR), along with the Privacy and Electronic Communications Regulations (PECR), protects the rights of individuals regarding the safeguarding, processing, and free movement of personal data within the UK and the storage of that data within the European Economic Area (EEA).

1. Who We Are

Think Posture is an assessment hub offering consultations and advice in the Occupational Health domain. Think Posture t/a The Posture Store (UK) Ltd also supply ergonomic equipment and furniture via our website ww.posturestore.co.uk. Our team may provide additional services upon request.

2. Personal Data We Collect

a) Medical and Consultation Data
To conduct assessments, we may require detailed health and medical information. This includes, but is not limited to, medication, treatment history, and any other data relevant to your consultation. This data:

  • Is collected with your explicit consent.
     
  • Is stored securely and accessed only by relevant personnel.
     
  • May be shared with other healthcare professionals involved in your care (with your knowledge unless we are legally required to disclose it).
     

b) Communication Data
We use your contact details (e.g. email, phone, postal address) to:

  • Confirm and remind you of appointments.
     
  • Provide consultation outcomes or treatment-related reports.
     

c) Marketing Communication
With your consent, we may:

  • Contact you to provide information on services you may find relevant.
     
  • Send promotional content or respond to enquiries.
     

You can opt out at any time by contacting us (see Section 12).

d) Website and Online Data
We may collect:

  • Information via contact forms or surveys.
     
  • IP addresses and browser details from visits to our website.
     
  • Website cookies to track usage preferences (you can disable cookies via your browser settings).
     

e) Data Integrity
We only collect information that is necessary for the delivery of our services. We do not sell or broker your personal data.

3. Legal Basis for Processing

We process your data under the following lawful bases:

  • Contractual obligation – to fulfil our services with your explicit consent.
     
  • Legitimate interest – to respond to enquiries and promote well-being through our services.
     

4. Legitimate Interests of Think Posture / The Posture Store

We process data in the pursuit of promoting health and well-being through ergonomic consultation and tailored support.

5. Consent

By engaging with our services, you consent to the processing of your data for the purposes outlined in this notice. You may withdraw this consent at any time by contacting us (see Section 12).

6. Data Sharing & Disclosure

We keep your data secure. Only staff directly involved in your care and administrative processes have access. We will never disclose your information unless legally required (e.g. regulatory investigations, fraud prevention, or security incidents).

7. Retention Policy

  • Personal data is stored for up to eight years after your last consultation to meet legal and regulatory obligations.
     
  • For minors, records are retained until the child reaches 25 years of age.
     
  • After these periods, your data is securely deleted unless legally required otherwise.
     

8. Data Storage

All data is stored within the United Kingdom. We do not transfer or store data outside of the EEA.

9. Your Rights as a Data Subject

Under UK GDPR, you have the right to:

  • Access – request copies of your personal data.
     
  • Rectification – correct inaccurate or incomplete data.
     
  • Erasure – request deletion of your data (“right to be forgotten”) in certain circumstances.
     
  • Restriction – limit how your data is processed.
     
  • Portability – transfer your data to another organisation.
     
  • Objection – object to processing (e.g. direct marketing).
     
  • Automated decision-making – not be subject to automated profiling or decisions without human intervention.
     

10. Access Requests

You can request confirmation of what personal data we hold and how it is processed. We will require identification to verify your request. Accepted ID includes:

  • A copy of your passportdriving licence, or birth certificate.
     
  • A utility bill or official letter dated within the last 3 months.
     

Please email your request to hello@thinkposture.co.uk or post it to the address below.

11. Complaints

If you believe your data is being handled improperly, you have the right to complain.

First, please contact:
Craig McGrath – Director
📧 craig.mcgrath@thinkposture.co.uk

If you are not satisfied with our response, you can escalate the matter to:

The Information Commissioner’s Office (ICO)
Wycliffe House, Water Lane, Wilmslow, SK9 5AF
📞 0303 123 1113
🔗 Submit a complaint