At The Physiotherapy and Sports Injury Clinic Ltd, we’re committed to protecting and respecting your privacy. This Policy explains when and why we collect personal information, how we use it, the conditions under which we may disclose it to others and what choices you have. It relates to all clinic activities, not just this website. We may change this Policy from time to time so please check this page occasionally to ensure that you’re happy with any changes. By using our services, you’re agreeing to be bound by this Policy. Any questions regarding this Policy and our privacy practices should be sent by email or via our website contact form.
WHY DO WE COLLECT INFORMATION ABOUT YOU?
Health care professionals who provide you with care are required by law to maintain records about your health and any treatment or care you have received. These records help to provide you with the best possible healthcare and help us to protect your safety.
HOW DO WE COLLECT INFORMATION FROM YOU?
We obtain information about you when:
• you contact us via our website.
• you book and attend a physiotherapy appointment
• you provide us with a testimonial
• we receive communication from multidisciplinary professionals involved in your care
• we receive communication from other healthcare intermediaries involved in your care
• we keep hard copies of your personal details and treatment notes, we also keep your personal data on our computer system, which is backed up regularly to a secure remote server Carbonite- who is GDPR regulated.
WHAT INFORMATION DO WE COLLECT & HOW IS IT USED?
We do gather sensitive personal data relating to health matters pertinent to the provision of our services. Such data is provided with explicit consent of the client, by themselves or their representatives. We do not gather other sensitive data (e.g. genetic, biometric data; racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, sexual orientation, and criminal convictions).
Our services may be directed to children under 16. Any relevant information is only collected with the explicit consent of the individual holding parental responsibility for that child. If you learn that a child under 16 has provided us with personal information without consent, please contact us.
We will not sell or rent your information to third parties. We will not share your information with third parties for marketing purposes. We may pass your information to insurance companies via invoicing and report writing, to solicitors when information is requested with a consent form signed and attached by you.
WHAT PERSONAL DATA DO WE COLLECT?
• Details about you such as your name, date of birth, contact details, address.
• Physiotherapy treatment notes, which includes your past medical history and drug history.
• Mobile phone numbers – we send out text appointment reminders. If you choose not to receive these reminders please notify us verbally or in writing.
HOW LONG DO WE HOLD YOUR RECORDS?
For adults: We hold data and all physiotherapy notes for 8 years. For children: We hold data and all physiotherapy records for 8 years after their 18th birthday or until they are 25 years old. After this period the notes and all data are shredded or burned. Data from the database is deleted.
REQUESTING A COPY OF YOUR INFORMATION
You may request a copy of any data we hold about you. You need to request this in writing and your records will be released 40 days from the request.
UPDATING OR CORRECTING YOUR INFORMATION
The accuracy of your information is important to us. If you change your address, or any of the other information we hold is inaccurate or out of date, please contact us so we may correct our records.
DELETING YOUR INFORMATION
You have the right to request erasure of your personal information. Unless there is a compelling reason for the data not to be erased (for example, if we need to use that data to fulfil our contractual or legal obligations), your personal data will be deleted on request.
AUTOMATED DECISION MAKING
We do not use any personal information for automated decision making or profiling; your data is not subject to automated decision making or profiling.
USE OF “COOKIES”
Physiotherapy and Sports Injury Clinic Ltd takes security seriously. In order to protect your information from loss, misuse or unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect. These steps include the following:
• Data minimisation
• Password best practice
• Security best practice concerning devices (PCs, laptops, mobile devices), online accounts, website hosting, physical access and storage. A copy of our internal Data Security Policy is available on request.
Our Data Security Policy includes a clear process for handling a personal data breach, should one occur. Where appropriate, Physiotherapy and Sports Injury Clinic Ltd will promptly notify you of any unauthorized access to your personal information.
If you wish to raise a complaint on how we have handled your personal information, you can contact us directly and we will investigate the matter. If you are not satisfied with our response or believe we are processing your personal information not in accordance with the law you can complain to the Information Commissioner’s Office (ICO).
Physiotherapy and Sports Injury Clinic may change this Policy from time to time. Any changes will be posted on this site and will take effect immediately.
Last updated: 23 May 2018