Individuals connected with the Clinic (patients and practitioners) can be assured that the protection of privacy and confidentiality are given the highest priority, with all personal information being collected, held and used in strict compliance with the Data Protection Act 1998 and the General Data Protection Regulations (GDPR) 2018
What information will the Clinic collect about me?
Prior to commencing treatment, we ask you to complete a registration form which asks for information such as your name, email address, postal address, telephone or mobile number, date of birth, your insurance company if relevant, and your General Practitioner.
If you are the parent or guardian of a child under 16, we will hold limited personal data about you, so you can give consent for the child to have treatment. We will use your contact details to communicate with you about the child’s treatment.
Why do we need this information?
We ask for your data because we need to be able to contact you, have information about you if we need to contact your GP and we need to keep a treatment history of your condition.
What are you doing with my data?
The information you supply will be entered into our software programme which is used for the Clinic diary, making charges, invoicing and letter writing to GPs or Consultants. We share information between the physiotherapy team when necessary via a communication network, to allow your continued care.
Your email will be used for appointment reminders, correspondence, invoices and receipts. We may periodically send emails about new services or other information which may be of benefit to you, using the email address which you have provided. The information emails are sent based on ICO’s ‘legitimate interest’ and If you do not wish to receive these, there is an unsubscribe option.
If you supply the Clinic with a testimonial following your treatment, it may be used on our website or social media but will be anonymised unless advised otherwise.
How secure is the information you hold?
We take appropriate measures to safeguard the information we hold from unauthorised access or improper use. We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect. Only users authorised by us have access to this data. The software is password protected and backed up on a secure UK data centre managed by iomart, one of the UK’s leading data centre providers.
Can I delete my data?
Your data can be deleted at any time when requested in writing. Whilst on treatment it is advisable for your details to be kept on our system.
Do you share my data with other organisations?
To bill your insurance company or solicitors for treatment costs we are required to include your full name, address and date of birth on invoices so that they can identify you. If you do not give us permission to do this, we will not be able to facilitate direct payment with your insurance company and you will be required to settle your account directly.
When we are required to complete a report about you for your insurance company or solicitor, we will again have to provide your full name, address and date of birth.
We may transfer your personal information to third parties under confidentiality obligations when the performance of any service in relation to the activities above is sub-contracted (e.g. the administration of a marketing campaign.) We currently use SendinBlue who are GDPR compliant.
How long will the Clinic keep my information?
We will hold your personal information on our system for as long as we need to keep your paper records.
Different types of data have different legal ‘retention periods’ that we abide to, such as medical records and personnel records retention periods. Personal data will be held for no longer than is necessary and will be destroyed appropriately when the data retention period has expired.
We are required to hold your treatment records for a minimum of 8 years or up to the age of 25 if, when you were treated, you were under the age of 16.
How are my treatment records stored?
At present the Clinic uses paper treatment records which must kept for 8 years (if you are under 16 when treated, they must be kept until you are 25). During treatment and when discharged the treatment records are filed in a locked cupboard/room.
When the treatment records are to be destroyed the Clinic uses a company that securely and safely shreds the records.
Complaints & Concerns
Everyone working for the Clinic are under a legal duty to keep patients’ personal information confidential. Patients who believe their confidence has been breached may make a complaint to the practice and they could take legal action.
Alternatively, you can raise an issue, if you feel we have in any way handled your personal data unfairly or inappropriately, with the Information Commissioners Office. Further details on GDPR and data protection laws can also be found at the ICO website
Our privacy notice has been updated due to new regulations under GDPR.
GDPR regulations allow individual ‘data subjects’ particular rights, the key ones being:
- Right to be informed – of how we fairly process your data
- Right to access – the data that is held on you
- Right to rectification – of any data felt to be inaccurate or incomplete
- Right to erasure – of your data (otherwise known as ‘right to be forgotten’)
- Right to restrict processing – to ‘block’ or prevent further processing of existing data
- Right to data portability – transferring data to another provider/data controller
- Right to object – to processing (inc profiling), direct marketing, and certain types of research
- Right to question automated decision making (eg for the purpose of profiling)