At Physio4life, we are committed to maintaining the trust and confidence of our visitors and clients on our website and clinic. In particular, we want you to know that Physio4life is not in the business of selling, renting or trading email lists with other companies and businesses for marketing purposes. As the General Data Protection Regulation (GDPR) comes into effect on the 25th May 2018, we wanted to let you know how we look after your data and in particular personal data.
This website is operated by Physio4life. We take your privacy very seriously, therefore we urge you to read this policy very carefully because it contains important information about us and:
- The personal information we collect about you, our users
- What we do with your information, and
- Who your information may be shared with
Who we are
Physio4life (‘we’ or ‘us’) are a ‘data controller’ for the purposes of the GDPR (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on free movement of such data), we are responsible for and control the processing of, your personal information.
Information we collect
We collect this information for medical treatment within our facility.
- Personal information you provide us
We collect the following personal information that you provide us:
Date of birth
Some examples of when we collect this information include:
When registering to book for an appointment
When registering to inquire about information
- Personal information provided by third parties
The type of third parties include
Insurance Companies (e.g. Bupa, IPRS)
Other governed health bodies
(For the purposes of direct referral or medical collaboration on behalf of the patient)
This information may include:
Date of birth
All information shared to Physio4life from Third Parties and other sources are referrals or collaboration that have been pre-approved by a client who has agreed to share this information.
We will register this information for the following purposes:=
To ensure the client has an account with us
To book the patient in with an appropriate practitioner
To collaborate directly with your medical and health provider
- Personal information you provide about third parties
If you give us information about another person, you confirm that the other person has appointed you to act on their behalf and agreed that you:
Should consent on their behalf to the processing of their personal data;
Shall receive any data protection notices on their behalf; and
Shall consent on their behalf to the transfer of their personal data abroad.
- Monitoring and recording communications
We may monitor communications such as emails and telephone calls for the following purposes:
- Cookies and similar technologies
A cookie is a small text file, which is placed onto your computer or electronic device when you access our website. Similar technologies include web beacons, action tags, local shared objects, (‘flash cookies’) and single pixel gifs. Such technologies can be used to track users’ actions and activities, and to store information about them. We use these cookies and/or similar technologies on our website.
How many times a user visits the website
Which pages a user visits
When someone visits www.physio4life.co.uk we use a third party service, Stat Counter Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way, which does not identify anyone. We do not make, and do not allow Stat Counter Analytics to make, any attempt to find out the identities of those visiting our website.
This information helps us to build a profile of our users. Some of this information may be aggregated or statistical, which means that we will not be able to identify you individually.
You can set your browser not to accept cookies and the websites below tell you how to remove cookies from your browser. However, some of our website features may not function as a result.
For further information on cookies generally visit www.allaboutcookies.org.
How we use the information, we collect
We collect information about our users for the following purposes:
Information collected is registered manually by our admin team for the purposes of booking in clients for a requested treatment at our clinic.
Who your information may be shared with
We may share your information with:
Law enforcement agencies in connection with any investigation to help prevent unlawful activity
We do not share information with third parties, but may share information if requested and agreed by the client to a third party on the client’ behalf.
Keeping your information secure
We will use technological and organisation measures to keep your information secure. These measures may include the following examples:
User accounts access is controlled by a unique username and password; all data is stored on a secure server; payment details are encrypted using SSL.
We are certified to ISO 27001. This family of standards helps us manage your information and keep it safe and secure.
However, while we will use all reasonable efforts to secure your personal data, in using the site you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data that are transferred from you or to you via the internet. If you have any particular concerns about your information, please contact us using the details below.
What rights do you have?
Right to request a copy of your information
You can request a copy of your information which we hold (this is known as a subject access request). If you would like a copy of some or it, please:
- Email, call or write to our data protection officer (see details below)
- Let us have proof of your identity and address (a copy of your driving license or passport and a recent utility or credit card bill), and
- Let us know the information you want a copy of, including any account or reference numbers, if you have them.
- Sign a release form
Electronic copies are free of charge and would be emailed through an encrypted service to ensure security of the data. Paper versions are also available, but will incur a £50 administration fee that will be posted through recorded delivery.
Right to correct any mistakes in your information
You can require us to correct any mistakes in your information, which we hold free of charge. If you would like to do this, please:
- Contact us using the contact details below
- Let us have enough information to identify you (e.g. driving license or passport)
- Let us know the information that is incorrect and what it should be replaced with.
Right to delete your information
Physio4life is a private medical company and do not retain personal data for longer than necessary.
The guidelines that Physio4life follow are in accordance with the GDPR that replaces the Data Protection Act 1998, where records form as legal record of treatment and therefore must be retained safely and securely. The legal requirement to retain records for a certain period relates to the legal period for bringing civil claims under Personal Injury Law or Contract law as defined by the Limitation Act 1980 and The Limitation (Norther Ireland) Order 1989.
An individual has three years to bring a personal injury claim (with some exceptions) and six years if they wish to bring the claim under contract law. Therefore, records must be retained at least until the limitation period has expired.
Physio4life aim to store health records securely for a maximum of seven years based on the above.
CCTV is in place at the premise of Physio4life to protect staff and the business from suspicious transactions and incidents. Data is deleted after 30 days.
Physio4life record telephone conversations for Quality assurance, Training, Fraud Prevention and Compliance. We also have a mute button in place on all of our telephone systems. We use this mute button to ensure we do not record sensitive information (i.e. payment information). You can also request to have your conversation muted. Telephone records are deleted after 6 months.
Right to ask us to stop contacting you with direct marketing
You can ask us to stop contacting you for direct marketing purposes. If you would like to do this, please:
- Email, call or write to us (using the contact details below)
- Let us have proof of your identity and address (a copy of your driving license or passport and a recent utility or credit card bill)
- Let us know what method of contact you are not happy with if you are unhappy with certain ways of contacting you only (for example, you may be happy for us to contact you by email but not by telephone).
- Unsubscribe directly on a campaign
From time to time, we may also have other methods to unsubscribe from any direct marketing including for example, unsubscribe buttons or web links. If such are offered, please note that there may be some period after selecting to unsubscribe in which marketing may still be received while your request is being processed.
If you have any questions about the policy or the information we hold about you, please contact us by:
Email: (Reception) firstname.lastname@example.org
(Data protection officer – Katherine Hoxha) email@example.com (you should contact the data protection officer directly, if you would like to request for a subject access request directly).
125 Upper Richmond Road
Telephone: 0208 704 5998
Calls will be answered at the following times:
Monday – Thursday 0700 – 2200
Friday 0700 – 2000
Saturday 0800 – 1600
Sunday 0900 – 1500
We may record calls for quality and training purposes.