Using Your Personal Data
As part of undertaking normal business activities, we (ProMOTION Physiotherapy) collect and process personal data relating to prospective clients, clients and former clients. As a data controller of this information, the organisation is committed to being transparent about how it collects and uses that data, and to meeting its data protection obligations.
The address and contact details of the data controller (ProMOTION Physiotherapy) are set out at the end of this privacy notice. By using our services, in any capacity, you agree to the collection and use of information in accordance with this policy.
Data Protection Principles
We will comply with the data protection principles set out in GDPR. These say that the personal information we hold about you must be:
• Used lawfully, fairly and in a transparent way.
• Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
• Relevant to the purposes we have told you about and limited only to those purposes.
• Accurate and kept up to date.
• Kept only as long as necessary for the purposes we have told you about.
• Kept securely.
What information do we collect?
ProMOTION Physiotherapy collects a range of information about you in the course of undertaking their normal business activities. This may include:
Your name, address and contact details, including email address and phone number. It may also include:
• patient experience feedback and treatment outcome information you provide;
• medical notes and reports about your health, injury including any treatment and care you have received or require;
• information from customer surveys, competitions and marketing activities; and,
• other information we receive from practitioners or other companies who have obtained your permission to share information about you.
ProMOTION Physiotherapy may collect this information in a variety of ways. For example, data may be collected in the clinic when filling out our registration forms, over the phone, from yourself during a consultation, via email and when making an appointment through our website.
Your rights in connection with personal information
Under certain circumstances, by law you have the right to:
• Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
• Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
• Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
• Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
• Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example, if you want us to establish its accuracy or the reason for processing it.
• Request the transfer of your personal information to another party.
If you want to review, verify, correct or request the erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact ProMOTION Physiotherapy on the details below.
Please note that the Data Protection Act 2018 may apply so that we do not have to grant your request in full. However, we will always meet your request as far as we are able.
Why does ProMOTION Physiotherapy process personal data?
We use your personal information to provide you with our services and to improve and extend our services. This may include, creating appointments and responding to your queries, supporting your medical treatment and care, internal record keeping and administration, responding to requests where we have a legal or regulatory obligation to do so, using your contact information to send you service related information and marketing (only when you have agreed to this).
Where does ProMOTION Physiotherapy store your data?
We store all personal data and other information on our IT systems, including database and email systems. We take appropriate organisational and technical security measures to protect the data that we hold against unauthorised disclosure or unlawful processing.
We use TM3 (online practice management software) which provides us with the security of a hosted system, with all data stored on TM3’s servers in the UK (data centres certified with ISO 27001 and ISO 9001). Up to date, SQL server database technology combined with encrypted VPN services gives users the highest levels of security available.
How does ProMOTION Physiotherapy protect your data?
We take the security of your data seriously. We have internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees/self employed associates in the proper performance of their duties.
We will not share your data with any other third party without your explicit consent unless legally required to do so. This may include onward referral to consultants, GP, another medical service or insurance provider.
For how long does ProMOTION Physiotherapy keep data?
Legally we are required to retain your clinical records for eight years or until you are 25 years old whichever is the later. We may retain your data beyond this period to be able to provide a full and complete service and to protect against any future legal challenge(s) and support any claims with accurate information. For children, data will be retained for 8 years following the end of the consultation or until the age of 18.
Address and contact details of the data controller:
Tel: 0131 538 5467
83 Main Street
Edinburgh, EH4 5AD
If you believe that the organisation has not complied with your data protection rights, you can complain to the Information Commissioners Office. (www.ico.org.uk)