The Physio & Sports Injury Clinic Privacy Policy

Effective date: 5th January 2019

The Physio & Sports Injury Clinic is committed to protecting and respecting the confidentiality, integrity and security of the personal information of all individuals whose data we hold. Therefore we want to make it clear what information we collect about you from you, when we collect it and why we collect it. Definitions: ‘We’, ‘Us’ and ‘Our’ = The Physio & Sports Injury Clinic.

  1. Where do we collect personal information

We collect information about you from various sources:

  • when you fill in our online contact forms

  • When you phone us

  • when you email us

  • when you message us via Facebook or Instagram

  • when you fill in a new patient registration form in the clinic

Based upon the information you provide us with, we will communicate back to you in response to your enquiry, to provide the services you request and to manage your account with us fully.

2. Registration

You do not need to register with us to view this website. Registration forms are only required to be filled in when; you arrive at our clinic as a new patient, if you have changed your personal details or if we have changed our terms and conditions then we will ask you to complete a new registration form again. Our registration form requests the following information from you.

  • Name

  • Address

  • Date of Birth

  • Telephone number

  • Email address

  • Your GP practice name

  • Any health insurance provider details (company name, membership no. & authorisation code)

  • Relevant medical conditions

  • Medications you take

  • Your signature (& date of signature) to confirm you agree to our terms of business.

3. How we use your personal information

We collect the above information about you:

  • to create a digital client account record online & a back-up paper record

  • to provide you with the support which you have requested

  • to provide you with a service you would like & also inform you about other services that we offer

  • for management and auditing of our business operations

  • for direct marketing via email, post or phone call (see section 5)

  • to comply with all legal and regulatory obligations

  • to comply with any contractual agreements from referral sources. (E.g. a health insurer or 3rd party intermediary who is funding your treatment). They may require access to your clinical records to authorise treatment sessions for you). This data is only shared with your written permission.

Personal information you provide on your new patient registration form is added to our cloud-based practice management software (WriteUpp) to create a patient account file. The original paper copy is then archived in a securely locked filling cabinet. To request a copy of your data please submit an Access Request in writing to the address below (in section 10). As part of GDPR regulations, *please note that your right to be forgotten will be overridden, as there are legal requirements to keep medical records for a mandatory period of 8 years from your most recent appointment, after which time they are permitted to be destroyed/deleted.

4. PRACTICE MANAGEMENT SOFTWARE data

We take your privacy seriously and will take all reasonable steps to ensure the protection of your data. Your data is stored on cloud-based software - WriteUpp. Access to this software is via password & HTTPS (Hypertext Transfer Protocol Secure) and SSL/TLS (Secure Sockets Layer/Transport Layer Security) authentication. All cloud data is stored on the secure hosting platform - Microsoft Azure along with 256-bit encryption, making it GDPR compliant.

We use this software to record all appointment dates/times, services provided, treatment notes, assessment forms and all finances. From here we are able to send out appointment confirmation & reminders by email &/or text message (if requested). All clinical assessments forms & notes created are locked as ‘Read only’ after 24hrs of creation & cannot be modified again - inline with HCPC regulation. Data stored in this software may also be analysed for marketing purposes to help recall past patients (see section 5).

5. Marketing

We may make contact with you about new, offers and information about other services that maybe of interest to you. This is done using the information you provided on your new patient registration form via: post, email &/or phone call. You have the right to stop us from contacting you for marketing purposes by contacting us in writing to be removed from our marketing list (see section 10.) If, after initially enquiring about our services by phone, email or web-form and you don’t make a booking, your name and email address may still be saved and added to our marketing database to receive periodic email marketing for a period of time thereafter. If you also ‘Like’, ‘Follow’ or ‘Direct Message’ us on our social medial channels (Facebook &/or Instagram), we may re-market our services to you as well through organic and/or paid advertising on these two channels too.

6. Website hosting

The Physio & Sports Injury Clinic website uses HTTPS url authentication. Our website is hosted on the platform - SquareSpace. All personal information you provide in our online web-forms is also therefore subject to SquareSpace’s privacy policy too. This may or may not contain terms as protective as our policy here. By using our website you are agreeing to Square Space’s privacy policy too.

7. Website Cookies

Our websites uses cookies to collect information about you via our host (Squarespace) along with Google Analytics software. Cookies are pieces of information that a websites transfers to an individual’s hard drive for record-keeping purposes to make loading that website quicker in the future. Cookies do not store personal information nor do they retain historical or transactional data. The cookie data we obtain helps us analyse how well our website is performing. We collect data on: traffic sources, total page views, location (via IP address) and the device-type you viewed this site on. We may use the information to make improvements and updates to the website and to tailor our services to our visitors better. You have the option of disabling cookies using your browser preference settings at any time.

8. Other Websites

You will find on this website (www.thephysionorthwales.co.uk) there are hyperlinks to other related websites. This privacy policy only applies to this website only. When you click on a hyperlink which takes you to other websites beyond ours, you are then bound by that new website’s separate privacy policies and terms. The Physio & Sports Injury Clinic is not responsible or liable for the privacy practices & security of any other sites.

E-gift cards are sold on this website via a 3rd party provider (SquareUp). The Physio & Sports Injury Clinic is not liable for the privacy practices & security of your data when you make a purchase through SquareUp. By making a purchase you are agreeing to SquareUp’s privacy/security policies too. Following a purchase, The Physio & Sports Injury Clinic is given the following data from SquareUp to store until the gift card is redeemed: purchases name, recipient’s name, email, voucher code and total amount paid. The Physio & Sports Injury Clinic does not receive any transactional data from any sale.

9. Policy changes

We reserve the right to make changes to our privacy terms at any time. Please feel free to check this page periodically for any changes we may make. Once a change has been made we will amend the “Effective date” at the top of this page.

10. Contact us

If you believe that any information we are holding about you is inaccurate, out-of-date or if you have any other questions about our privacy policy then please notify us in writing: The Physio and Sports Injury Clinic, Le Sport Health and Fitness, Colwyn Avenue, Rhos on Sea, LL28 4RB.