WHY WE COLLECT DATA
As you may be aware, the General Data Protection Regulation (GDPR) comes into force on Friday 25 May 2018. In accordance with that this updated Privacy Notice aims to give you information on how we collect and process your personal data including any data you may provide by telephone, by email or by completing a registration form for your treatment either for yourself or as a parent or guardian of a child who you wish to receive physiotherapy treatment.
It is important that you read this Privacy Notice together with any other Privacy Notice or Fair Processing Notice we may provide on specific occasions when we are collecting or
processing personal data about you so that you are truly aware of how and why we are using your data.
WHO WE ARE
GW Physiotherapy is a private physiotherapy clinic which also provides Sports Therapy and Massage. We are based on the Ground Floor of North Warehouse, Gloucester Docks,
Gloucester GL1 2FB. We rent a room at North Warehouse managed by Regus. They provide reception staff to greet our clients and a call centre to take all telephone enquiries about
the services we provide. In the clinic there are two Physiotherapists, both of whom are HCPC registered, Qualification details for each of them are listed on our website with information
about their experience and specialities - www.gwphysiotherapy.co.uk.
We have a website – www.gwphysiotherapy.co.uk - When someone visits www.gwphysiotherapy.co.uk standard internet log information is collected in a way which does not identify
anyone. We do not make any attempt to find out the identities of those visiting our website. We will not associate any data gathered from this site with any personally identifiable
information from any source. If we do want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect
personal information and will explain what we intend to do with it. Our website contain links to other websites of interest. However, once you have used these links to leave our site,
you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide
whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
When you use our services, you’ll share some information with us. We want to be upfront about the information we collect and how we use it, who we share it with and the choices we
give you to control, access and update your information. For the purposes of data protection legislation, we are the data controller of your personal data.
We are registered with the Information Commissioners Office in the UK with reference number Z2803200.
We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this Privacy Notice. If you have any comments, questions or requests
Gloucester GL1 2FB or email us at: email@example.com.
INITIAL PERSONAL INFORMATION COLLECTED BY US AND THE WAY IT IS PROCESSED
When you enquire about physiotherapy using our landline, your call may go to our answer phone. The answer phone is only accessible by password by a member of the GW Physiotherapy team. You will then be contacted by a physiotherapist within the team to discuss the nature of your call and ways in which we may be able to help.
If you email us about an appointment the same follow-up procedure applies and you will be contacted by a physiotherapist within the team to discuss the nature of your call and ways
in which we may be able to help.
If you then decide to make an appointment, confirmation of the date and time and who you will be seeing will be forwarded to you and you will be asked whether you are happy for this
to be sent by email or prefer postal confirmation. Your name and preferred means of contact will be entered into our appointment system.
The appointments service and Regus are data processors as defined by General Data Protection Regulations (GDPR).
The appointment system provider has assured us that your information is not accessed by anyone else. The system uses secure communications standards, the databases are encrypted
Data Protection Regulations (GDPR).
The Regus team involvement with GW Physiotherapy is limited to taking your initial call and receiving you at reception when you attend appointments. They have no access to our
Regus has a Data Protection Policy and Data Protection Officer. Staff are trained and have been made aware of legal data protection obligations and the General Data Protection Regulation introduced 25th May 2018.
FURTHER INFORMATION WE COLLECT AND THE REASON WHY
At GW Physiotherapy we aim to provide you with the highest quality of health care. To do this we must keep records about you, your health and the care we have provided or plan to
provide to you. The information will be kept on a written Registration and Treatment form
These records include:
•Basic details about you, such as address, date of birth, telephone number, email address
•Whether you are happy for us to leave messages on any telephone numbers you give us and/or contact you by email
•Date and time of any contact we have had with you
•Notes and reports about your health and medication taken
•Details and records about the health care professional’s assessment, your treatment and care
We may also include relevant information from people who care for you and know you well, such as health professionals and relatives
It is good practice for people who provide care to:
•discuss and agree with you what they are going to record about you
•give you a copy of letters they are writing about you
•show you what they have recorded about you, if you ask.
We rely on you to update us about changes to this information and will ask at each appointment whether there is any change we should note.
HOW WE USE YOUR RECORDS
At GW Physiotherapy we use your records to:
•Provide a good basis for all health care decisions
•Allow us to work with those providing care
•Make sure your care is safe and effective, and
•Work effectively with others providing you with care
We have a duty to
•Maintain full and accurate records of the care we provide to you
•Keep records about you confidential, secure and accurate
•Provide information in a format that is accessible to you (i.e. in large type if you are partially sighted)
Everyone working for GW Physiotherapy has a legal duty to keep information about you confidential. Anyone with access to the data has confidentiality and security clauses written into
their contracts and a Confidentiality Code of Practice is held at GW Physiotherapy to provide guidance on compliance with this. Personal information is held securely and security
protocols are available to remind the team what measures must be taken. Our computer system uses secure communiation standards and security components such as firewalls
to protect our system and your data.
We sometimes need to share information with other health professionals directly involved in a patient’s care in order to give the best possible advice and treatment. We will not share
information that identifies you for any reason, unless:
•you ask us to do so and give us specific written permission;
•we ask and you give us specific written permission;
•we have special permission for health or research purposes and you have given written permission
•you have agreed that we do so with your insurance company or the solicitor handling your case and you have given written permission
In exceptional circumstances we may be required by law to pass on personal data without consent for example, to prevent and detect crime.
No one from the Regus team has access to any infomation about you other than what you choose to give them when you report for your appointment and request a parking pass.
The GW Physiotherapy clinic team has had Data Protection training. Data Protection and the General Data Protection Regulation (GDPR) is an agenda item at regular
clinic meetings and every member of the team is fully aware of the importance not to disclose information they are made aware of in providing a
service and the consequence of sharing personal identifiable information without permission. Also at these meetings we may discuss health circumstances
and treatment given (anonymised) for training purposes.
We have a card payment system. If you choose to pay for your treatment using this system we do not record or keep information on your credit or debit card (such as card number, expiry
We keep a record of all payments processed and record the date paid and method of payment. This enables us to reconcile payments from daily activity and provide transparency of
activity for tax purposes.
HOW LONG YOUR PERSONAL INFORMATION WILL BE KEPT
We will hold your information for as long as you are having treatment with us or as long as is needed to be able to provide support-related reporting.
If reasonably necessary or required to meet legal or regulatory requirements or resolve disputes, we may also keep hold of some of your information as required, even after you have
stopped receiving treatment from us.
The Chartered Society of Physiotherapy advises that the minimum amount of time a standard adult record should be kept is eight years.
TRANSFER OF YOUR INFORMATION OUT OF THE EEA
We have no reason or purpose to transfer your personal information out of the EEA. If you are visiting this country from and are resident in a country out of the EEA or travel frequently in that region and receive treatment we would be happy to provide you personally with details of treatment we have provided. We will ask you to confirm receipt of this information in writing.
CONTROL OVER YOUR INFORMATION
Under the General Data Protection Regulation (GDPR), you have several important rights available to you. In summary, those include rights to:
•Access the personal information we hold about you
•Request that we transfer elements of your data to another service provider
•Request us to correct any mistakes in your information which we hold
•Request the erasure of personal information concerning you in certain situations
•Receive the personal information concerning you which you have provided to us, in a structured format
•Stop any direct marketing
• Object to processing of your personal data
For further information on each of these rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the General Data Protection Regulation (GDPR).
If you would like to exercise any of these rights, please:
•let us have enough information to identify you;
•let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill); and
•let us know the information to which your request relates
We try to respond to all legitimate requests within one calendar month. Occasionally it may take us longer than a month if your request is particularly complex or you have made many
requests. In this case, we will notify you and keep you updated.
KEEPING YOUR PERSONAL INFORMATION SECURE
We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
HOW TO COMPLAIN
We hope that we can resolve any query or concern you may raise about use of your information and are happy to meet with you to resolve any issues.
However, if you are not happy with how GW Physiotherapy manages your personal data you have the right to lodge a complaint to us or the Information Commissioner.
CHANGES TO THIS PRIVACY NOTICE
This privacy notice was published on 14/05/2018 and last updated on 16/10/19.
Any changes we make to this notice will be posted on this page.