Privacy Policy

PhysioBoutique's Privacy Policy

PhysioBoutique is committed to ensuring that your and your family's privacy is protected in accordance with the law. This privacy policy explains what information PhysioBoutique may collect, how it is protected and how this information may be used, in accordance with the General Data Protection Regulations 2016 (GDPR) and country-specific data protection legislation.

Legitimate Interest

Your Personal Data is held and processed on the lawful basis that such action is in the legitimate interest of the company in pursuing the purposes described. This has been considered through the use of a legitimate interest assessment which does not outweigh risks to the rights, freedoms and interests of you as the Data Subject.

The purposes of collecting your Personal Data is to provide Physiotherapy Services to you. Personal Data is collected and used for the purpose of delivering the services you have requested from PhysioBoutique.

Any information that we hold on you will only be used in accordance with this privacy policy and any consent (if applicable) that you have provided to us on our website; sign-up forms; on registration as a patient; or during any clinical appointments.

We may change this policy from time to time and the latest copy will always be available on this website page, at our premises and on request. You should check this policy from time to time to ensure that you are aware of the latest version and are happy with any changes. This policy version is effective from 16 October 2018.

Who are we?

PhysioBoutique is the trading name of Physio and Sports Consultancy Ltd, registered in England. Company no 7661301. 36-37 Castle Street, Guildford, GU1 3UQ. Telephone 01483 898307. Email info@physioboutique.co.uk. During this document we may refer to this Company as 'PhysioBoutique', 'we' or 'our' and we are a Data Controller in terms of data protection classification. PhysioBoutique work with several well-known, accredited and trust-worthy Data Processors such as Microsoft, who are also bound by Data Protection and GDPR legislation.

Our Information Security Commitment

PhysioBoutique are committed to ensuring that your information is confidential and secure. In order to prevent unauthorised access or disclosure, we have implemented suitable physical, electronic and managerial procedures to safeguard and secure the information we collect and securely store online, within the clinical environment and within our necessary data processing and storage systems. PhysioBoutique are registered with the Information Controllers Office (ICO), are registered for PCI-DSS compliance as part of our card data security measures.

Defining Personal Data

Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

PhysioBoutique, in the course of its business, is required to process data. Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

What Information may PhysioBoutique collect about me?

We may collect the following information about you as a web-user or social media contact:

• Name, Email address, Birthdate, IP Address, contact details.

In addition, as a prospective or registered patient we may also collect (and legally may be obliged to collect) the following data:

• Additional personal information such as your title
• Contact information including address, email address, contact phone numbers contact information of parent or gaurdian.
• Next of kin or family members already registered with PhysioBoutique.
• Demographic information such as address, postcode, preferences and interests.
• Medical contact information such as GPs, consultants or other allied professionals.
• Health insurance details such as policy number, authorisation code, excess.
• Clinical information including current injury or episode of care, past medical history, family structure and medical history, current or past medications, allergies, social status and history including job title, work status, hobbies, exercise frequency.
• Referral letters, investigation reports or copies, solicitor and health insurance correspondence.

We do not store credit card details and all card transactions are undertaken in accordance with PCI-DSS requirements to ensure that your card data is protected at all times.

How will PhysioBoutique use the information it collects about me?

PhysioBoutique may use your information for several purposes including:

• To provide and improve our services, activities, marketing and online content.
• To provide you with relevant and useful information.
• To contact you regarding a comment or submission you have made on our social media or website.
• To enable us to contact you to deal with your requests or enquiries and provide excellent customer service.
• For service administration such as appointment reminders, invoicing, account updates, clinical follow-up and correspondence.
• For clinical assessment, treatment, management and liaison including correspondence with third parties such as referrers; medical insurers; your GP; consultant; allied or related professionals such as a therapist, personal trainer, Pilates teacher; your employer and any other relevant party.
• We may also use your information to contact you for market research or service improvement purposes. We may contact you by email, phone or mail.
• We may use the information to customise our(s) website according to your interests.
• We may also show you relevant advertising on third party sites.
• For analysis and research purposes to improve our services. This may include analysis of non-identifiable information such as postcode area, age, gender, referral source, appointment type, outcome however organisational measures are taken to ensure that this data is not combined to an extent that it becomes uniquely identifiable. Analysis can include using geodemographic information from external sources such as IP address location; Email open and click rates.

When will PhysioBoutique Contact Me?

PhysioBoutique may contact you:

• In relation to any service, activity or online content you or your child (under 16) have made enquiries about or registered for, in order to ensure that PhysioBoutique can deliver these services, e.g. to verify your email when you sign up for a PhysioBoutique Appointment booking Log-in; to verify a 'bounced' Email address; to help you reset your password; to send you have a appointment reminder, invoice reminder or other 'service' communication.
• In response to a referral from a 3rd party such as a medical professional, medical insurer, care organisation or solicitor.
• In relation to any correspondence we receive from you or any contact, comment or complaint you make to or about PhysioBoutique, it's products, services or content.
• In relation to any clinical services you are using.
• To invite you to participate in surveys about PhysioBoutique ,it's products or services.
• To update you regarding changes to PhysioBoutique's terms and conditions, pricing or financial obligations, policies and practices.

We will never contact you to ask for your PhysioBoutique online password, or other login information. Please be cautious if you receive any emails or calls from people asking for this information and claiming to be from PhysioBoutique.

Will PhysioBoutique share my personal information with anyone else?

We will keep your information within PhysioBoutique except where you have requested for it to be shared with another party or disclosure is required or permitted by law OR

• With government bodies and law enforcement agencies, including for child or adult protection, safe-guarding or where we believe that any breach of applicable laws has taken place.
• We may share your personal information internally. For example, to enable invoicing, internal clinical referral or with another clinician in the absence of your clinician due to holiday or sickness.
• For clinical management and liaison including correspondence with third parties such as referrers; medical insurers; your GP; consultant; allied or related professionals such as a therapist, personal trainer, Pilates teacher; your employer and any other relevant party.

Third parties such as health insurers and GP practices may also store your personal data, will have their own data security policies and are similarly bound by the Data Protection Act 1998, and the General Data Protection Regulation (GDPR) (EU) 2016/679. PhysioBoutique has no control over these and you should contact these third parties directly should you wish to view their privacy policies.

Sometimes PhysioBoutique uses third parties to process or store your information on our behalf, for example to provide card payment services; secure electronic data storage or data analysis. PhysioBoutique requires that these third parties comply strictly with our instructions and that they do not use your personal information for their own business purposes, unless you have explicitly consented to the use of your personal information in this way. Some of the Companies that own software that we use to process data, such as Microsoft (Office 365, TM3, MyPhysioRehab, or Mailchimp, are based outside of the EU however each company has either opted to comply with Data Protection Act 1998, and the General Data Protection Regulation (GDPR) (EU) 2016/679 legislation or have been formally accredited.

PhysioBoutique would only share information in circumstances where such disclosure is permitted under applicable laws, including data protection law.

How long will the PhysioBoutique keep my personal information?

We will hold your personal information on our systems for as long as is necessary for the relevant activity, or as long as is set out in any relevant contract that we may hold with you or for as long as is required by law (whichever is the longest).

The Records Management Code of Practice for Health and Social Care (2016) specifies different time frames and retention strategies for different types of medical records. For example, it specifies the need to keep adult medical records for at least 8 years and those of children and pregnant women, until the child is 25. All patient information processed by PhysioBoutique after 2014 is stored securely in a cloud-based, practice management portal, TM£. BlueZinc IT Ltd own and operate this system, and they have their own extremely stringent internet safeguards, and security policies as a registered data processor.

Can I find out what personal information PhysioBoutique holds about me?

You have the right to request details of the personal information which we hold about you under the Data Protection Act 1998, and the General Data Protection Regulation (GDPR) (EU) 2016/679. Requests should be made in writing to PhysioBoutique , Castle Street Clinic, 36-37 Castle Street, Guildford, GU1 3UQ stating what information you require or alternatively you may complete our Subject Access Request Form via Email. We also require additional identification (copies of two forms of ID) prior to releasing any information.

If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible at the above address. We will use all reasonable efforts consistent with our legal duty to provide or correct the personal information about you on our records.

Right to withdraw data protection consent.

You have the right to withdraw your consent to processing of your personal data at any time by writing to PhysioBoutique , Castle Street Clinic, 36-37 Castle Street, Guildford, GU1 3UQ

Right to be forgotten

You have the right to request the erasure of all personal data that we hold about you if:

• The personal data is no longer necessary for the purpose which it was originally collected or processed
• Consent is the lawful basis for holding the data, and you withdraw your consent
• There is no legitimate interest to continue processing this information
• The personal data is being processed for direct marketing purposes and you object to that processing
• You are required to comply with a legal obligation to request that your data is erased

Please note that there is not an absolute right for data to be erased and certain categories of information relating to healthcare are exempt from this right. Legal and ethical requirements to store or maintain certain documents may mean that we are unable to fully comply with a request to delete personal information that we hold about you however any decision and justification will be communicated to you.

How we use website cookies

A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

We sometimes embed content from social media and other third party websites. These may include YouTube, Twitter, Facebook and Instagram. When you visit a page containing such content, you may be presented with cookies from these websites and these third party cookies may track your use. PhysioBoutique do not control the dissemination of these cookies and you should check the relevant third party's website for more information. If you continue without changing your settings, we'll assume that you are happy to receive all cookies on our website.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

Links to other websites

Our website may contain links to other websites of interest. Once you have used these links to leave our site, you should note that we do not have any control over that other website. We cannot therefore be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. These third party websites have their own privacy policies, and are also likely to use cookies, and we therefore urge you to review them.

Comments functionality on our Blog or website.

PhysioBoutique offers users the possibility to leave individual comments on our blog and on some parts of our website. A blog is a web-based, publicly-accessible portal, through which one or more people called bloggers may post articles or write down thoughts in so-called blogposts. Blogposts may usually be commented on by third parties.

If you leave a comment on the blog, the comments are stored and published, as well as information relating to the date of the commentary and your pseudonym. Your IP address may be visible to, or stored by PhysioBoutique.

If you any questions or comments about this Privacy Policy or the Data Protection Act 1998, and the General Data Protection Regulation (GDPR) (EU) 2016/679 please contact:

The Data Protection Officer

PhysioBoutique

Castle Street Clinic

36-37 Castle Street

Guildford

Surrey

GU1 3UQ

info@physioboutique.co.uk