Walton Street Wellness
104 Walton Street
Oxford
OX2 6EB
Privacy Policy
Cane Osteopathy Ltd
Trading as Face Oxford and Walton Street Wellness
Last updated: March 2026
Our contact details
Organisation: Cane Osteopathy Ltd
Trading as: Face Oxford and Walton Street Wellness
Address
104 Walton Street
Oxford
OX2 6EB
United Kingdom
Email: info@faceoxford.com
If you have any questions about this privacy policy or how we handle your personal data, please contact us using the details above.
Data Controller
Cane Osteopathy Ltd is registered with the UK Information Commissioner’s Office (ICO) as a data controller.
ICO Registration Number: ZA575218
Scope of services
Cane Osteopathy Ltd operates services under the trading names Face Oxford and Walton Street Wellness.
Face Oxford provides aesthetic and skin health treatments.
Walton Street Wellness is developing services focused on lifestyle, wellbeing and metabolic health. At the time of writing, no regulated healthcare services are being delivered under Walton Street Wellness.
Where consultations or treatments involve discussion of health, lifestyle or wellbeing, relevant personal information may be collected to ensure safe and appropriate care.
The type of personal information we collect
We may collect and process the following types of personal information.
Personal identifiers and contact information
• Name
• Date of birth
• Address
• Email address
• Telephone number
Health and consultation information
Where relevant to consultations or treatments we may collect:
• Medical history
• Medication history
• Lifestyle and health information
• Consultation notes
• Treatment records
• Clinical photographs
Administrative and communication information
• Appointment details
• Email or telephone correspondence
• Payment and transaction information
Website and booking information
• Website contact forms
• Online booking information
• Marketing preferences
Some information collected may be classified as special category health data under UK GDPR where it relates to health consultations or treatment records.
How we collect personal information
Most personal information we process is provided directly by you when you:
• Book an appointment
• Complete consultation or medical questionnaires
• Contact us via phone, email or website
• Receive treatments or consultations
• Subscribe to newsletters or marketing communications
In some circumstances we may receive relevant information from:
• Referring healthcare professionals
• Laboratory partners where tests are arranged
• Other clinicians involved in your care
How we use your information
We use personal information in order to:
• Provide consultations, treatments and services
• Maintain accurate treatment records
• Communicate with you about appointments and care
• Arrange laboratory testing where requested
• Process payments and manage bookings
• Improve our services and clinic operations
• Send newsletters or updates where consent has been given
Lawful bases for processing
Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on include:
Contractual obligation
Processing necessary to provide the services you have requested.
Legal obligation
Processing required to meet legal and professional responsibilities relating to record keeping.
Legitimate interests
Processing necessary for the safe and effective operation of our services.
Consent
Where you have given consent for marketing communications or use of images.
Where health-related information is collected, it is processed in accordance with UK GDPR provisions relating to health data.
Clinical photography
Clinical photographs may be taken as part of consultation or treatment documentation. These images form part of the clinical record and are stored securely.
Where photographs may be used for educational, training or marketing purposes, this will only occur with explicit written consent.
You may withdraw this consent at any time.
Marketing communications
Where you have opted in to receive updates or newsletters, we may contact you with information about services, treatments or clinic news.
Marketing emails may be sent through secure email communication platforms. You may unsubscribe at any time using the unsubscribe link provided in emails or by contacting us directly.
We do not send marketing communications without your consent.
Sharing personal information
We may share relevant personal information with trusted third parties where necessary, including:
• Laboratory partners
• Referring clinicians or healthcare professionals
• Payment processing providers
• Secure IT and clinical record providers
• Professional advisers where required by law
We only share information where necessary and ensure appropriate safeguards are in place.
Digital systems and AI-supported tools
Cane Osteopathy Ltd uses secure digital systems to support patient records, appointment management, communication and clinical documentation.
These systems may include platforms used for healthcare record management, booking systems, communication services and operational management.
In some cases software may use automated or AI-supported features to assist with administrative processes or documentation. Where such systems are used, they are implemented in accordance with UK data protection legislation and Data Protection Impact Assessments (DPIAs) are carried out where appropriate.
These tools support clinic operations, but clinical judgement and decision-making always remain the responsibility of the treating clinician.
Data security
We take appropriate technical and organisational measures to protect personal information.
These include:
• Secure digital record systems
• Password-protected access
• Restricted staff access to personal data
• Secure storage of clinical records
All staff and clinicians working with Cane Osteopathy Ltd are required to maintain strict confidentiality.
How long we keep your information
We retain personal information only for as long as necessary.
Typical retention periods include:
Clinical records
Retained for at least 8 years after the last treatment or consultation.
Administrative and financial records
Retained for up to 7 years in accordance with financial regulations.
After these periods, information is securely deleted or destroyed.
Cookies and website analytics
Our websites may use cookies and similar technologies to improve user experience and analyse website traffic.
Analytics tools may collect limited anonymous information about how visitors use the site. This helps us improve the functionality and usability of our websites.
Further information about cookies can be found in our Cookies Policy.
Your data protection rights
Under data protection law, you have rights including:
Right of access
You can request copies of your personal information.
Right to rectification
You can request correction of inaccurate or incomplete information.
Right to erasure
You can request deletion of your information in certain circumstances.
Right to restrict processing
You can ask us to limit how your data is used.
Right to object
You can object to certain types of processing.
Right to data portability
You can request transfer of your information to another organisation where applicable.
You are not required to pay a fee for exercising your rights. We will respond within one month.
To make a request please contact:
How to complain
If you have concerns about how we use your personal information, please contact us directly so we can try to resolve the issue.
You also have the right to complain to the Information Commissioner’s Office (ICO):
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline: 0303 123 1113
Website
https://www.ico.org.uk
Final note
This privacy policy applies to services delivered by Cane Osteopathy Ltd, including those provided under the trading names Face Oxford and Walton Street Wellness.
