Information We Collect
We may collect and process the following data about you:
1. Personal Information: This includes your name, address, date of birth, gender, contact information, and any other information you provide during the registration process.
2. Medical Information: We collect data about your medical history, current health conditions, and any other relevant information necessary for providing appropriate physiotherapy services.
Holding and Retention of Medical Data
Your medical data is crucial for providing you with the highest standards of care and for maintaining a record of your treatment history. As such, we retain your medical data in accordance with UK laws and guidelines.
1. Retention Period: Retention Period: For adults, we keep your medical records for 8 years after the conclusion of treatment or death. For children and young people, we retain these records until the patient’s 25th birthday, or 26th if the young person was 17 at the conclusion of treatment, or 8 years after death
2. Data Deletion Requests: Under the General Data Protection Regulation (GDPR), you have the right to request erasure of your personal data. However, this right is not absolute. Requests for deletion of medical records will typically be refused due to our legal obligation to retain these records for a specific period. This is crucial for ensuring continuity and quality of care and for fulfilling other legal and regulatory requirements.
3. Data Access and Amendments: You have the right to access your medical records and request amendments to ensure the information is accurate. If you wish to access your records or request amendments, please contact us using the information provided on our website.
Use of Your Information
The information we collect is used solely for providing physiotherapy services. This includes:
1. Developing and providing appropriate treatment plans.
2. Communicating with you regarding appointments, updates, and other necessary information.
3. Managing your account, including billing and payments.
We take the protection of your personal information very seriously and use a range of measures to ensure that your data is secure and treated with the utmost care.
1. Two-Factor Authentication (2FA): In order to safeguard your data, we utilise two-factor authentication (2FA) for all user accounts. This is an extra layer of security designed to ensure that you’re the only person who can access your account, even if someone else knows your password.
2. Cloud-Based Patient Management System: All of our medical records, including your personal and health information, are securely stored in our cloud-based patient management system. This system is protected by advanced encryption and security measures to prevent unauthorised access and maintain data security.
3. Physical Records: There may be instances where we receive or create physical records. Once these records are digitally uploaded into our cloud-based system, the physical copies are promptly destroyed in a secure and confidential manner to ensure no residual data remains.
4. Data Breach Procedures: In the unlikely event of a data breach, we have robust procedures in place that align with our legal obligations under the General Data Protection Regulation (GDPR). These procedures include notifying the relevant regulatory bodies and, where applicable, the individuals affected.
By implementing these security measures, we strive to protect and secure your personal information to the best of our ability.
We respect the confidentiality of your information and will not disclose it to third parties without your explicit consent, except in the following circumstances:
1. If it’s required by law or to comply with a legal process.
2. In case of a medical emergency where it’s vital to share information with other health care professionals.
3. Referral-related Reporting: If you have been referred to us
by a third party who is funding your treatment, we may share Initial Assessment
Reports, Review Reports, and Discharge Reports. These reports provide important
updates on your treatment recommendations, clinical rationale, barriers to
recovery, goals, and progress with treatment. This is essential to ensure
continuity of care and aligns with our responsibility to keep the referring
party informed about your treatment journey. Please note that we only share
such information with your explicit consent and within the parameters set by
relevant laws and regulations.
Marketing Communications and Use of Personal Data
We value the trust you place in us, and we are committed to respecting your privacy and the confidentiality of your personal information.
1. Selling Personal Data: We will never sell your personal information to any third parties. Your personal information is used solely for the provision of our services, and to provide you with important information related to your care.
2. Marketing Consent: We may occasionally wish to send you information about our services and offers that may be of interest to you. However, we will only do this if we have obtained your explicit consent. During your registration process, or at any other suitable time, we may ask if you would like to receive such marketing communications.
3. Opting Out: You have the right to opt out of receiving marketing communications from us at any time. You can do this by clicking the ‘unsubscribe’ link in any email communication we send, by sending us an email, or by texting us at the number provided. Once we receive your request to unsubscribe, we will promptly remove you from our marketing communications list.
By exercising your choice regarding marketing communications, you have greater control over the information you receive from us. We will always respect your decisions and work to ensure we maintain your trust.
1. Types of Cookies: We use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your device for a set period of time or until you delete them). We may use the following types of cookies:
2. Essential Cookies: These cookies are essential for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website.
3. Analytical/Performance Cookies: These cookies allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users find what they are looking for easily.
4. Your Consent: When you first visit our website, we will ask for your consent to use non-essential cookies. Please note that essential cookies cannot be turned off as they are necessary for the functioning of the website.
5. Managing Cookies: You can set your browser not to accept cookies. However, in a few cases, some of our website features may not function as a result.
We encourage you to familiarise yourself with your own browser’s cookie settings and adjust them according to your personal preferences.
Under the General Data Protection Regulation (GDPR) and the Data Protection Act 2018, you have the right to access your personal data, correct any inaccuracies, erase your data, or restrict the processing of your data. To exercise any of these rights, please contact us.
Subject Access Requests
You have the right to access the personal information we hold about you. This is known as a Subject Access Request (SAR).
If you would like to make a SAR, please contact us in writing:
1. By email: firstname.lastname@example.org
2. By post: 14 Wynchgate Road, Stockport, SK7 6NZ
In your request, please specify that you are making a Subject Access Request and provide the following information:
· Your full name
· Contact details
· Details of the specific information you require
This will help us to process your request efficiently. We will respond to your request within one month from when we receive it, in accordance with the GDPR. In some cases, such as where your request is more complex, we may need to extend this period. If that happens, we will let you know.
If you have any questions regarding this policy, or would like to exercise any of your rights, you may contact us by:
1. By email: email@example.com
2. By post: 14 Wynchgate Road, Stockport, SK7 6NZ