Protecting personal information is extremely important to Physiohands and it’s especially important for businesses working within healthcare because our customers trust us to look after sensitive information such as their medical history and ongoing records.

The way we collect and share your information is equally important. Our customers expect us to manage their information privately and securely. If we don’t, they’ll lose their trust in us.

This policy tells you how we collect and process personal information

What is personal information?

When we talk about personal information we mean information about an individual that can identify them, like their name, address, e-mail address, telephone number, financial details and health record. It can relate to customers, employees, shareholders, business contacts and suppliers. Any reference to “information” or “data” in this policy is a reference to personal information about an individual either living or deceased.

What information do we hold?

We may collect and process the following personal information:

Type of data

Description

Examples of how we use it

Contact

  • Who you are
  • Where you live
  • How to contact you
  • Contacting you about appointments or cancellations
  • Marketing other Physiohands services only.

Personal Details

  • Age
  • Gender
  • Family details
  • Medical history
  • Financial Details
  • Lifestyle and social circumstances
  • Providing healthcare directly to an individual
  • Providing Occupational Health support

Transactional

  • Bank and/or card details
  • Online payments
  • In clinic payments

Contractual

  • Working with third parties to process a health claim with your consent e.g. medicolegal intermediaries
  • Working with third parties such as private health companies to obtain authorisation to treat and invoice e.g. BUPA
  • Treating you after an accident
  • To invoice a third party for your
    treatment

Preferences

  • Ways you want us to market to you
  • Marketing

Consent

  • Internal consent for Physiohands to treat you
  • External consent to disclose information to third parties
  • Working with your occupational health department to support your safe return to work duties

Where do we get our information from?

  • Information you give us directly (when you fill in forms or attend for assessment or contact us by phone, e- mail etc.).
  • Information we collect about you or receive from other sources. This could be information you provide to us electronically (through our website or an online portal, for example), get from your, information from a third party such as a consultant, GP or medicolegal intermediary.

How do we use your information?

We use personal information that we hold about you:

  • To carry out our responsibilities resulting from any agreements you’ve entered with us (e.g. to provide physiotherapy, podiatry etc. directly to you)
  • To provide you with marketing information about services and products we offer. Based on your marketing preferences, we may deliver this information by post, telephone, e-mail, SMS or personalised online marketing via our own systems, social media platforms and/or other third-party websites e.g. YouTube. Please note that if you choose not to receive online marketing, you will not see personalised messages using your personal data, however you may still see generic online advertising. We will not sell your data to third parties for them to market to you. We may also send marketing to you using our “legitimate interests”, please see below for further information.
  • To tell you about changes to our services and products.
  • To comply with any applicable legal or regulatory requirements.
  • For any other purpose that we’ve agreed with you from time to time.

Using your information in accordance with data protection laws

Data protection laws require us to meet certain conditions before we’re allowed to use your personal information in the way we describe in this privacy policy. We take these responsibilities extremely seriously. To use your personal information, we’ll rely on the following conditions, depending on the activities we’re carrying out:

  • Providing our contracts & services to you: We’ll process your personal information to carry out our responsibilities resulting from any agreements you’ve entered into with us and to provide you with the information, products and services you’ve asked from us, which may include online services.
  • Complying with applicable laws: We may process your personal information to comply with any legal obligation we’re subject to.
  • Legitimate interests: To use your personal data for any other purpose described in this privacy policy, we’ll rely on a condition known as “legitimate interests”. It’s in our legitimate interests to collect your personal data as it provides us with the information that we need to provide our services to you both legally and more effectively. We may use your information to:
  • Carry out patient satisfaction surveys as are necessary from time to time as part of our contracts with certain companies such as BUPA.
    • Manage risk for us and our patients.

This requires us to carry out an assessment of our interests in using your personal data against the interests you have as a citizen and the rights you have under data protection laws.

The outcome of this assessment will determine whether we can use your personal data in the ways described in this privacy policy (except in relation to marketing, where we’ll always rely on your consent). We’ll always act reasonably and give full and proper consideration to your interests in carrying out this assessment.

  • Consent: At your initial visit we will ask you consent to treatment and thereafter verbally throughout the course of your ongoing treatment. We may provide you with marketing information about our services or products where you’ve provided your consent for us to do so. You may opt out of marketing at any time either leaving the box unticked on your registration form or by informing a member of our reception and they will manage your marketing preferences on our database.
  • Special category (sensitive) data: Where you have consented, we will process any medical & health, racial & ethnic origin, genetic & biometric or sex life & sexual orientation information you have provided, and any other sensitive information obtained from a third party (e.g. your GP or other medical professional), solely for the purposes of allowing us to provide physiotherapy and podiatry.

Please be aware that the personal information you provide to us, and which we collect about you, is required for us to be able to provide our services to you and without it we may not be able to do so.

How long do we keep your information for?

  • By law we must keep your medical notes stored securely for 7 years before we are able to shred them (until your 25th birthday if you are under 18 when we first treat you and until you are 26 if you are still 17 or under on your last treatment) or 8 years after death.

Who do we share your personal information with?

Under normal circumstances we will not disclose your information to anyone without your written consent – if you require a GP letter we will ask if we can send this to you for you to take to your GP. The only exception to this rule is if we are legally bound by the courts to so.

However, we may disclose your personal information to third parties:

  • In the event that we sell or buy any business or assets, in which case we’ll disclose your personal data to the prospective seller or buyer of such business or assets so that they can continue with your healthcare.
  • To enforce or apply the terms of any contract with you.
  • If we’re under a duty to disclose or share your personal data to comply with any legal obligation or
    regulatory requirements, or otherwise for the prevention or detection of fraud or crime.

Your rights

You have rights under data protection law that relate to the way we process your personal data. More information on these rights can be found on the Information Commissioner’s website. If you wish to exercise any these rights, please inform a member of staff. Alternatively, you can also use the Contact Us section of our website.

Your rights

  1. The right to access the personal data that we hold about you.
  2. The right to make us correct any inaccurate personal data we hold about you
  3. The right to withdraw your consent, where we’re relying on it to use your personal data (for example, to provide you with marketing information about our services or products).

Contacts and complaints

If you have any questions about this privacy policy or wish to exercise any of your rights, including changing your marketing preferences, please get in touch with the practice manager at your local clinic, or alternatively, you can also use the Contact Us section of our website.

If you have any concerns about the way we process your personal data or are not happy with the way we’ve handled a request by you in relation to your rights, you also have the right to make a complaint to the Information Commissioner’s Office. Their address is:

First Contact Team
Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, SK9 5AF