Data Protection Officer: Madeleine Boots
What type of information we have:
We currently collect and process the following information:
· Personal identifiers, contacts and characteristics (e.g. emails, name and contact details)
· Healthcare Information
How we get the information and why we have it:
Most of the personal information we process is provided to us directly by you for one of the following reasons:
· You have subscribed to our mailing list via our website or social media
· Sent us your details via our website ‘contact us’ section
· You have consented to assessment and treatment
We also receive personal information indirectly, from the following sources in the following scenarios:
· Your general practitioners or healthcare provider if this is relevant and appropriate to you care. Your consent will be sought before this would take place.
Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:
(a) Your consent. You are able to remove your consent at any time. You can do this by contacting Madeleine Boots (firstname.lastname@example.org)
(b) We have a contractual obligation.
(c) We have a legal obligation.
(f) We have a legitimate interest.
What we do with the information we have
We may share this information with other agencies or healthcare providers involved in your care. You will be advised of this and have a right to refuse you data being shared in these instances. There may be instances where clinician’s have a legitimate legal reason for sharing data with other health care providers. In these instances you will be informed.
How we store your information
Your information is securely stored within the business premises within filing cabinets, only accessed by the clinician. Digital data will be stored on password protected computers with a weekly hard drive encrypted back up.
We keep healthcare information for the time periods set out in the bullet points below. Health care notes which remain dormant after 1 year will be scanned to an encrypted hard drive. Data will be disposed of by shredding or deleted from digital drives after the appropriate time period, or when individuals opt out from our marketing lists.
Your data protection rights
Under data protection law, you have rights including:
Your right of access - You have the right to ask us for copies of your personal information.
Your right to rectification - You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing - You have the right to ask us to restrict the processing of your information in certain circumstances.
Your right to object to processing - You have the the right to object to the processing of your personal data in certain circumstances.
Your right to data portability - You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Please contact us by emailing email@example.com if you wish to make a request or by post to:
Physio Therapies Inspire
How to complain
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Helpline number: 0303 123 1113