PRIVACY NOTICE FOR PARHAM PHYSIOTHERAPY
HOW WE COLLECT YOUR PERSONAL INFORMATION
You directly provide our company with most of the data we collect which is the personal data necessary to enable physiotherapy treatment needs to be met
HOW WE USE PERSONAL INFORMATION
PURPOSE OF THIS NOTICE
This notice describes how we collect and use personal information about you, in accordance with the General Data Protection Regulation (GDPR), the Data Protection Act 2018 and any other national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK (“Data Protection Legislation”).
ABOUT US
Parham Physiotherapy Solutions Limited (T/A Parham Physiotherapy), 1-3 Raydown Offices, Edington Road, BA13 4NW. Company number 08622593. For the purpose of the Data Protection Legislation and this notice, we are the “data controller”. This means that we are responsible for deciding how we hold and use personal information about you. We are required under the Data Protection Legislation to notify you of the information contained in this privacy notice.
THE DATA WE COLLECT
Name, address, date of birth
Unique identification number
Email address
Phone numbers
GP contact details
Occupation
Medical history
Financial information
Credit cards receipts
Correspondence
Details of any complaints received
We keep an inventory of personal data we hold on our patients and this is available on request.
INFORMATION WE HOLD ABOUT YOU
We use it to contact you and to be able to provide you with the physiotherapy service and to comply with our legal obligations
HOW WE STORE YOUR DATA
Your data is stored securely in a locked filing cabinet. The key to this cabinet will be held securely by a member of Parham Physiotherapy Staff. We will ask for your consent to keep the information and to contact you. Medical records will be kept for the statutory time and then destroyed. Data may be shared with third parties and we will ask you for your consent for this.
Electronic data is kept secure by Blue Zinc IT Limited. Data is stored in UK data centres, certified with ISO 27001 and ISO 9001, on dedicated servers which Blue-Zinc own.
Limited data (Name and E-mail address) is stored via My Physio Rehab for exercise prescription.
RETENTION OF YOUR DATA
We will only retain your personal information for as long as is necessary to fulfil the purposes for which it is collected. When assessing what retention period is appropriate for your personal data, we take into consideration:
the requirements of our business and the services provided;
any statutory or legal obligations;
the purposes for which we originally collected the personal information;
the lawful grounds on which we based our processing;
the types of personal information we have collected
SHARING PERSONAL INFORMATION
We will share our personal information with third parties where we are required by law, with a regulator, with an insurer, where it is necessary to administer the relationship between us or where we have another legitimate interest in doing so.
DATA SECURITY
We have put in place commercially reasonable and appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business to know. They will only process your personal information on our instructions and are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
RIGHTS OF ACCESS, CORRECTION, DELETION AND RESTRICTION
Your duties to inform us of changes
It is important that the personal information we hold about you is accurate and current. Should your personal information change, please notify us of any changes that we need to be made aware of.
Your rights in connection with your personal information
You have a right to:
Access and have copies of your records.
Have inaccuracies deleted.
Have information about you erased.
Object to direct marketing.
Restrict the processing of your information, including automated decision-making.
Take your data to another practice or anywhere else.
Patients who wish to have inaccuracies deleted or to have information erased must speak to the physiotherapist who provided or provides their care.
You will not have to pay a fee to access your personal information (or to exercise any other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
RIGHT TO WITHDRAW CONSENT
Where you have provided your consent to the collection, processing and transfer of your personal information, you have the right to withdraw your consent at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your personal information for the purposes you originally agreed to, unless we have a legitimate basis for doing so in law.
CHANGES TO THIS NOTICE
Any changes we may make to our privacy notice in the future will be provided to you in writing.
This privacy notice was last updated on 1 January 2021
CONTACT US
If you have any questions regarding this notice or if you would like to speak to us about the manner in which we process your personal information, please email us at info@parhamphysiotherapy.co.uk
You also have the right to make a complaint to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues, at any time. Website address http://ico.org.uk