1. Your personal data – what is it?
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation (GDPR) from 25thMay 2018.
2. Who is responsible for managing my information?
Physio and Hypno Clinic Partnership is the data controller (contact details in section 14). This means it decides how your personal data is processed and for what purposes.
Physio and Hypno Clinic Partnership complies with its obligations under the GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorized access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data. Our security policy is available on request.
3. What information do we collect?
If you contact us by telephone: We will collect the following information from you to enable us to book an appointment: name, contact number, e-mail address.
If you contact us by e-mail: We will collect the following information from your e-mail to enable us to book an appointment: name, contact number (if provided), e-mail address.
If you contact us via ‘Contact Us’ form: We will collect: message, name, contact telephone number and e-mail address.
Data processors have specific legal obligations; for example, they are required to maintain records of personal data and processing activities. They have legal liability if they are responsible for a breach.
We consider the following to be ‘data processors’ on our behalf:
Southville Clinic Limited
‘Need More Time’
Where we use the following ‘Need More Time’ services:
Telephone answering – to supplement Southville Clinic Limited’s in-house reception staff and manager
Calendar – secure appointment booking system
More information about this company can be found at: https://www.needmoretime.co.uk
In relation to joint CCTV monitoring only at Southville Clinic Limited premises.
5.Lawful basis for processing
We collect information directly from you, with your consent. Where consent is obtained verbally or in writing, depending on the method of contact.
6.How do we use your information?
Your personal data will be treated as strictly confidential and will be shared with relevant individuals only.
Specifically, the information you provide may be used:
- to enable us to make an appointment with your chosen practitioner;
- to confirm and remind you of your appointment;
- to put you in direct contact with the practitioner of your choice;
- to enable us respond to your query;
- to keep treatment records;
We will never use your information for marketing.
7.Who will we share your information with?
In order to provide you with the services that we offer we may share your information with:
- Clinic Manager;
- Reception staff;
- ‘Need More Time’ telephone answering staff;
- ‘Need More Time’ secure calendar software for appointment booking;
- Your chosen practitioner;
We will never share your information with 3rd parties for direct marketing.
8.When can we contact you in the future?
Other than the circumstances outlined above, we will never send you information about our products and services, or information from third parties.
9.How long will we hold your information for?
We have a system of retention periods in place to ensure that your information is only stored whilst it is required for the relevant purposes or to meet legal requirements. Where your information is no longer required, we will ensure it is disposed of in a secure manner.
Prospective clients, enquiries: We routinely delete your data when either you have indicated that you do not wish to book treatments with Physio and Hypno Clinic Partnership, or within 3 months of non-contact. If you want us to remove your data ahead of this automated deadline then please contact us (see section 16 for full contact details), either verbally or in writing. Please note we have 28 days to comply with any request for data deletion.
Clients and former clients, billing address information: In line with HMRC current requirements for holding accounting and billing information, we are obliged to keep our records for at least 5 years after the 31 January submission deadline of the relevant tax year.
Clients and former clients, treatment notes: To comply with current Chartered Society of Physiotherapy and Holistic Insurance Services recommendations and requirements, we keep treatment notes and patient records for eight years after the conclusion of treatment.
For further information visit www.google.com/policies/technologies/cookies
You can set your browser not to accept cookies and the above website will tell you how to remove cookies from your browser. However, in a few cases some of our website features may not function as a result.
11.How can you access and update your information?
You have the right to request a copy of the information that we hold about you. If you would like a copy of some or all of your personal information, please email or write to us (contact details, section 14). We will process any requests for information (Subject Access Requests) within 28 days, subject to identity verification. We reserve the right to charge a fee if multiple requests are made for the same information or if the request is ‘unfounded or excessive’.
We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate at any time, either verbally or in writing. We have up to 28 days to consider and correct any inaccuracies.
12.Does the policy apply to linked Websites?
Lajos Endre Csoma
By Telephone: 0751 0169 200
By email: email@example.com
15.How can you report a data breach?
If you have concerns that your data has been accessed, shared or otherwise used for purposes not outlined within this document or without your consent. Please contact us as soon as possible and we will investigate the matter. (Contact details provided in section 14)
16.Your rights and your personal data
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:
- The right to request a copy of your personal data which Physio and Hypno Clinic Partnership (data controller) holds about you;
- The right to request that the Physio and Hypno Clinic Partnership corrects any personal data if it is found to be inaccurate or out of date;
- The right to request your personal data is erased where it is no longer necessary for Physio and Hypno Clinic Partnership to retain such data;
- The right to withdraw your consent to the processing at any time;
- The right to request that the data controller provide the data subject with his/her personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), (where applicable).
- The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
- The right to object to the processing of personal data, (where applicable)
- The right to lodge a complaint with the Information Commissioners Office.
If you have any comments or suggestions in relation to this policy or require additional information, please contact us (contact details in section 14).