Marta Downer Physiotherapy is responsible for keeping and processing your personal information securely.
The information you give me will only be used to provide services to you. Information required will include your name, date of birth and contact information, specific information regarding the health matter you are contacting me for and any relevant previous medical history.
The processing of your personal data is governed by the General Data Protection Regulation 2016/679 (GDPR).
I comply with GDPR obligations by:
- keeping your personal data up to date
- storing and destroying it securely
- not collecting or retaining excessive amounts of data
- not keeping the data for longer than necessary
- protecting personal data from loss, misuse, unauthorised access or disclosure
- by ensuring that appropriate physical and technical measures are in place to protect it
I will only use your personal information for the purposes of:
- Providing healthcare services to you
- Maintaining my own business accounts and records
- Communicating with 3rd party data controllers as necessary
- Providing you with clinic news or special offers that may be deemed to be relevant to you by the clinic
I hold your personal information in a combination of both paper and computer formats.
Under Article 6 of GDPR my ‘lawful basis’ is deemed to be that of Legal Obligation. I have a professional and legal obligation to process your data to keep an accurate record of my interaction with you in accordance with my membership of the Chartered Society of Physiotherapy. I also have a legal obligation to maintain financial information for tax recording purposes
Your personal information will be treated as strictly confidential and will only be shared with:
(a) the 3rd party data controller who, professionally, may have referred you to us (e.g. your GP or Consultant); or
(b) if necessary, and in the patient’s best interest, update or share discharge reports with another healthcare professional in relation to the healthcare matter you have consulted us about.
In order to comply with my professional and legal obligations as a member of the Chartered Society of Physiotherapy any health-related information will be kept for a period of 8 years from the date of last entry.
I do not expect to treat any children.
Unless the matter is subject to an exemption under GDPR, you have the following rights with respect to your personal information:
- To request a copy of the personal information that I hold about you.
- That I correct any personal information if it is inaccurate or out of date.
- To have it erased where it is no longer necessary for me to retain it.
- Where there is a dispute in relation to the accuracy or processing of your personal information, to request a restriction is placed on further processing until such a time as the dispute is resolved.
- To lodge a complaint with the Information Commissioners Office.
I do not transfer any data outside of the UK or use Automated Decision Making.
If I wish to use your personal data for a new purpose, not covered by this Data Privacy Notice, then I will provide you with a new notice explaining this prior to commencing the processing and I will set out the relevant purposes and processing conditions.
MONITORING COMPLIANCE AND EFFECTIVENESS
If I am unable to answer any concerns sufficiently and you would like to make a formal complaint, this will be taken seriously for lessons learnt, for transparency, and best practice. You may request a ‘Complaints Policy’. If necessary, incidents may be escalated up to CSP (Chartered Society of Physiotherapy) and / or HCPC (Health and Care Professions Council).