PhysioConnect has created this privacy statement in order to demonstrate our firm commitment to privacy. The following discloses the information gathering and dissemination practices for PhysioConnect.
General Data Protection Regulation (GDPR) 25th May 2018
For the purposes of the General Data Protection Regulation (GDPR), Catherine Pollitt, Chartered Physiotherapist, is the Data Controller and Data Protection Officer at PhysioConnect Durley, 2 Priory View, Manor Road, Durley, Hampshire SO32 2AF. PhysioConnect Durley takes the processing and security of your personal data seriously.
What are the purposes and limits of our data processing?
- Your personal information is processed (ie collected, recorded, stored, retrieved, etc) for the purposes of ensuring accurate identity and safe medical & therapeutic intervention and is limited to what is necessary.
- It may be necessary for your treatment, health and safety to share information with valid colleagues, such as GPs and other health professionals, unless this is specifically and expressly denied by you, the client.
- Data, including medical and treatment notes, may be retained indefinitely for the purposes of ensuring the client’s safe and adequate medical intervention and for legal purposes in any future medical claims.
- The collection and processing by PhysioConnect Durley of personal information, your condition for which you seek treatment, lifestyle and medical history is legitimate and fully necessary under the GDPR and UK Law for the purposes outlined in part 1.
- We ask that you, the client, notifies Catherine Pollitt, the Data Controller, as soon as is reasonably possible of any change in personal data, eg email, home address, phone numbers, so your personal data and medical history remains secure and is not at risk of being sent to a third party.
How is your data processed?
- Treatment and medical notes are written on paper and kept in a secure location within the physio clinic to protect against unauthorised, unlawful access and/or accidental loss, destruction or damage.
- Personal information (name, address, email, referral source, occupation and hobbies, payment and payment methods) is also stored electronically on the clinic’s computer, is password protected and has antivirus protection using a subscription to McAfee and BT Virus Protect. The data is regularly backed up to the clinic’s hard drive and stored in a secure location.
- Telephone numbers are also kept electronically on the PhysioConnect mobile phone, accessed only by passcode or personal thumb print.
- Emails from gmail and Outlook containing personal data and medical information may also be transferred to a secure hard drive.
- Personal data passed by email will be password protected.
- PhysioConnect Durley is collaborating with PhysioFirst (UK’s private physiotherapy organisation) and Brighton University to collect treatment outcome data for the purposes of analysis and improving the effectiveness of physiotherapy throughout the UK. Data will not include identifiable personal information as data will be sent with an ID number only.
With whom may your data by appropriately shared?
- For the benefit of both clients and PhysioConnect Durley, some personal data is collected by and/or processed with partner organisations (known as Data Processors):
- Acuity Scheduling for on-line appointments
- SumUp for the receipt of client payments and provision of client receipts
- MJS Website Design for maintenance of Acuity Scheduling on PhysioConnect Durley’s website
- Rehab My Patient for on-line and downloadable client exercise prescriptions
- Gmail and Outlook for direct client correspondence by email
- Mailchimp for the purposes of contacting clients by email regarding their treatment, health and wellbeing or the promotion thereof. This will remain occasional and from which the client can deny/unsubscribe/withdraw consent at any time. You have the absolute right to object to direct marketing.
- No personal or medical data will ever be sold to a third party or passed on for commercial purposes. Nor will data ever be passed to a third party unless specifically for the purpose of ensuring the health or safety of the client, or as described in 2, 11 & 12 above.
You have certain rights over your personal data:
- You, the client, has certain rights to access, rectify, erase, restrict, transfer and/or object to your personal data. Such requests should be made in writing and may have a one calendar month response time limit.
Cookie Law and Website Privacy
Why am I being asked to accept cookies?Compliance of EU cookie law (e-Privacy Directive) 28th May 2012. On May 26th 2011 a new EU originated law came into effect, on May 28th 2012 the law came into force. The law requires website owners to make significant changes to their sites and may fundamentally change the whole web browsing and shopping experience for everybody. This Cookie Law is amended privacy legislation that requires websites to obtain informed consent from visitors before they can store or retrieve any information on a computer or any other web connected device.
Cookie Compliance Cookies are used by almost all websites, for a variety of purposes:- Analysis of visitor behaviour (known as 'Analytics')
- To personalise pages and remember visitor preferences.
- To manage shopping carts in online stores
- To track people across websites and deliver targeted advertising
Information Automatically Logged
We use your IP address to gather broad demographic information. We use Google Analytics to collect information about Browser type, Operating platform, Search engine used to locate our site, Time, Day, Month, Year etc.
A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
Our site uses a contact form for customers to request information and services. We collect contact information (like their email address). Contact information from the contact form is used to contact the person making the form submission.
This site contains links to other sites. PhysioConnect is not responsible for the privacy practices or the content of such Web sites.
Contacting the Web Site
If you have any questions about this privacy statement, the practices of this site, or your dealings with this Web site.
You can contact us by clicking here.