Data Protection Privacy Policy
This policy covers the collection, processing and other use of personal data under the Data Protection Act 1998 (“DPA”) and the General Data Protection Regulations (“GDPR”).
We are The Barn Physiotherapy Clinic (“the Clinic”) and are committed to protecting your privacy. We are registered and compliant with the Information Commissioner’s Office (“ICO”). For the purpose of the DPA and GDPR we are the Data Controller and any enquiry regarding the collection or processing of your data should be addressed either in writing to the Data Protection Officer, Sarah Letheren at our address Eastleigh Road, Havant, Hampshire, PO9 2NY or by email to physio@barnphysio.co.uk.
Personal Data
Personal Data (“information”) is the personal information you provide at the time of your initial enquiry and/or registration with the Clinic, comprising: name, full postal address, date of birth, telephone numbers, email address, GP details, consultant details, past medical history, current medications, details of the fees we have charged you and the amounts you have paid.
When completing the registration form, you will be asked to give consent for us to collect and store your information and seek your preference on how we contact you. At each treatment session we are legally required to keep details of your treatment, and to ensure that the information we hold is accurate and up to date. No automated decision making is ever made about your information.
Why we keep your information?
We need to keep information so that we can contact you regarding your appointments. We have a duty to maintain full and accurate records of the care we provide to you and have given in the past. This ensures that we can be consistent in offering you the appropriate treatments and level of care. This data is only used to enable us to provide our services to you, and to meet our contractual and legal commitments to you.
Where we keep your information
This information is kept securely in your personal patient notes (clinical records). All clinical records are stored securely on the premises and electronic data is password protected. Only authorised employees (who have agreed to keep information secure and confidential) have access to this information.
Code of conduct
Our team of Physiotherapists are registered and insured with the Health and Care Professions Council (HCPC), The Chartered Society of Physiotherapy (CSP) and The Acupuncture Association of Chartered Physiotherapists (AACP). We abide by all professional standards of care, code of conduct and data protection.
How we use your information.
We may be required to share certain information, but this will only be with your GP or other medical practitioners, imaging centres and medical insurance companies and only with your expressed permission, and will be limited to the minimum necessary.
At times it may be necessary for us to contact or pass information to a third party such as solicitors and intermediaries, including cases where medical reports are required as part of your treatment.
Under no circumstances will we pass on any of your clinical records unless you have given your written consent.
In the case where the company is sold, all data will go as part of the sale but you retain your “right to erasure” at all times.
Where shared information is of a personal nature, we will send this using a password protected file attached to an email.
How long do we keep your information?
We will keep your personal information only as long as required to fulfil our stated reasons for which it was collected, or for as long as it is legally necessary for us to have sufficient information to respond to issues that may arise in the future.
Your rights
The DPA and GDPR also give you certain rights regarding the information we keep. You have the right to request access to your information, rectify any errors or change any consents previously given, and to request that we erase your details from our system or restrict what we are able to do with it.
You also have the right to complain, or to request that we transfer or make a hard copy of your information available to another medical practitioner should you choose to seek another opinion.
Please contact the Data Controller, in writing, if you wish to exercise any of your rights. If you would like to have your details removed from our system, partially or entirely, we would be happy to comply, provided there is no adverse reason such as a complaint or legal reason for us to do so.
Our Website
This privacy policy also applies to, and can be found on, The Barn Physiotherapy Clinic’s website at www.barnphysio.co.uk (the “Website”). By using the Website you consent to this policy. We are registered with the Information Commissioner’s Office (ICO) for this purpose.
We will collect personal data on this Website only if it is directly provided to us by you the user, e.g. your e-mail address, name, and telephone number, and therefore has been provided by you with your consent. Normally you will only provide such details if you are making an enquiry about our services.
Cookie/Tracking Technology
Our Website uses analytical and statistical tools known as cookies that track the number of visitors to the Website, and help us to understand how visitors use the Website. Personal information is NOT collected by these cookies, or other tracking technology.
Website Security
The transmission of information via the Internet or email is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of data while you are transmitting it to our site; any such transmission is at your own risk. Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorised access.
Feedback
In order that we can continue to meet our contractual commitments to our clients, it may be necessary for us to request feedback on our performance. This feedback may then be recorded in the form of a testimonial on our website. When you register with the Clinic you will be asked to confirm that you are happy for us to contact you for such feedback but we will not use your testimonial unless given separate written consent at the time.
Third party links
You might find links to third party websites on our website. These websites should have their own privacy policies, which you should check. We do not accept any responsibility or liability for their policies whatsoever as we have no control over them.
Changes to this policy
We will review our data protection management annually to ensure that it is still fit for purpose and reflects the requirements of the GDPR. At your next appointment following such updates, we will let you know of the changes to ensure that you remain informed of how we are protecting your personal data.
Version 1 23/05/2018
