Request a free consultation

Office Policy

This document outlines our data protection policy, terms and conditions of care.

  • This version is 1.1 dated 11thJune 2018
  • Policy prepared by Rachel Scott (Data Protection Officer)


Why this policy exists

This data protection policy ensures EIABC, Ltd:

  • Complies with data protection law and follow good practice
  • Protects the rights of staff, customers and partners
  • Is open about how it stores and processes individuals’ data
  • Protects itself from the risks of a data breach


Data protection law

The UK Data Protection Legislation is underpinned by eight important principles.

These say that personal data must:

  1. Be processed fairly and lawfully
  2. Be obtained only for specific, lawful purposes
  3. Be adequate, relevant and not excessive
  4. Be accurate and kept up to date
  5. Not be held for any longer than necessary
  6. Processed in accordance with the rights of data subjects
  7. Be protected in appropriate ways
  8. Not be transferred outside the European Economic Area (EEA), unless that country or territory also ensures an adequate level of protection


Policy scope

This policy applies to:

  • The offices of EIABC Ltd t/a Pain and Posture Wellness Centre (PPWC)
  • All staff and volunteers of EIABC Ltd
  • All contractors, suppliers and other people working on behalf of EIABC Ltd

It applies to all data that the company holds relating to identifiable individuals. This can include:

  • Names of individuals
  • Postal addresses
  • Email addresses
  • Telephone numbers
  • …plus, any other information relating to individuals


Data protection risks

This policy helps to protect EIABC Ltd, its clients, and contractors, from some very real data security risks, including:

  • Breaches of confidentiality. For instance, information being given out inappropriately.
  • Failing to offer choice. For instance, all individuals should be free to choose how the company uses data relating to them.
  • Reputational damage. For instance, the company could suffer if hackers successfully gained access to sensitive data.


General staff guidelines

  • The only people able to access data covered by this policy should be those who need it for their work.
  • Data should not be shared informally. When access to confidential information is required, employees can request it from their line managers.
  • EIABC Ltd will provide training to all employees to help them understand their responsibilities when handling data.
  • Employees should keep all data secure, by taking sensible precautions and following the guidelines below.
  • In particular, strongpasswords must be used, and they should never be shared.
  • Personal data should not be disclosed to unauthorised people, either within the company or externally.
  • Data should be regularly reviewed and updated if it is found to be out of date. If no longer required, it should be deleted and disposed of.
  • Employees should request help from their line manager or the data protection officer if they are unsure about any aspect of data protection.


Data Acquisition

We acquire data regarding clients, prospects and 3rd party data sources from:

  • Onboarding a new client
  • Updating existing client details
  • Accounting
  • Form completions on our website.
  • Inbound emails
  • Business cards
  • Supplier invoices
  • Word of mouth
  • By creating backups
  • By Health Questionnaires
  • Spreadsheets
  • Individuals may be part of an image we have used for our website or in office


Data Storage Details

For each client we:

  • setup a new record on our Clinic Management System (PracticeHub)
  • add the client details into Office 365 for tracking appointment purposes
  • create a paper client file.
  • create a paper accounting record.
  • Use PracticeHub & Gmail to send treatment appropriate emails (non- marketing)
  • create a new file stored in Dropbox for Patient Photographs
  • Email using Google Suite
  • Receive Client health questionnaires & Office Policy documents via PracticeHub


Accounting Information

We use Kashflow for our accounting. Kashflow is a cloud-based service.  No accounting information is stored on local devices.


Inbound Emails

This data is stored on our company email servers which utilise Office 365 and Gmail. These emails are synchronised across devices, office computers, tablets owned by the business, and iPhones owned by the business.


Business Cards

We physically keep the cards in our filing cabinet


Supplier invoices

All incoming invoices, whether paper or electronic, are printed and stored in a secure filing cabinet at our office premises. We need to keep a hard copy for our end of year accounts.  The filing cabinet is locked outside business hours.


Word of Mouth

Any information noted down from word of mouth is entered into the appropriate system.



All our DATA is stored in the cloud and as such there is no local physical backup


Health Questionnaires

These are saved to the client’s file in Cliniko via Cliniqapps.



We hold client information in one spreadsheet to manage appointment tracking.  This spreadsheet is password protected.



All the photographs we take during your care are stored in Dropbox.

For clinical purposes they may be shared among colleagues to improve your care here.


How We Secure Our Data

All computers, tablets and iPhones in the business have strong passwords, fingerprint recognition, or 6-digit PINs.

All paper storage is contained in filing cabinets that are locked when no one is in the office.


Password Policy

All passwords we use are a minimum of 9 characters and alpha numeric.


Cloud Storage

All company working data is stored in the Following: -

Dropbox – Password protected

Google Suite- Password protected

Office 365- Password Protected

PracticeHub – Password protected (individual passwords)

Kashflow – Password protected


Data Backup

All our Data is stored in the Cloud so no need for a local physical Back Up procedure


Customer and Supplier Accounting Information

We use Kashflow in the cloud for our accounting. Kashflow is password protected. We also use Cliniko in the cloud for invoicing patients, this is Password protected.



Emails, including form fills from our website, come into our Gmail account and are stored in Gmail. All accounts are password protected as are the computers running the email client.  We store long term information in Gmail folders. We run Google Suite to ensure our office software is up to date and secure.  This is a cloud service, so all emails are synchronised with the Google Suite servers.


Our software platforms

Kashflow – Privacy policy | GDPR Statement

Dropbox – Privacy policy | GDPR Statement

Office 365 – Privacy policy | GDPR Statement

Google Suite – Privacy policy | GDPR Statement

PracticeHub – Privacy policy | GDPR Statement

Stripe Payment System - Privacy policy | GDPR Statement


How we use your data

We store data to ensure our business can perform it services for its clients. These guidelines should always be followed when handling personal data:

  • When working with personal data, employees should ensure the screens of their computers are always locked when left unattended.
  • Personal data should not be shared informally. There may be times when it is necessary to communicate effectively with other experts in order toprovide the best care.
  • Data must be encrypted before being transferred electronically.
  • Personal data should never be transferred outside of the European Economic Area without a DPA (Data Protection Agreement) in place.

Stripe Payment System

Stripe stores the patient's card details. Stripe encrypts all payment information. No details are stored in PracticeHub and the patient's card details are not accessible in any way. When we attempt to charge a patient, PracticeHub pulls this information from Stripe. The patient can request for their payment details to be deleted at any time.

Data Breaches

We will report any unlawful data breach of information we are holding to all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen. We will provide the following information:

  • What kind of data was stolen
  • How many individuals this affected
  • How many data records were compromised
  • How we were alerted to the breach
  • Who was responsible for the breach


Administering Subject Access Request (SAR)

Upon receipt of a SAR request from anyone whom which we store data about, we will respond with confirmation of the data we hold, send them a copy of that data, and inform them on how we have used that data. We will do this within 1 month of the request.  We will not make any charge for this service.


Right to Data Portability

Beyond a traditional S.A.R, you have the right to access your data and have it provided in a way that makes it easier for a computer to read, such as via a spreadsheet. You can also request for your data to be transferred directly to another system for free.


Right to Erasure

Because we are a healthcare company we cannot erase any records pertaining to treatment for a period of 8 years.


Privacy by default

The strictest privacy settings automatically apply to any new patient. Personal information is only kept for time necessary. In our case this period is 8 years once treatment has occurred.


Data Controller

The data controller is EIABC Ltd, a UK Private Limited Company with company number: SC439759

Whose registered office is: 50 Grahams Road


                                                FK1 1HN

And whose operating office is: The Clinic you attended first

Data Protection Officer: Rachel Scott

Director, EIABC Ltd : Richard Phelps

Telephone: 07859220477



The following outlines our terms and conditions of care

Thank you for choosing our wellness centre. It is our experience that proper communication promotes a relaxed atmosphere, which in turn promotes healing. Please read and understand the following, and then tick the box.


Our Purpose in Practice

The care in our office is unique and distinct in healthcare, and we emphasise the inherent recuperative power of your body to heal itself, without the use of drugs or surgery. We focus on the relationship between structure (primarily the skeleton and posture) and function (which is controlled by the nervous system), and how that relationship affects the preservation and restoration of your health.  Nutrition, exercise, and supporting the body while sitting, sleeping and standing all play a part in the care you receive in this office and help to ensure maximum benefit. As such the practitioner will discuss some or all these things. We recognise the value and responsibility of working in co-operation with other health-care practitioners when it is in the best interest of the patient and may discuss referral options if needed.


Type of Care

Although the practitioners working in Pain & Posture Wellness Centre may hold differing certifications (Chiropractic, Osteomyolgy, Physiotherapy, etc), all practitioners practice in accordance with the Advanced Biostructural Correction™ (ABC™) protocol. The focus of ABC™ is on the things that have gone out of place or ‘stuck’ in a way that the body cannot correct it on its own. It needs some type of outside assistance. The two main concerns addressed in this office are the meninges (protective coverings around the brain and spinal cord) and bones throughout the body that have gone out of position in such a way that there exist no muscles to retrieve them. As these things are corrected, the body will undergo a series of changes known as ‘Unwinding.’ In this Unwinding process, it is important that you understand that throughout it, your body will be improving mechanically. This is especially important as your body unlocks old injuries and must revisit them in order to get them corrected. At that point, you might temporarily feel more symptoms which will improve as care continues.


Our Hours

Your primary practitioner has his/her own specific practice hours. If you are unable to stick to a care plan schedule that works within those hours, please feel free to see another practitioner in our centre in lieu of or in addition to your regular practitioner. Since all are doing ABC™ the continuity of care will be maintained. Our general business hours are from 9-12:30, and 2:30-6:30 Monday to Friday, and 9-12 Saturday.


The first 3 visits

Visit 1: You will undergo a consultation and examination. (This takes approximately 1 hour.) The main objectives here are:

  1. To rule out any pathology that is outside our scope of care, and to refer where appropriate
  2. To make sure that your body will be able to handle the treatments we provide
  3. To get a baseline of your body’s condition
  4. To establish what is underlying your current condition


Visit 2: You will discuss what was uncovered in the last visit with a report of findings. You will experience the first full treatment (if applicable) (This takes approximately 30 minutes).


Visit 3: You will receive the second full treatment and discuss your goals and objectives and the appropriate care pan to meet those goals (This takes approximately 30 minutes).


Beyond the first 3 visits

Once the primary workup has been completed, each visit will take between 5-10 minutes on average. There are occasions where more time is required, and as appropriate, that will be scheduled in (e.g. longer visits to make sure you are on the right track to your goals).


Your Appointments

The practitioner has recommended a specific course of care for you, designed to produce the most specific, predictable change possible. Each adjustment in the process is critical in attaining your health goals. Your appointments will be mapped in advance as far as possible to save time on each visit. If you need to change an appointment, please give as much notice as possible (24 hours’ notice is ideal). All missed appointments need to be made up as soon as possible to maintain the corrective process. Any missed appointments, without prior notification may be charged at the normal adjustment fee.


Research and Development

We believe very strongly in furthering our standards of care and developing body work methods through research. In our office, we do participate in research activities and may include data from your case in our trials. All data is used anonymously and in compliance with the Data Protection Act 1998. Should you wish your data be excluded from this anonymous research, please advise us.


Ongoing Education and Holidays

Periodically, our team attends seminars and conferences to further their experience and education, and your practitioner may also on occasion take a holiday. In such cases, we will find the best locum practitioners available to care for you during those times. Likewise, if you are heading away on a holiday, please let us know as soon as possible (two or more weeks in advance preferably) so we can adjust your schedule of care accordingly. Also, we may be able to recommend a practitioner to continue with your care at your holiday location.



This is a referral-based practice. Our practice members refer others to us for care as they value the improvements in their health while under care. We are grateful for the trust placed in us when a referral is made, and we will always do our best to make your referral welcome. We work hard with them to help them achieve their health goals. If there is someone you know whom you would like to invite to our practice, please let us know.


Fees Policy/Refunds

In order to provide you with the best quality of care at the most affordable price, we encourage patients to take advantage of our care packages. However, if you or your practitioner decides to halt care for whatever reason, you will qualify for a refund of the unused portion of your fees.

Your refund amount is based on the number of adjustments you received, calculated at our regular adjustment fee, which is subtracted from the original care package fee less a £20 processing fee. This is the difference that is then refunded to you. This process can take up to 14 days and a written request is required from you. All care packages are valid for use by you, or refund, for a period of 18 months from the date of purchase. After this time remaining adjustment credit will lapse and be non-refundable, except with prior written agreement.



PPWC will not be liable in contract, tort, or otherwise for any economic loss (including, without limitation, loss of profit), or for any other special, indirect or consequential loss or damage arising out of, or in connection with, its provision of any goods and/or services to the practice member.

It is the practice member’s responsibility to ensure that they provide PPWC with up to date health details prior to each treatment. PPWC will not be liable for any damage that occurs as a result of the practice member’s failure to disclose such details.

The practice member agrees to comply with all instructions and/or recommendations given to them by their practitioner regarding their responsibilities towards self-care. (One of the largest results of not following the recommendations is that the practice member will be more symptomatic in going through the forward phase of the Unwinding process.)

Nothing in these terms of business shall exclude or limit the liability of PPWC for death or any personal injury resulting from the practitioner’s negligence.


Concerns/Complaints Procedure

We pride ourselves on our high-quality service. If you’re not satisfied, we’re not satisfied. Any time you wish to highlight an area in which we can improve our service, please let us know as we welcome your comments. We aim to provide as high a standard of care as possible.

We would hope that with good communication and professional care you would not have cause to complain. If you do, our complaints procedure provides for four possible stages as follows:

  1. Please initially raise your complaint with the practitioner that is caring for you. Many formal complaints made against practitioners stem from misunderstandings or inadequate communication. We would wish to avoid this, and we stress that we take complaints very seriously. Please raise the complaint when it arises and do not let days or weeks pass by. Hopefully we will be able to address your concerns. We will document your complaint and provide you with a letter stating the outcome and, if the complaint is substantiated, an apology and what steps we propose to take to remedy the situation (e.g. we can consider waiving fees or an ex gratia payment).
  1. If you are not satisfied with the outcome of your complaint to your practitioner, or if you feel it would be inappropriate to complain to him/her directly due to the nature of the complaint, we would ask that you set this out in writing to us and address the complaint to the Managing Director at 50 Grahams Road, Falkirk, FK1 1HN, or please call 07859220477. The Managing Director will initially investigate your complaint, meet with your practitioner and you, if you wish, and work on resolving the issue(s). This will be documented.
  1. If your practitioner is registered as a chiropractor and you are still dissatisfied, we have a complaints procedure as part of our membership of the United Chiropractic Association. Please contact “The Manager” at– Tel: 01752658785, Fax: 01752658786. Their role is to investigate, and if the complaint is upheld, to propose a remedy. They have a limited role in proposing a remedy that can include ex gratia payment, reduction or waiving of fees or other proposals for remedying your complaint. By our membership of the UCA we agree to be bound by their recommendations in relation to your complaint.
  1. The final step will vary depending on the association your practitioner is registered with. For Chiropractors send the complaint to the General Chiropractic Council, Tel: 02077135155. For Osteomyologists send the complaint to the Association of Osteomyologyists, Tel: 02085041462. This is a very serious step. These are our regulatory bodies. Part of their function is to investigate allegations of unacceptable professional conduct. They will discern whether it is necessary to take disciplinary proceedings against a practitioner. In that case formal proceedings will be conducted in a similar setting to a court of law, which may or may not require you to be in London for the proceedings. The Professional Conduct Committee of the GCC will hear evidence on oath before making a finding and deciding on the correct disposal of the complaint. They do not have the power to award any compensation.

Remember that your health can deteriorate over years and years. Therefore, correction and healing take time. However, if you are not satisfied with your body’s response to care, please make an appointment to discuss this with your practitioner – we want you to get the most from your ABC™ care.

Please agree to the use of cookies. We do not store any personal data in cookies. more information

We use system cookies that are required for our website to operate correctly. We use Google Analytics to monitor visitor behavior so we can analyse website activities and improve your user experience. We never store personal data. Please see our privacy policy for more information. To REVOKE cookie consent please go to our privacy policy and click on the REVOKE button.