This privacy notice applies to Physio Falmouth Plus’s website at www.physiofalmouthplus.co.uk (the ‘website’). We at Physio Falmouth Plus take your privacy seriously. This notice covers the collection, processing and other use of personal data under the Data Protection Act 1998 (‘DPA’) and the General Data Protection Regulations (‘GDPR’).
For the purpose of the DPA and GDPR we are the data controller and any enquiry regarding the collection or processing of your data should be addressed to Physio Falmouth Plus, The Falmouth Natural Health Practice, 31 Church Street, Falmouth, TR11 3EQ.
By using the website you consent to this privacy notice. We are registered with the Information Commissioner’s Office for this purpose.
General Data Protection Regulations (GDPR):
Physio Falmouth Plus collects information relating to every patient’s health and personal details. This information is classed as sensitive data and is regarded as special category data. Under the new General Data Protection Regulations (GDPR), patients of Physio Falmouth Plus have a right to know why their information is collected, for what purpose it is used and how it is kept safe. Patients also have greater rights to access the information that Physio Falmouth Plus holds.
Looking after your Personal Information:
From May 25th 2018 the General Data Protection Regulations (GDPR) will replace the existing Data Protection Act of 1998. It will bring these regulations up to date and will help to protect your personal information and data.
Our Data Protection Promise:
As ‘Data Controllers’ of your personal data, we take our role in the protection of your personal and sensitive data very seriously. As such, we promise to:
- Only collect data from you that is relevant to your physiotherapy treatment
- Not pass on your personal data to any third-parties for marketing purposes
- Contact you and get your consent if we need to communicate with other health professionals (such as your doctor) about your care.
- Protect your personal data in a manner consistent with the requirements of the GDPR. We will use a variety of security measures such as a lockable filing cabinet for patient records, computer and mobile device password protection, data encryption and security software. This means your information is well protected from theft or unauthorised access.
- We maintain annual registration with the Information Commissioner’s Office, the UK’s independent body set up to uphold information rights. www.ico.org.uk
- We will report any unlawful breach of data as required by the GDPR within 72 hours of the breach occurring, if it is considered that there is an actual, or possibility, that data within our control including the control of our data processors, has been compromised. If the breach is classified as ‘high risk’ we will notify all data subjects concerned using an appropriate means of communication. We will report any relevant breaches to the Information Commissioner’s Office.
Your Data Protection Rights under the GDPR:
When GDPR comes into effect from the 25th May 2018 onwards, you will have the right to:
- Access any of the information that we collect plus any other content that forms part of your patient record, including notes and expect to be able to read them and understand what they mean without expert medical knowledge
- Know if your personal information has been forwarded to a third-party (such as a fellow healthcare professional, consultant or GP)
- Have any invalid information about you corrected
- Have your personal data deleted by us if you decide to switch to another physiotherapy provider
- Prevent further use (or processing) of your information
- Ask your physiotherapist to send you (or your new physiotherapist) your personal information in an open electronic format like a .csv file or text file
- Request that your physiotherapist stops sending you any marketing information
- Ensure that any profiling that is undertaken using your personal data is fair, appropriate, statistically valid and transparent
- Expect your physiotherapist to take appropriate measures to protect your data
- Be notified if critical information about you has been inappropriately accessed and is deemed to be a critical breach
- Not to have your personal information transferred outside of the EU
- Know how your personal information is being used by your physiotherapist
Information We Collect:
We will collect personal data only if it has been provided to us directly by you, the user. This information has therefore been provided to us with your consent. You will normally provide us with personal data if you are contacting us regarding the services we provide or are a patient.
At the clinic we will record your full name, date of birth, address and the name of your registered doctor. These details provide us with details of your identity and residence and details of your doctor’s surgery in case we need to contact your doctor for any reason. This may be for example, to refer you for an x-ray or MRI scan.
We will also ask you for your telephone number so that we can contact you should we need to change a booked appointment.
We will record details of your presenting condition together with your past and current medical history and health status. These details enable us to perform a detailed and accurate physiotherapy assessment and treatment which is safe and appropriate for you. Under the GDPR Physio Falmouth Plus has a lawful and legitimate interest in any patient information and any information obtained forms part of the contractual obligation between a health professional and their patient. The information we obtain helps to ensure that we provide patients with the best treatment possible.
If you contact us via the telephone, by email or through our website, we will save any details you provide such as your name, telephone number and email address. We save these details so that we can contact you to make an appointment and in case we need to change any booked appointments. We also require your email address in case we need to email you any requested information such as a receipt for treatment or any prescribed exercises. We may also use your details to contact you regarding general information about us and our services, feedback, reviews or testimonials. We retain copies of all website enquiries together with any emails sent to us and from us as a record of communication. The basis for holding this information is as being for legitimate legal purposes or to fulfil a contractual obligation with existing patients.
If we ever take any photos of you in the clinic, this will only occur with your express and informed consent. We will ask for your express consent to publish any photos of you on our website or on our Facebook page. You will be given the option of opting out and if we publish any photos with your consent we will remove them if you request it. We will not provide any further personal details alongside any photos used on our website or Facebook page.
Social Media Information:
Search Engine and Website Activity:
We also use analytical and statistical tools that monitor details of your visits to our website and the resources that you access, including, but not limited to, traffic data, location data, weblogs and other communication data. This data will not identify you personally.
Cookies are small files saved to the user’s computer hard drive that track, save and store information about the user’s interactions and usage of the website. This allows the website, through its server, to provide the user with a tailored experience when navigating the website. Session Cookies may be used to validate your access to different parts of the website.
Cookies may be placed on your computer or device by third parties, which are outside of the control of Physio Falmouth Plus. You should refer to the Privacy and Cookie Policies of any social media and/or channel used to link to our website.
How Is This Information Used?
Information such as telephone numbers allow us to contact you if a booked appointment needs to be changed. Your date of birth and address provide us with details of your identity and residence. This helps to specifically identify you in case we need to contact your GP, consultant or other health professional. We will ask you for the name of your GP surgery so that we know which surgery to contact should we need to communicate with your doctor. If we need to contact a GP, consultant or other health professional, this will be carried out only with your consent.
Medical details and past and current medical history allow for a detailed assessment to take place in order to help us make an accurate and clinical diagnosis. It also helps to ensure that all treatment is as safe and effective as possible for you.
Patient email addresses enable us to email you regarding appointment bookings together with any requested information such as a receipt for treatment or a written copy of any prescribed exercises. We may also use your details to contact you regarding general information about us and our services, feedback, reviews or testimonials.
We monitor website cookies, statistics and traffic data to monitor the performance of the Physio Falmouth Plus website.
We never share, sell or distribute any of your data to any third parties for marketing purposes.
How Is Your Information Stored and Kept Safe?
All appointments including the initial assessment and any follow up appointments are written and recorded on paper. All patient notes are kept in an individual A4 folder which is specific to each patient. All paper records are kept in a filing cabinet under lock and key on the clinic premises and the doors to these premises remain locked at all times when staff are not on site. Only clinic staff have access to the filing cabinet containing patient records. All notes for each patient are kept for a period of 8 years after the last treatment or date of death at which point they will be permanently and securely deleted.
In some instances, we are required to produce written documentation such as, but not exclusive to, letters to doctors, consultants and other health professionals, receipts for patients and documents such as exercise plans when patients request a written copy. Any written electronic information such as this will include a patient’s name, date of birth and address for identity purposes. All written electronic information is written in a Word document which is saved on one computer belonging to Physio Falmouth Plus. All documents are stored in an encrypted folder within a password protected Word document. The computer is password protected and has robust security measures to prevent and minimise loss of information and the risk of information theft. All information is backed up on to an external hard drive which is encrypted and kept under lock and key when not in use.
We also hold electronic and online data including your name, email address, contact telephone number, online enquiry forms and photos. Electronic data is held on a password protected computer. The computer belongs to Physio Falmouth Plus and has robust security measures in place. On this computer, electronic data is also stored within a password protected Gmail account. Only clinic staff have password access to both the computer and the email account. Electronic data is also held on one mobile device. This mobile device is password protected which only Physio Falmouth Plus staff have access to.
The transmission of information via the Internet or email is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of data while you are transmitting it to our site; any such transmission is at your own risk. Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorised access.
When information is shared with others, for example a letter to a GP, it will either be sent via encrypted email, recorded delivery or hand delivered.
Physio Falmouth Plus will take the utmost care to ensure that your personal information is safe whilst it is under our care. In the unlikely event that this safety is compromised you will be notified immediately as will the Information Commissioner’s Office.
Who Has Access To Your Information?
Only the staff at Physio Falmouth Plus have access to your information. All staff at Physio Falmouth Plus are bound by patient confidentiality laws, the standards of conduct, performance and ethics of the Health Care Professions Council (HCPC) and the Chartered Society of Physiotherapy (CSP) code of conduct. Your information will not be shared outside Physio Falmouth Plus unless you have given consent, except when;
- requested by law;
- in your best interests and you are unable to give consent;
- in the public interest to prevent serious harm to others.
How Can You Access Your Records?
You have the right to request to see the information that Physio Falmouth Plus holds about you. All requests will be answered in the time frame of one month unless you are notified of a difference to this time scale. There will be no fee for any information provided.
Requests can be made in writing to:
Physio Falmouth Plus, The Falmouth Natural Health Practice, 31 Church Street, Falmouth, TR11 3EQ
Alternatively, you can email us at firstname.lastname@example.org or you can call us on: 07428343707
In the instance where requests are excessive or unfounded, Physio Falmouth Plus has the right to refuse and/or charge for time spent. This does not affect the individual’s right to complain to the Information Commissioner’s Office to seek judicial remedy. Where a fee is deemed appropriate Physio Falmouth Plus will not comply with any requests until the fee is received.
Your Right To Amend, Restrict And Object To The Information Held.
Under the GDPR all individuals have the right to have incorrect information that is held about them amended. If this arises within the notes held by Physio Falmouth Plus the notes will become restricted, i.e not used until the issue is resolved. However, if Physio Falmouth Plus deems the information to be accurate then no amendment will be made.
You have the right to have the information we hold restricted:
- if you contest the accuracy;
- you need the information kept to establish, defend or exercise a legal claim;
- you object to the information held.
In this instance all treatment will be stopped until the issue is resolved. You also have the right to object to Physio Falmouth Plus holding your personal information on grounds relating to your particular situation and as with restriction, all treatments will stop and the notes will become restricted until the issue is resolved
How Can You Contact Us?
Should you have any concerns about your personal data, if you wish to obtain information regarding the personal data we hold about you or wish to make a complaint about the data we hold, you can contact us at:
Physio Falmouth Plus, The Falmouth Natural Health Practice, 31 Church Street, Falmouth, TR11 3EQ
Alternatively, you can email us at email@example.com or you can call us on: 07428343707. You can also formally report an issue of concern to the Information Commissioner’s Office, the UK body that governs Data Protection. See https://ico.org.uk
We reserve the right to amend our Privacy Notice at any time to meet the requirements of the GDPR and our role as a data controller and processor.