Physiotherapy at the Old Dairy gather and process your personal information in accordance with this privacy notice and in compliance with the relevant data protection regulation. This notice provides you with the necessary information regarding your rights and our obligations, and explains how, why and when we process your personal data.
Information That We Collect
We process your personal information to meet our legal, statutory and contractual obligations and to provide you with our products and services. We will never collect any unnecessary personal data from you and do not process your information in any way, other than as specified in this notice.
The personal data that we may collect from you includes: –
- Title / Name
- Date of Birth
- Home Address
- Personal Email / Business Email
- Sex
- Home Telephone Number / Mobile Telephone Number / Work Telephone Number
- Work Title
- Medical insurance details
- Referral Source
- Special Category Data (i.e. health/medical information, work history, hobbies, family background)
- GP / Consultant Details
- Bank details (for refund purposes only)
We collect information in the below ways: –
- Website ‘contact us’ page
- Email correspondence (either from you or referral from GP / Consultant or employer)
- Telephone
- Face to face consultation
How We Use Your Personal Data (Legal Basis for Processing)
We take your privacy very seriously and will never disclose, share or sell your data without your consent; unless required to do so by law. We only retain your data for as long as is necessary and for the purpose(s) specified in this notice as detailed below: –
- We collect your personal data so we can book you an appointments and identify you .
- We collect and store your personal data as part of our legal obligation for physiotherapy note keeping.
- We may share your data with external health care professionals who are involved in or recommended to be involved in your care. This will always be discussed with you and consent obtained.
- We may share your data with your external referring company or insurer (where applicable) as part of your treatment programme. This will always be discussed with you and consent obtained.
Your Rights
You have the right to access any personal information that we hold about you and to request information about: –
- What personal data we hold and for what purposes
- The categories of personal data concerned
- The recipients to whom the personal data has/will be disclosed
- How long we intend to store your personal data for
- If we did not collect the data directly from you, information about the source
If you believe that we hold any incomplete or inaccurate data about you, you have the right to ask us to correct and/or complete the information. We will strive to do so as quickly as possible; unless there is a valid reason for not doing so, at which point you will be notified.
You also have the right to request deletion of your personal data in accordance with data protection laws. Where applicable, you have the right to data portability of your information on a convenient medium.
If we receive a request from you to exercise any of the above rights, we will ask you to verify your identity before acting on the request; this is to ensure that your data is protected and kept secure.
Safeguarding Measures
We take your privacy seriously and takes every reasonable measure and precaution to protect and secure your personal data. We work hard to protect you and your information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures in place, including: –
- Restricted access
- Firewalls
- Anti-Virus / Malware
- Website hosting
- Email servers
Consequences of Not Providing Your Data
You are not obligated to provide your personal information to Physiotherapy at the Old Dairy however, as this information is required for us to provide you with our clinical services, we will not be able to offer our services without it.
How Long We Keep Your Data
We only ever retain personal information for as long as is necessary and we have strict review and retention policies in place to meet these obligations. We are required by UK Physiotherapy guidelines to keep your clinical records for a minimum of 8 years from the date of last treatment for adult records, and for children eight years after their 18th birthday or until 25 years of age at which time the data will be destroyed.
Special Categories Data
Owing to the services and treatments that we offer, we will need to process sensitive personal information (known as special category data) about you, this ensures safe and effective treatment can take place. Where we collect such information, we will only request and process the minimum necessary for the specified purpose and identify a compliant legal basis for doing so.
Where we rely on your consent for processing special category data, we will obtain your explicit consent through a signature at your first consultation. You can modify or withdraw consent at any time, which we will act on immediately, unless there is a legitimate or legal reason for not doing so.
Consent
Physiotherapy at the Old Dairy takes your privacy seriously and will only process your personal data with your consent and in accordance with the terms stated in our Privacy Notice. We will obtain your explicit consent through a signature at your first face-to-face consultation. You can modify or withdraw consent at any time, which we will act on immediately, unless there is a legitimate or legal reason for not doing so.