Privacy Policy

Who we are
This website (drchrisbramah.com) is operated by Extra Mile Health Limited, trading as Dr Chris Bramah (“we”, “us”, “our”). We provide specialist consultancy, assessment and education in sports injury rehabilitation and biomechanics.

  • Data Controller: Extra Mile Health Limited (trading as Dr Chris Bramah)

  • Registered office: Manchester Institute Of Health & Performance

  • Company number: [9345014] (England & Wales)

  • Contact for privacy queries: consult@drchrisbramah.com

If you are a professional club or organisation using our services for your athletes, we may act either as a Data Controller (for our own private clients) or as a Data Processor for your organisation—see “When we are a processor” below.

Quick summary (key points)

  • We collect contact details, enquiry information and website analytics.

  • If you become a client, we process health data necessary for assessment and rehabilitation.

  • For health data we rely on Article 6(1)(b) contract / legitimate interests and Article 9(2)(h) (health care / treatment).

  • We use trusted processors (e.g., website host, Microsoft 365 email, form and cookie tools).

  • You control non-essential cookies and can withdraw consent at any time.

  • Your rights include access, rectification, erasure, restriction, portability and objection.

  • You can complain to the UK ICO.

What data we collect

Website visitors

  • Identifiers & contact: name, email, phone number, organisation (when you submit a form or contact us).

  • Usage/technical: IP address (short-term), device/browser details, pages viewed, referrers, and similar analytics.

  • Preferences: cookie choices and marketing opt-ins.

Clients (private individuals)

  • Administrative: contact details, appointment and billing information.

  • Clinical/assessment information (special category data): injury history, symptoms, examination findings, movement/biomechanics analysis (e.g., 3D motion capture), force-plate/isokinetic test results, training/return-to-sport status, and related notes.

  • Media: optional images/video used purely for clinical assessment/tracking (only with your explicit choice).

Professional / B2B

  • Organisation contacts: names, roles, work emails/phones.

  • Athlete data (if we act as a processor for your club): see “When we are a processor”.

We do not knowingly collect personal data from children without appropriate parental/guardian involvement.

How and why we use your data (lawful bases)

PurposeTypical dataLawful basis
Responding to enquiries and schedulingcontact details, messageLegitimate interests (to respond); pre-contract
Providing assessments & rehabilitationcontact details; health data; test resultsContract (Art. 6(1)(b)); Health care / treatment (Art. 9(2)(h))
Providing consultancy to teamscontact & engagement informationContract / Legitimate interests
Invoicing and paymentsbilling detailsContract / Legal obligation (tax)
Communications about booked servicescontact detailsContract / Legitimate interests
Marketing (news, events)name, emailConsent; you may withdraw at any time
Website security and performancetechnical/usage dataLegitimate interests
Legal, insurance and regulatoryrelevant recordsLegal obligation / Legitimate interests; Art. 9(2)(f) (establish, exercise or defend claims) as needed

Where we rely on consent (e.g., marketing emails or use of non-essential cookies), you may withdraw it at any time—see Your rights.

When we are a processor (for clubs/organisations)

If a professional club or organisation engages us to assess its athletes, we usually act as a Data Processor, processing athlete data strictly under the club’s instructions and the terms of a written Data Processing Agreement (DPA). In that case the club is the Data Controller, and its privacy notice will apply to that processing. We still remain Controller for our own internal business records (e.g., billing, scheduling).

Cookies and analytics

We use cookies and similar technologies to operate the site, understand performance and (if you consent) to measure audience and improve content.

  • Strictly necessary cookies run by default.

  • Analytics/marketing cookies only run with your opt-in (UK PECR/GDPR).

  • You can change or withdraw consent at any time via the “Cookie Settings” link in the footer.

See our Cookie Policy for details of cookies used, their purposes and durations.

Who we share data with (processors)

We use trusted service providers to run our website and communicate with you. These services only process personal data under our instructions and a contract.

  • Website hosting / CDN / security: [Krystal Hosting Ltd.]

  • Email & productivity: Microsoft 365 (mail delivery, document storage)

  • Website platform/plugins: WordPress, Elementor, [Fluent Forms] (form submissions), [CookieYes]

  • Analytics: [e.g., Google Analytics 4] (only with consent)

  • Payment: [if used—e.g., Stripe]

  • Professional advisers & insurers: where necessary for our business or to manage/defend claims

  • Law enforcement / regulators: where required by law

We do not sell your personal data.

International transfers

Some providers may process data outside the UK/EEA. Where this occurs, we ensure appropriate safeguards are in place (e.g., UK International Data Transfer Agreement (IDTA) or Standard Contractual Clauses (SCCs), plus additional measures as needed).

How long we keep data

We keep personal data only as long as necessary for the purposes above, or as required by law/insurers.

  • Enquiries (no contract formed): typically up to 12 months.

  • Client clinical records (adults): typically at least 8 years after the last contact, or longer where required by professional guidance or for legal/insurance reasons.

  • Children/young persons: retained until at least age 25 (or 26 if aged 17 at last treatment), subject to applicable guidance.

  • Business records (invoices, tax): normally 6 years.

We securely delete or anonymise data when no longer needed.

Security

We use appropriate technical and organisational measures to protect personal data, including access controls, encryption where appropriate, secure hosting and staff confidentiality. No internet service is 100% secure; please contact us immediately if you suspect any misuse of your data.

Your rights

Subject to legal limitations, you have the right to:

  • Access your data and request a copy

  • Rectify inaccurate data

  • Erase your data (in certain cases)

  • Restrict or object to processing (especially direct marketing)

  • Data portability (for information you have provided to us)

  • Withdraw consent where processing relies on consent

  • Complain to a supervisory authority (UK ICO)

How to exercise your rights: email consult@drchrisbramah.com.
ICO: Information Commissioner’s Office, ico.org.uk or 0303 123 1113.

Third-party links

Our website may link to other sites (e.g., journals, podcasts, social media). We are not responsible for their content or privacy practices. Please review their privacy policies.

Changes to this notice

We may update this Privacy Policy to reflect changes in law or our services. We will post the new version here and change the “Last updated” date.

Contact

Extra Mile Health Limited (trading as Dr Chris Bramah)
[Located at Manchester Institute Of Health & Performance]
Email: consult@drchrisbramah.com

Last updated: [2025]