PhysioPlus – PRIVACY POLICY
The nature of our business means we are required to store personal data. Here is what we hold, how we keep it safe and why.
GDPR Website Privacy Policy – www.physioplus.org.uk
Your personal information is important to us and we endeavour to keep it safe and secure. This privacy policy applies to the PhysioPlus Physiotherapy Clinic’s website at www.physioplus.org.uk (the “Website”). At the PhysioPlus Physiotherapy Clinic – Baldwin Associates Ltd we take your privacy seriously. This policy covers the collection, processing and other use of personal data under the Data Protection Act 1998 (“DPA”) and the General Data Protection Regulations (“GDPR”).
For the purpose of the DPA and GDPR we are the data controller and any enquiry regarding the collection or processing of your data should be addressed to Andrew Baldwin at info@physioplus.org.uk
By using the Website you consent to this policy. We are registered with the Information Commissioner’s Office for this purpose.
Enquiries
From time to time customers contact us with enquiries about the services we offer. This may be over the phone, email, social media, in person, or through our website contact page.
We will respond to your enquiry without requesting any personal information we do not require. Generally, we just need your name and how you want us to contact you i.e. your phone number or e-mail address.
We do not use your information for any other purpose other than responding to your enquiry. You will not be added to any mail list or contacted for any other purpose.
Booking
When you decide to book an appointment, this can be done over the phone, e-mail or online through our online enquiry system.
At the point of booking, we do not ask you for any personal health information or any payment information. We just collect your name and contact details to enable us to book your appointment. This is because if you do not attend an appointment, then we would have no reason to collect sensitive information, such as your medical details and payment details.
This information is entered directly into our practice management system. This is secure software – Freehand Clinic Manager Professional based on platform administered by: Sensible People, The Byre, Old Hereford Road, Abergavenny, NP7 7LE.
Once you have attended an appointment for treatment, your therapist will record a written summary of the session. This is in line with legal guidelines which all therapists are required to comply with – for your protection and ours. We have a full privacy policy which can be requested from us, which gives you more information about your health record information, how we use/store it, and what rights do you have. The types of personal information we use may include:
- Personal details, such as names, addresses, telephone numbers
- Family details, for example – next of kin
- Education, training
- GP details
- Employment details
- Financial details
- Services, for example – details of services accessed or offered by providers
- Lifestyle and social circumstances
- Physical and/or mental health details
- Visual images, personal appearance and behaviour, for example if CCTV images are used as part of building security
- Details held in the client’s records, where we hold or manage clients’ records
Our legal basis for collecting and processing this data is because you have either given us consent to process this data as part of the provision to you of the services purchased by you, or because the processing of your data is necessary for a contract we have with you. All sensitive data is encrypted and stored securely using industry-standard data encryption, multiple layers of firewalls are in place, and we perform regular security audits.
The information we collect and store relating to you is primarily used to enable us to provide our services to you, and to meet our contractual commitments to you.
E-mail List
When you attend our clinic for treatment, you are required to complete a Physiotherapy Assessment form. On this form, you have the option to provide your e-mail address – this is how you opt-in to our email list to receive email notifications of your appointments.
You can contact our clinic at any time to request us to delete your email address, so that you stop receiving email notifications of your appointments.
We never pass your email details onto third parties or use it for any purpose other than to contact you about an appointment you have made.
Payments Information
Your payment information (e.g. credit card details) is provided when you make a purchase from us. That information is processed securely and privately by the third party payment processors that we use. The PhysioPlus Physiotherapy Clinic will not have access to that information at any time. We may share your personal data with our payment processors, but only for the purpose of completing the relevant payment transaction. Such payment processors are banned from using your personal data, except to provide these necessary payment services to us, and they are required to maintain the confidentiality of your personal data and payment information.
If you do not want us to use your data to enable us to contact you, you will have the opportunity to withhold your consent to this, when you provide your details to us on the assessment form, or you can do so by writing to us at the address: info@physioplus.org.uk
Job enquiries through our Website
You have the option to submit enquiry regarding joining our team, send us an email at: info@physioplus.org.uk
Whatever you submit on here will come through to us via email, and will be stored on our email server until we delete it. Our retention schedule for this information is detailed in our company privacy policy and varies depending upon what has been submitted.
Full details of these can be found in our Physioplus Company Privacy Policy which is available upon request.
Use of cookies
Our Website uses cookies. We use cookies to gather information about your computer for our services and to provide statistical information regarding the use of our Website. Such information will not identify you personally – it is statistical data about our visitors and their use of our Website. This statistical data does not identify any personal details whatsoever. We may also gather information about your general Internet use by using a cookie file. Where used, these cookies are downloaded to your computer automatically. This cookie file is stored on the hard drive of your computer, as cookies contain information that is transferred to your computer’s hard drive. They help us to improve our Website and the service that we provide to you. All computers have the ability to decline cookies. This can be done by activating the setting on your browser which enables you to decline the cookies. Please note that should you choose to decline cookies, you may be unable to access particular parts of our Website. Where we work with advertisers on our Website, our advertisers may also use cookies, over which we have no control. Such cookies (if used) would be downloaded once you click on advertisements on our Website.
Legal Entities
Staff
Our therapists are employed and self-employed for HR purposes and provide services to our patients under Employee and Sub-Contractor agreements. They are fully qualified and insured to provide the relevant services.
Our reception staffs are employees of PhysioPlus, Baldwin Associated Ltd.
Controlling the use of your data
We do not use or disclose sensitive personal data, such as race, religion, or political affiliations, without your explicit consent.
We will process, disclose or share your personal data only if required to do so by law or in the good faith belief that such action is necessary to comply with legal requirements or legal process served on us or the website.
We do not process your personal data for marketing purposes.
Security
The transmission of information via the Internet or email is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of data while you are transmitting it to our site; any such transmission is at your own risk. Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorised access.
Your rights
The DPA and GDPR give you the right to access information held about you by us. Please write to us or contact us by email if you wish to request confirmation of what personal information we hold relating to you. You can write to us at the address: info@physioplus.org.uk. There is no charge for requesting that we provide you with details of the personal data that we hold. We will provide this information within one month of you requesting the data.
You have the right to change the permissions that you have given us in relation to how we may use your data. You also have the right to request that we stop using your data or that we delete all personal data records that we hold relating to you. You can exercise these rights at any time by writing to us at the address: info@physioplus.org.uk