Privacy Policy for Orchard Physiotherapy Centre Ltd
Orchard Physiotherapy treats the privacy of its customers and website users very seriously and we take appropriate security measures to safeguard your privacy. This policy explains how we protect and manage any personal data* you share with us, and that we hold about you, including how we collect, process, protect and share that data.
*Personal data means any information that may be used to identify an individual including but not limited to, a first and last name, a home or other physical address and an email address or other contact information, whether at work or at home.
The legal basis for processing your data
We have a legal obligation to hold your basic information and your sensitive health related information relating to your medical history and your attendance at our clinic. We will record details relating to this at each attendance either on paper or on line with PPS.
To release information to third parties we take consent from you. For example to share information with your insurance company or your GP.
In order to perform a contract. For example we store information for the processing of bank and credit cards to take payments. Or we respond to your enquiries by email and Facebook or provide you with information you have asked for. We can send you exercises we have agreed with you via email using Physiotec.
We have a legitimate interest to send you text messages to remind you of upcoming appointments.
How we obtain your personal data
Information provided by you
You or your insurance company provide us with personal data on your physiotherapy registration form in person, via email or over the telephone. This includes name, address, date of birth, and email address. We use this information in order to manage your episode of physiotherapy care.
We may also keep information contained in any correspondence you may have with us by post or by email.
We may obtain sensitive medical information directly from you or your insurance company in relation to your presenting condition and insurance claims. The provision of this information is subject to you giving us express consent. If we do not receive this consent from you, then we may be unable to consider insurance claims. The provision of this personal data is essential for us to be able to collect payments for your plan. This means that the legal basis of our holding your personal data is for the performance of a contract.
Information we get from other sources.
We only obtain information from third parties if it is permitted by law. This information (including your name, address, email address date of birth etc.) as relevant to us will only be obtained from reputable third party companies that operate in accordance with the General Data Protection Regulation (GDPR). You will already have submitted your personal data to these companies and specifically given permission to allow them to pass this information to other companies that provide similar or complementary products and services to those we offer.
How we use your personal data?
We use your personal date to manage and administer your physiotherapy treatment. We undertake to at all times to protect your personal data , including any health and financial details, in a manner which is consistent with the Chartered society of Physiotherapy and The HCPC duty of professional confidence and the requirements of the General Data Protection Regulation (GDPR) concerning data protection. We will also take reasonable security measures to protect your personal data in storage.
Do we use your personal data for marketing purposes?
Currently we do not use your data for marketing purposes. We will hold your personal data only for the purpose of providing your physiotherapy. However, we will ask your consent if we change this in the future.
Cookies
Our website is hosted by Yola. There are two cookies on our Yola site. One placed and hosted by Yola, to track analytics and provide us with the analytics dashboard. One placed by Yola but hosted by quantcast.com to track aggregate visitor information across Yola hosted sites.
Sharing information
We will keep information about you confidential. We may have to share your information with another physiotherapist for your continued treatment for example in a class or if a therapist takes on your care.
We will only disclose your information with other third parties with your express consent with the exception of the following categories of third parties. You can withdraw your consent at any time except for the following categories of third parties.
Categories of third parties
Insurance companies, loss assessors, regulatory authorities, and other fraud prevention agencies for the purpose of fraud prevention and to comply with any legal and regulatory issues and disclosures.
Any mailing or printing agents, contractors and advisors that provide a service to us or act as our agents on the understanding that they keep the information confidential.
Anyone to whom we may transfer our rights and duties under any agreement we have with you.
Any legal or crime prevention agencies and / or to satisfy any regulatory request (including recognised practitioner bodies) if we have duty to do so or if the law allows us to do so.
Transfer of your personal data outside of the European Economic Area (EEA)
We use a company called Physiotec for provision of your exercise program. This company is based in Canada. We give them your name and email address so they can forward your exercise program to you. They are GDPR compliant.
How long do we keep this information about you?
We keep information in line with the retention policy of the Chartered Society of Physiotherapy. This is in line with the length of time we need to keep your personal information to provide you a physiotherapy service. The length of time also takes into account our need to meet any legal statutory and regulatory obligation.
Adult physiotherapy records are retained for 8 years after the conclusion of treatment or death.
Children and young people physiotherapy records are retained until the patients 25th Birthday or 26th if the young person was 17 at the conclusion of treatment, or 8 years after death.
Data subject rights
Subject access requests
The GDPR grants you (hereinafter referred to as the “data subject”) the right to access particular personal data that we hold about you. This is referred to as a subject access request. We shall respond promptly, and certainly within one month from the point of receiving their request and all necessary information from you. Our formal response shall include details of the personal data we hold about you, including the following.
Sources from which we acquired the information.
The purpose for processing the information.
Persons or entities with whom we are sharing the information.
Right to rectification
You, the data subject, shall have the right to obtain from us, without undue delay, the rectification of inaccurate personal data we hold concerning you. Taking into account the purpose of the processing, you, the data subject, shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Right to erasure
You, the data subject, shall have the right to obtain from us the erasure of personal data concerning you with undue delay.
Right to restriction of processing
Subject to exemptions, you, the data subject, shall have the right to obtain from us restriction of processing where one of the following applies:
The accuracy of the personal data is contested by you, the data subject, and is restricted until the accuracy of the data has been verified.
The processing is unlawful and you, the data subject, opposes the erasure of the personal data and instead request the restriction in its use.
We no longer need the personal data for the purpose of processing, but it is required by you, the data subject, for the establishment, exercise or defence of legal claims.
You, the data subject, have objected to processing of your personal data pending the verification of whether there are legitimate grounds for us to override these objections.
Notification obligation regarding rectification or erasure of personal data or restriction of processing
We shall communicate any rectification or erasure of personal data or restriction of processing as described above to each recipient to whom their personal data has been disclosed, unless this proves impossible or involves disproportionate effort. We shall provide you, the data subject with information about those recipients if you request it.
Right to data portability
You, the data subject shall have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine readable format and have the right to transmit this data to another controller, without hindrance from us and free of charge.
Right to object
You, the data subject, shall have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you, including any personal profiling: unless this relates to processing that is necessary for the performance of a tasks carried out in the public interest or an exercise of official authority vested in us. We shall no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing, which overrides the interests, rights and freedoms of you, the data subject, or for the establishment, exercises or defence of a legal claims.
Right to not be subject to decisions based solely on automated processing
We do not carry out any automated processing, which may lead to an automated decision based on your personal data.
Invoking your rights
If you would like to invoke any of the above data subjects rights with us, please write to the Office Manager at Orchard Physiotherapy Centre Ltd, 50 Wrenthorpe Road, Wrenthorpe, Wakefield, WF2 0LP or email orchardphysio@hotmail.co.uk
Accuracy of information
In order to provide the highest level of customer service possible, we need to keep accurate personal data about you. We take reasonable steps to ensure that the accuracy of any personal data or sensitive information we obtain. We ensure that the source of any personal data or sensitive information is clear and we carefully consider any challenges to the accuracy of the information. We also consider when it is necessary to update the information, such as name or address changes and you can help us by informing us of these changes when they occur.
Important information
Question and queries
If you have any questions or queries which are not answered by this privacy policy, or have any potential concerns about how we may use the personal data we hold, please write to the Office Manager at Orchard Physiotherapy Centre Ltd, 50 Wrenthorpe Road, Wrenthorpe, Wakefield, WF2 0LP or email orchardphysio@hotmail.co.uk
Policy Changes
This Privacy Policy is regularly reviewed. This is to make sure that we continue to meet the highest standards and to protect your privacy. We reserve the right, at all times, to update modify or amend this policy. We suggest that you review this Privacy Policy from time to time to ensure you are aware of any changes we may have made, however, we will not significantly change how we use the information you have already given to use without your prior agreement. The latest version of this is available at Orchard Physiotherapy Centre Ltd, 50 Wrenthorpe Road, Wrenthorpe, Wakefield, WF2 0LP.
If you have a complaint
If you have a complaint regarding the use of your personal data or sensitive information then please contact us by writing to the Office Manager at Orchard Physiotherapy Centre Ltd, 50 Wrenthorpe Road, Wrenthorpe, Wakefield, WF2 0LP or email orchardphysio@hotmail.co.uk and we will do our best to help you.
If the complaint is not resolved to your satisfaction and you wish to make a formal complaint to the Information Commissioners office (ICO) you can contact them on 01625 545745 or 0303 123 1113. You also have the right to judicial remedy against a legally binding decision of the ICO where you consider that your rights under this regulation have been infringed a result of the processing of your personal data. You have the right to appoint a third party to lodge the complaint on your behalf and exercise your right to seek compensation.