This privacy policy sets out how Community Physio Ltd. (herewith termed CP) uses and protects any information that you give CP when you use this website and/or our services.

CP is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this privacy statement.

CP may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This latest revision of this policy is effective from 25th May 2018 and is in line with the latest information from the General Data Protection Regulation ("GDPR") regulations.

In addition to website traffic data, this policy describes how we collect and use personal data about you during and after your time as a patient of our clinic. It also sets out how we use that information, how long we keep it for and other relevant information about your data. This notice applies to current and former clients.

Data

What Data We Collect

Personal data or information means any information about an individual from which that person can be identified. It does not include data where the identity has been removed.

For general website traffic, we may collect the following information:

  • name and job title
  • contact information including email address
  • demographic information such as postcode, preferences and interests
  • other information relevant to customer surveys and/or offers

For our Physiotherapy services we may hold many types of data about you, including:

  • Your name, address, date of birth, email address and phone numbers.
  • Banking or financial information used for booking of appointments online or purchasing products
  • Information concerning your Physiotherapy Assessment and treatment
  • Your health information you have given to us in your consultation
  • Voicemails that are left on our telephone system
  • The content of letters and emails you send to us
  • Information submitted through our website
  • Cookie data
  • Images supplied to us for use in our service delivery

Special Categories of Data

There are “special categories” of more sensitive personal data which require a higher level of protection, such as information about a person’s health or sexual orientation. During the course of your treatment sessions, it is possible some of this data may be discussed and recorded if pertinent to your coaching sessions. This may include details of your:

  • Health
  • Sex life
  • Race
  • Ethnic origin
  • Religion
  • Education
  • Genetic and biometric data

We will use your special category data to ensure the Physiotherapy sessions are relevant to your needs.

We must process special categories of data in accordance with more stringent guidelines. We will process special categories of data when the following applies:

  • you have given explicit consent to the processing (on our initial contract forms)
  • we must process the data in order to carry out our legal obligations
  • we must process data for reasons of substantial public interest

Less commonly, we may process this type of information where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public. As with all cases of seeking consent from you, you will have full control over your decision to give or withhold consent and there will be no consequences where consent is withheld. Consent, once given, may be withdrawn at any time. There will be no consequences where consent is withdrawn.

What we do with the information we gather

We require this information to understand your needs and provide you with a better service, and in particular for the following outlined in this policy.

How We Collect Your Data

We collect data about you in a variety of ways and this will usually start when you make an enquiry to community-physio and continue when you attend the first and subsequent physio sessions. At community-physio, we keep paper records. Electronic records are used via emails and smart phone communications. Please do not leave personal health information here, these are for enquires about what services we offer or if you would like community-physio to contact you. Personal data, paper consent forms and physiotherapy records are stored in a locked, secure records room. Access to this room is secure and is accessible only to Diane Hollingworth.

Why We Process Your Data (How We will use information about you)

The law on data protection allows us to process your data for certain reasons only, these are classified as legitimate interests. Most commonly, we will use your personal information in the following circumstances:

• in order for us to carry out our contract with you (your requesting Physiotherapy sessions and our agreement to provide it constitutes a contract) which will include confirming appointments, informing you of changes to appointments or session arrangements.

  • in order to provide you with the best possible Physiotherapy sessions by recording session information which would be in your best interest.
  • In order to carry out legally required duties
  • where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests We may use your personal information in these rare situations:
  • where we need to protect your or someone else’s interests
  • where it is needed in the public interest or for official purposes Situations in which we will use your personal information We need all the categories of information to primarily allow us to perform our contract of treatment with you and to enable us to comply with legal obligations.

If you do not provide your Data to us

One of the reasons for processing your data is to allow us to carry out our duties in line with your Physiotherapy contract with us. If you do not provide us with the data needed to do this, we will be unable to perform that care to ensure your best interests are being maintained.

Change of Purpose

We will only use your personal information for the purposes for which we collected it unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Automated Decision Making

No decision will be made about you solely on the basis of automated decision making (where a decision is taken about you using an electronic system without human involvement) which has a significant impact on you.

Sharing Your Data

Your data will be shared with colleagues within community-physio but only where it is necessary for them to undertake their duties. This includes, for example, other physiotherapists working for, or on behalf of the community-physio in the future. We do not share your data with bodies outside of the European Economic Area. We may need to share your data with another health professionals/ Doctor/ emergency serves and the police if we feel that you are at risk of injuring yourself and/ or others.

How Long We Keep Your Data For

In line with data protection principles, we only keep your data for as long as we need it for. To determine any appropriate retention period for personal data beyond eight years we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means and the applicable legal requirements.

Once we no longer have a lawful use for retaining your information, we will dispose of it in a secure manner that maintains data security. In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. YOUR DUTY TO INFORM US OF CHANGES It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your time as a patient with us.

YOUR RIGHTS IN RELATION TO YOUR DATA The law on data protection gives you certain rights in relation to the data we hold on you.

  • the right of access. You have the right to access the data that we hold on you. To do so, you should make a subject access request. Find out how to do this from Diane Hollingworth or your practitioner.
  • the right for any inaccuracies to be corrected. If any data that we hold about you is incomplete or inaccurate, you can require us to correct it.
  • the right to be informed. This means that we must tell you how we use your data, and this is the purpose of this privacy notice. We also must inform you of any changes to how we use your data.
  • the right to have information deleted. If you would like us to stop processing your data, you have the right to ask us to delete it from our systems where you believe there is no reason for us to continue processing it.
  • the right to restrict the processing of the data. For example, if you believe the data we hold is incorrect, we will stop processing the data (whilst still holding it) until we have ensured that the data is correct.
  • the right to portability. You may request transfer the data that we hold on you for your own purposes. If you want to access your data, review, verify or correct your data, request we erase your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact Diane Hollingworth following discussion a written letter will need to be received

Data Controller

Data Controller

Dianne Hollingworth is the company data controller, meaning that she determines the processes to be used when using your personal data.

Her contact details are shown on the contact page of our website.

Data Protection Principles

Data Protection Principles

In relation to your personal data, we will comply with data protection law. This says that the personal information we hold about you must be:

  • processed fairly, lawfully and in a clear, transparent way
  • collected only for valid reasons that we find proper for the course of your time as a client and not used in any way that is incompatible with those purposes
  • only used in the way that we have told you about
  • accurate and up to date to the best of our endeavours
  • kept only as long as is necessary for the purposes we outline, a minimum of 8 years.
  • process it in a way that ensures it will not be used for anything that you are not aware of or have consented to (as appropriate), lost or destroyed
  • kept securely

Internal Record Keeping

Internal Record Keeping

  • We may use the information to improve our products and services.
  • We may periodically send promotional emails about new products, special offers or other information which we think you may find interesting using the email address which you have provided.
  • From time to time, we may also use your information to contact you for market research purposes. We may contact you by email, phone, fax or mail. We may use the information to customise the website according to your interests.

Security

Data Security – Protecting Your Data

We have put in place measures to protect the security of your information against accidental loss or disclosure, alteration, unauthorised access, destruction or abuse. We have implemented processes to guard against such. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. Data Security Measures include:

  • Notes regarding your treatment sessions are stored in a secure records room. Access to this room is secure and is accessible only to Diane Hollingworth
  • We will share your data with third parties if you have given us permission to do so or if it is felt that your health would otherwise be at risk. We provide written instructions to them to ensure that your data are held securely and in line with GDPR requirements. Third parties must implement appropriate technical and organisational measures to ensure the security of your data. 

Cookie Use

How we use cookies

A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website. Read more on our Cookie Agreement

Website Links

Links to other websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

Third Party Processor: JOOMLA

We use a third party service, Joomla to publish this website. These are hosted at Joomla.org, which is hosted by Rochen Limited. See the following link for their Privacy Policy info.

https://www.joomla.org/privacy-policy.html

We use a standard Joomla/Google Analytics services to collect anonymous information about users’ activity on the site, for example the number of users viewing pages on the site, to monitor and report on the effectiveness of the site and help us improve it. Joomla requires visitors that want to post a comment to enter a name and email address.

For more information about how Joomla or Google processes data, please see their privacy notice.

We may also share your data with third parties as part of a business sale or restructure, or for other reasons to comply with a legal obligation upon us. We would always keep you informed of these situations.

Third Party Mailing: E-NEWSLETTER

We use a third party provider, Mailchimp, to deliver our e-newsletters. We gather statistics around email opening and clicks using industry standard technologies including clear gifs to help us monitor and improve our e-newsletter. For more information, please see Mailchimp’s privacy notice.

Information Control

Controlling your Personal Information

You may choose to restrict the collection or use of your personal information in the following ways:

  • whenever you are asked to fill in a form on the website, look for the box that you can click to indicate that you do not want the information to be used by anybody for direct marketing purposes
  • if you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by writing to or emailing us.
  • We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so. We may use your personal information to send you promotional information about third parties which we think you may find interesting if you tell us that you wish this to happen.
  • You may request details of personal information which we hold about you under the Data Protection Act 1998. A small fee will be payable. If you would like a copy of the information held on you please write to our address shown on our home page.
  • If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible at the address on the home page. We will promptly correct any information found to be incorrect.

Fees

You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee for a second or subsequent copy of information or if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

What we May Need from You

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

Right to Withdraw Consent

Where you have provided consent to the collection, processing and transfer of your data, you have the right to withdraw that consent at any time.

There will be no consequences for withdrawing your consent. However, in some cases, we may continue to use the data where so permitted by having a legitimate legal reason for doing so. To withdraw consent, contact Diane Hollingworth

Making a Compliant

If you have any questions about this Privacy Notice or how we handle your information, please contact community-physio Data Protection Officer, Diane Hollingworth. She can be contacted on 07968970352.

You have the right to make a complaint at any time to the supervisory authority in the UK for data protection matters, the Information Commissioner’s Office (ICO).