At RTW Plus Ltd, we take data privacy seriously and are committed to adhering to the highest standards as laid out in relevant legislation. As a data processor, our handling of personal data is confined to the scope required for delivering our services, rather than large-scale operations. 

Given that we manage ‘sensitive personal data,’ we have appointed a dedicated Data Protection Officer (DPO). This role ensures stringent compliance with the responsibilities defined in the Data Protection Act (DPA). 

Should you have any queries or concerns regarding data protection, you are encouraged to reach out to us via email at or, if you prefer, by telephone at 0203 884 1455. 

We place the utmost importance on data protection and are fully compliant with the General Data Protection Regulation (GDPR). We are also registered with the Information Commissioner’s Office (ICO), reaffirming our commitment to safeguarding your data. 

Definition of personal data

Personal data is defined as any information that relates to an identifiable, living individual, either directly or indirectly, and has the potential to impact that individual’s privacy in either a personal or professional capacity. This extends to any opinions expressed about the individual, as well as any intentions signalled toward them. 

Examples of personal data, assuming the information can be linked to an identifiable individual (referred to as the ‘data subject’), may include but are not limited to: 

  • Financial details such as an individual’s salary or other monetary information 
  • Aspects of an individual’s private life, including family circumstances, health conditions, employment status, or subjective opinions regarding their mental state 
  • Special categories of personal data, encompassing elements like racial or ethnic origin, political opinions, religious or philosophical beliefs, physical or mental health status, sexual orientation, and criminal history. 

Information we collect

The personal data we retain is acquired either directly from the data controller or from the individual to whom the data pertains, known as the data subject. Our data collection processes encompass both personally identifiable information and sensitive personal data. This includes, but is not limited to name, date of birth, and contact details such as home and email addresses. We also gather information pertaining to medical history and other elements related to identity. 

In instances where we are engaged to provide services to clients undergoing rehabilitation, the types of data we may collect and process can include: 

  • Full Name 
  • Gender 
  • Date of Birth 
  • Residential Address 
  • Email Address 
  • Telephone Number 
  • NHS Identification Number 
  • Hospital Identification Number 
  • Details of Referring Entities, including insurers, legal representatives, and case managers 
  • Occupational Status 
  • Emergency Contact or Next of Kin Information 
  • Details of General Practitioner (GP) or Hospital 
  • Circumstances surrounding any accidents or incidents 


In accordance with regulatory guidelines, we are obligated to disclose to you any third-party processors involved in the handling of your personal data. We have obtained and documented assurances from these processors concerning their compliance with data protection laws. They include: 

  • Microsoft: We employ Microsoft Office 365 for storing various types of information, including data related to staff, rehabilitation clients, and referrers. For a deeper understanding of the privacy and security measures in place, you can visit Microsoft’s Trust Centre at Microsoft Trust Center. 
  • iinsight – For more details regarding the information security measures implemented by this service, kindly visit their official webpage 
  • Medical and Treatment Providers: We partner with accredited treatment suppliers situated in the United Kingdom. These organisations assist us in offering medical or therapeutic services and operate either as processors or as joint controllers of data. 

Purpose of processing and the legal basis for processing

We utilise personal data to optimise the planning and execution of our services, foster meaningful relationships with our service users, and continually improve the quality of our offerings. Additionally, this data is instrumental in evaluating the overall effectiveness of our services. 

Ensuring compliance with all relevant regulatory obligations is another key aspect for which we use personal data. Such data is also critical for maintaining the safety and wellbeing of both our staff and our rehabilitation clients. 

For marketing purposes, we leverage data to promote our services and share pertinent information and insights related to the services we provide. Please be assured that we do not engage in profiling or automated decision-making processes. 

Data processing safeguards

To underpin our services with robust data security, we have a comprehensive suite of safeguards and procedures, detailed in our Data Protection Policy and GDPR Risk Assessment. In summary, our approach includes the following key components: 

  • Organisational Commitment: We place a high emphasis on governance and ethical data protection, fostering a culture that integrates these principles into our routine operations. 
  • Staff Training: All our team members undergo rigorous training, education, and supervision to become proficient in up-to-date data protection practices. 
  • Risk-Mitigated Systems: Our electronic infrastructures are carefully designed to mitigate the risks associated with handling personal data. 
  • Ongoing Compliance: We conduct regular audits to ensure our operational practices remain in alignment with established data protection standards. 
  • Accredited Software: To bolster data security, we rely exclusively on software sourced from accredited vendors. 
  • Vetted Partnerships: When working with external companies, we choose partners who have demonstrated an unwavering commitment to data protection. 
  • Device Security: Extensive security measures are in place to protect all devices against online threats. 
  • Secure Data Transmission: Our data protection strategies employ software firewalls and TLS-encrypted emails via a Microsoft Exchange server to ensure secure data transfer. 
  • Website Security: Our website meets industry standards for online safety, as evidenced by its SSL certificate. Importantly, we do not store any personally identifiable information on our website. 

Details of transfers to third party and safeguards

We wish to underscore that we neither sell nor transfer your personal data to any external entities. Additionally, our company does not engage in the transfer of data to third countries or international organisations

Retention period

We collect data for various operational purposes, including generating quotes for prospective referrers and fulfilling both service and contractual obligations. In compliance with regulatory guidelines, we may retain this information for up to seven years to meet financial record-keeping requirements. Additionally, data may be kept for communication with rehabilitation clients, marketing activities, disseminating relevant information, and for legal or regulatory defence, until such information is no longer applicable or necessary. 

The retention of this contractually essential data is crucial for facilitating effective communication with both referrers and beneficiaries. Without maintaining this information, our capacity to engage meaningfully with these parties and efficiently address their queries would be compromised. 

Legally, we are obligated to retain specific categories of information about our rehabilitation clients, including but not limited to Contact, Identity, Medical, Financial, and Transaction Data, for a minimum of seven years following the cessation of their client status. This is for tax, regulatory, and/or legal purposes. 

Existence of each data subject's rights

  • Individuals whose data is processed by us have the right to request objection, access, deletion, alteration, restriction of processing, withdrawal of consent, and data portability. To exercise these rights, data subjects can contact us using the provided contact details above. 
  • Data subjects also possess the right to lodge a complaint with the UK supervisory authority (the ICO); you can find their contact details online. However, we kindly request that you give us the opportunity to address your concerns initially before reaching out to the ICO. 
  • Additionally, data subjects retain the right to withdraw their consent at any time, where applicable. 

Information about our products and services

  • Occasionally, we may send you information about RTW Plus Ltd, including details about our products and services, which we believe might be of interest to you. 
  • If you wish to discontinue receiving such communications, you have the option to inform us at any time by sending an email to or by utilising the available opt-out facilities. 

Maintaining the accuracy of your information is of utmost importance to us. If you wish to review or update the details you have provided, please don’t hesitate to reach out to us at or call us at 0203 884 1455.  

Information automatically collected from your computer

Our cookies policy can be found at  

  • Log files/IP address: Whenever you access the Site, our web server automatically logs your IP address. However, please note that this IP address is not associated with any of your personal information. We utilise IP addresses to administer the Site and collect demographic data for aggregation purposes. 
  • Additionally, we may collect non-personal information (information that cannot be used to identify you) such as the type of internet browser you are using. This allows us to enhance the efficiency of our service delivery. 

Links to third-party websites

We want to clarify that we cannot assume responsibility for the privacy policies and practices of other websites, even if you access these sites through links on our Site. Therefore, we highly advise you to review the privacy policy of each website you visit and contact the respective organisation if you have any inquiries. 

If you reached our Site via a link from a third-party website, please note that we cannot be held responsible for the privacy policies and practices of the owners or operators of that third-party site. In this case, we recommend that you check the privacy policy of the third-party site in question and reach out to the relevant organisation if you have any concerns.