Privacy Policy Summary

The purpose of this summary is to ensure you are aware of the core elements of our Privacy Policy – your rights in the collection, processing and other use of your personal data. Read full Privacy Policy here.

What information we collect and why

Information collected by www.w6physiotherapy.co.uk, through an online booking or online enquiry form, over the phone or via email

  • We will collect personal data about you that you provide to us.
  • When using our website we use analytical tools that monitor details of visits to our website.
  • When using the online booking form you are sharing your information with us, but also with Findoc (www.findoc.co.uk).

Information collected at the clinic prior to treatment

We collect your personal and health data. It is necessary to collect this data:

  • To identify you.
  • For medical diagnosis and healthcare.
  • For communication purposes relating to appointments, payments, notifications relating to invoices settled by health insurers, and sending you your exercise programmes.

The lawful basis for processing your personal data is your consent and a vital interest necessary to protect life.

Where a data subject is physically or legally incapable of giving consent, we would collect either:

  • Vulnerable adult’s information – details of the Power of Attorney (POA).
  • Children’s information – details of parent or legal guardian, if the service user is under 16 years of age.

Use of your information

We keep your information secure in accordance with the DPA 2018 (GDPR compliance) and use it to respond to your enquiry. When attending your appointment you will have the option to give consent and you have the option to provide us with informed consent for treatment.

How information is obtained

  • From you, it may be obtained over the phone, via email, or via an online booking enquiry at the time of booking your initial consultation.
  • Information may be obtained via online booking service provided by findoc.co.uk.
  • Information may be obtained by post or email when shared via another health professional such us your consultant, GP, or podiatrist.
  • Information may be provided by you verbally at the time of the initial consultation.

How your information is stored 

  • Paper copies are stored within a locked cabinet, in an office accessed via a security keypad lock.
  • Electronic patient files are stored on Private Practice Software (PPS) by Rushcliff Ltd, a secure clinical and management software.

How information is accessed

  • Paper files are accessed directly by the office staff who know the office access code and have access to the cabinet key.
  • Electronic notes stored on PPS are accessed by authorised clinic staff and healthcare professionals working at the clinic. Access is protected by double passwords. The system can also be accessed via other devices and computers outside of the clinic using double password protection.

How information flows out of the business

  • External health professionals/ NHS
  • Solicitors
  • Case management companies
  • Health insurers
  • Online billing and secure messaging services
  • Key Performance Indicators (KPIs)
  • Statutory duty to disclose information

Security

We do our best and have measures in place to safeguard your personal information. However, we cannot always guarantee the security of your data when electronically submitted or transmitted to us. If a data breach is reported we will investigate and implement the appropriate procedures to resolve the issue immediately.

Third-party links

We have contained third-party links on our website. However, we do not accept responsibility for the content on these websites, as we have no control over them.

Use of cookies

A cookie is a small file stored on your browser or the hard drive of your computer. We use website cookies to collect information about your computer for our services.

Your rights

In accordance with the DPA 2018 (GDPR compliance), your rights are as follows:

  • You have the right to request a copy of your information.
  • You have the right to correct any mistakes in your information.
  • You have the right to ask us to stop contacting you with direct marketing.
  • You have the right to have your personal data erased.
  • You have the right to restrict the processing of your data.
  • You have the right to object to us processing your data at the point of first communication, or at any other time.

Parental requests for information pertaining to their children

Parents will normally have responsibility for accessing the health records of their children. However, care must be taken to obtain consent of the child (16 or 17 year olds are seen as adults in relation to confidentiality, and their consent would be necessary). Children under 16 year of age who have capacity and understanding for decision making should also have their confidence respected.

Denial or limitation of information

We may deny or limit the scope of information we provide to you if:

  • The information released may cause serious harm to the physical or mental health or condition of the individual or any other person, or
  • The disclosure would also reveal information relating to, or provided by, a third person who has not consented to that disclosure.

Please note, we do not have the obligation to inform you why we had denied to provide you with your personal information.

Changes to this policy

We may update our Privacy Policy and Privacy Policy Summary. Please check this Privacy Policy regularly to keep up-to-date with how we are protecting your personal data.

Complaints

If you wish to raise a complaint on how we have handled your data, you can contact us directly. We will respond to your request within 30 days. If the problem remains unresolved you have the right to make a complaint to the Information Commissioner Office (ICO). You can also seek other legal independent advice.

Last updated: 25/05/2018