NEW FOREST PHYSIOTHERAPY SOUTHAMPTON
Everyone has rights with regard to the way in which their personal data is handled. In order to operate efficiently we need to collect and use information about the people with whom we provide a service. This includes our current, past and prospective employees, patients, insurance companies, health professionals and others with whom we communicate.
We regard the lawful and correct treatment of personal information as integral to the success of our operations and to maintaining the confidence of the people we work and communicate with. To this end we fully endorse and adhere to the principles of the relevant legislation of GDPR and any Data Protection/Confidential Laws and regulations.
The regulations say that data must be “processed lawfully, fairly and in a transparent manner in relation to individuals”.
When we receive information from outside practitioners, insurance companies and patients who wish to receive treatment or make an enquiry we may require your name, address, telephone number(s), email address, name of GP, Consultants and medical details for processing. The information required is to ensure that any treatment programme benefits you.
We will contact you using the information provided to us to book appointments, send appointment reminders, exercise sheets, advise videos, advise you of holiday closures, physio / injury related seminars and any other information relevant or related to your treatment. We do not request any personal data from you other than to carry out our business legitimately.
We do not pass on any personal information to any third parties unless it is for legitimate medical or business reasons. For legitimate medical or business reasons we may pass your details onto Medical Professionals, Insurance Companies or our accountants/bookkeeping services. Our accountants/bookkeepers have their own privacy policies in line with legislation.
Keeping Data Safe
The regulations say that data “processed in a manner that ensure appropriate security of the personal data, including protection against unauthorised or unlawful process and against accidental loss, destruction or damage, using appropriate technical or organisational measures”.
Any personal data collected is stored on a computer system that is password protected and only authorised personal have access to this data. Passwords are changed on a regular basis to ensure security. The company computer is kept in a locked clinic when not in use and only those personnel authorised to access the information has access. Back-up of systems are kept on the cloud and the servers are based in the UK.
As part of our legitimate business operations we may keep a manual record of your name, address, telephone numbers, email addresses and other personal information in line with our business. Where possible all the information is stored electronically and any manual records which are no longer required are destroyed by shredding or burning. In the event of any breach of security and data lost then those effect will be informed immediately and a report sent to the Information Commissioner’s Office.
Keeping Information Accurate and Up-to-Date
The regulations say that data “accurate and, where necessary, kept-up-to-date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay”
As a company we will ensure that all the information we hold for you are correct and accurate including spelling of names, addresses, email addresses and telephone numbers.
At the initial point of contact we will check the information supplied. If any of the information you have furnished us with is incorrect, you have the right to contact us and request that this is corrected. Upon any errors being identified we will correct these immediately and inform you that the information has been corrected.
Any requests to rectify any inaccuracies can either be put in writing, email or telephone by the patient.
Processing Data for Limited Purposes
The regulations say that “kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be sorted for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of the individuals”
Any information we are privy to when we are carrying out operations for you are kept confidential. Due to the nature of our business and the fact that your records held by us may be required after treatment has ceased we may hold those records or make them available with your permission to personnel of the medical profession, insurance claim companies or solicitors.
We delete any computer records which hold personal data and are no longer required under any legislation. Any manual records we hold that are no longer required under any legislation are also destroyed either by shredding or burning.
Sharing Personal Data
Under no circumstances will we share your personal data with any other companies for the purposes of marketing/direct sales. Any marketing we do is done under Mail Chimp e mails – who has their own privacy notice. You may opt out of Mailchimp e mails at any time. We may from time to time contact you directly with information regarding our business activities or vital information regarding your treatment or appointments.
Complaints Regarding How We Use Your Personal Data
If you feel that we have not dealt with your questions or queries regarding your personal data adequately under the GPDR regulations then you can use our complaints procedures by emailing us at firstname.lastname@example.org.
If, at the conclusion of complaints procedure you do not feel that we have adequately dealt with your complaint you may make a complaint directly to the: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.
Telephone No. 0303 123 1113 or email email@example.com