PRIVACY NOTICE FOR PHYSIO 50
HOW WE COLLECT YOUR PERSONAL INFORMATION
You directly provide our company with most of the data we collect which is the personal data necessary to enable physiotherapy treatment needs to be met
HOW WE USE PERSONAL INFORMATION PURPOSE OF THIS NOTICE
This notice describes how we collect and use personal information about you, in accordance with the General Data Protection Regulation (GDPR), the Data Protection Act 2018 and any other national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK (“Data Protection Legislation”).
ABOUT US
Physio50,
78 Carysfort Rd London,
N16 9AP.
For the purpose of the Data Protection Legislation and this notice, we are the “data controller”. This means that we are responsible for deciding how we hold and use personal information about you. We are required under the Data Protection Legislation to notify you of the information contained in this privacy notice.
THE DATA WE COLLECT
• Name, address, date of birth
• Email address • Phone numbers
• GP contact details
• Occupation
• Medical history
• Correspondence
• Details of any complaints received
We keep an inventory of personal data we hold on our patients and this is available on request.
INFORMATION WE HOLD ABOUT YOU
We use it to contact you and to be able to provide you with the physiotherapy service and to comply with our legal obligations
HOW WE STORE YOUR DATA
Your data is stored securely in CLINICO Systems We will ask for your consent to keep the information and to contact you. Medical records will be kept for the statutory time and then destroyed. Data may be shared with third parties and we will ask you for your consent for this.
Electronic data is kept secure by
• Appropriate handing of personal information and how to respond to a data breach
• Common sense cybersecurity requirements, such as locking screens when away from them, ensuring Windows updates are installed on release
• We ensure passwords are changed regularly on our systems
• Our third party providers of systems used to process your personal data are compliant with data protection laws and requirements, and also have effective data restore capabilities to ensure your data can be recovered
RETENTION OF YOUR DATA
We will only retain your personal information for as long as is necessary to fulfil the purposes for which it is collected. When assessing what retention period is appropriate for your personal data, we take into consideration:
• the requirements of our business and the services provided;
• any statutory or legal obligations;
• the purposes for which we originally collected the personal information;
• the lawful grounds on which we based our processing;
• the types of personal information we have collected
SHARING PERSONAL INFORMATION
We will share our personal information with third parties where we are required by law, with a regulator, with an insurer, where it is necessary to administer the relationship between us or where we have another legitimate interest in doing so. DATA SECURITY We have put in place commercially reasonable and appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business to know. They will only process your personal information on our instructions and are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
RIGHTS OF ACCESS, CORRECTION, DELETION AND RESTRICTION
Your duties to inform us of changes It is important that the personal information we hold about you is accurate and current. Should your personal information change, please notify us of any changes that we need to be made aware of. Your rights in connection with your personal information You have a right to:
• Access and have copies of your records.
• Have inaccuracies deleted.
• Have information about you erased.
• Object to direct marketing.
• Restrict the processing of your information, including automated decision-making.
• Take your data to another practice or anywhere else. Patients who wish to have inaccuracies deleted or to have information erased must speak to the physiotherapist who provided or provides their care. You will not have to pay a fee to access your personal information (or to exercise any other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances. We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
RIGHT TO WITHDRAW CONSENT
Where you have provided your consent to the collection, processing and transfer of your personal information, you have the right to withdraw your consent at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your personal information for the purposes you originally agreed to, unless we have a legitimate basis for doing so in law.
CHANGES TO THIS NOTICE
Any changes we may make to our privacy notice in the future will be provided to you in writing. This privacy notice was last updated on 1 January 2021
CONTACT US
If you have any questions regarding this notice or if you would like to speak to us about the manner in which we process your personal information, please email us at andrew@physio50.com You also have the right to make a complaint to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues, at any time. Website address http://ico.org.uk