What information we collect and why
Information collected by www.w6physiotherapy.co.uk, through an online booking or online enquiry form, over the phone or via email
- We will collect personal data about you that you provide to us.
- When using our website we use analytical tools that monitor details of visits to our website.
- When using the online booking form you are sharing your information with us, but also with Findoc (www.findoc.co.uk).
Information collected at the clinic prior to treatment
We collect your personal and health data. It is necessary to collect this data:
- To identify you.
- For medical diagnosis and healthcare.
- For communication purposes relating to appointments, payments, notifications relating to invoices settled by health insurers, and sending you your exercise programmes.
The lawful basis for processing your personal data is your consent and a vital interest necessary to protect life.
Where a data subject is physically or legally incapable of giving consent, we would collect either:
- Vulnerable adult’s information – details of the Power of Attorney (POA).
- Children’s information – details of parent or legal guardian, if the service user is under 16 years of age.
Use of your information
We keep your information secure in accordance with the DPA 2018 (GDPR compliance) and use it to respond to your enquiry. When attending your appointment you will have the option to give consent and you have the option to provide us with informed consent for treatment.
How information is obtained
- From you, it may be obtained over the phone, via email, or via an online booking enquiry at the time of booking your initial consultation.
- Information may be obtained via online booking service provided by findoc.co.uk.
- Information may be obtained by post or email when shared via another health professional such us your consultant, GP, or podiatrist.
- Information may be provided by you verbally at the time of the initial consultation.
How your information is stored
- Paper copies are stored within a locked cabinet, in an office accessed via a security keypad lock.
- Electronic patient files are stored on Private Practice Software (PPS) by Rushcliff Ltd, a secure clinical and management software.
How information is accessed
- Paper files are accessed directly by the office staff who know the office access code and have access to the cabinet key.
- Electronic notes stored on PPS are accessed by authorised clinic staff and healthcare professionals working at the clinic. Access is protected by double passwords. The system can also be accessed via other devices and computers outside of the clinic using double password protection.
How information flows out of the business
- External health professionals/ NHS
- Case management companies
- Health insurers
- Online billing and secure messaging services
- Key Performance Indicators (KPIs)
- Statutory duty to disclose information
We do our best and have measures in place to safeguard your personal information. However, we cannot always guarantee the security of your data when electronically submitted or transmitted to us. If a data breach is reported we will investigate and implement the appropriate procedures to resolve the issue immediately.
We have contained third-party links on our website. However, we do not accept responsibility for the content on these websites, as we have no control over them.
A cookie is a small file stored on your browser or the hard drive of your computer. We use website cookies to collect information about your computer for our services.
In accordance with the DPA 2018 (GDPR compliance), your rights are as follows:
- You have the right to request a copy of your information.
- You have the right to correct any mistakes in your information.
- You have the right to ask us to stop contacting you with direct marketing.
- You have the right to have your personal data erased.
- You have the right to restrict the processing of your data.
- You have the right to object to us processing your data at the point of first communication, or at any other time.
Parental requests for information pertaining to their children
Parents will normally have responsibility for accessing the health records of their children. However, care must be taken to obtain consent of the child (16 or 17 year olds are seen as adults in relation to confidentiality, and their consent would be necessary). Children under 16 year of age who have capacity and understanding for decision making should also have their confidence respected.
Denial or limitation of information
We may deny or limit the scope of information we provide to you if:
- The information released may cause serious harm to the physical or mental health or condition of the individual or any other person, or
- The disclosure would also reveal information relating to, or provided by, a third person who has not consented to that disclosure.
Please note, we do not have the obligation to inform you why we had denied to provide you with your personal information.
Changes to this policy
If you wish to raise a complaint on how we have handled your data, you can contact us directly. We will respond to your request within 30 days. If the problem remains unresolved you have the right to make a complaint to the Information Commissioner Office (ICO). You can also seek other legal independent advice.
Last updated: 25/05/2018