The Physio & Sports Injury Clinic Privacy Policy

Effective date: 20th July 2019

The Physio & Sports Injury Clinic is committed to protecting and respecting the confidentiality, integrity and security of the personal information of all individuals whose data we hold. Therefore we want to make it clear what information we collect about you from you, when we collect it and why we collect it. Definitions: ‘We’, ‘Us’ and ‘Our’ = The Physio & Sports Injury Clinic.

  1. Where do we collect personal information

We collect information about you from various sources:

  • when you fill in our website contact forms

  • When you phone us

  • when you email us

  • when you message us via Facebook or Instagram

  • when you fill in a new patient registration form in the clinic

Based upon the information you provide us with, we will communicate back to you in response to your enquiry, to provide the services you request and to manage your account with us fully.

2. Registration

You do not need to register with us to view this website. Registration forms are only required to be filled in when; you arrive at our clinic as a new patient, if you have changed your personal details or if we have changed our terms and conditions then we will ask you to complete a new registration form again.

3. How we use your personal information

We collect the above information about you:

  • to provide you with support which you have enquired about

  • to provide you with the service which you have requested

  • to create a digital client record online on cloud-based practice management software - WriteUpp (see section 4).

  • to inform you about other services we offer that may complement your treatment with us via email, post or phone call (see section 5).

  • for management and auditing of our business operations

  • to comply with all legal and regulatory obligations

  • to comply with any contractual agreements from referral sources. (E.g. Health Insurance or any 3rd party referral companies who may be funding your treatment on your behalf).

To request a copy of any of your data then please submit an ‘Access Request’ to us in writing to the address below (in section 10). As part of GDPR regulations, *please note* that your right to be forgotten will be overridden, as there are legal requirements to keep medical records for a mandatory period of 8 years from your most recent appointment, after which time they are permitted to be destroyed/deleted.

4. PRACTICE MANAGEMENT SOFTWARE data

We take your privacy seriously and will take all reasonable steps to ensure the protection of your data. Your data is stored on cloud-based software - WriteUpp. Access to this software is via password & HTTPS (Hypertext Transfer Protocol Secure) and SSL/TLS (Secure Sockets Layer/Transport Layer Security) authentication. All cloud data is stored on the secure hosting platform - Microsoft Azure along with 256-bit encryption, making it GDPR compliant.

We use this software to record all appointment dates/times, services provided, treatment notes, assessment forms and all finances. From here we are able to send out appointment confirmation & reminders by email & text message (if requested). All clinical assessment forms & notes created are locked as ‘Read only’ after 24hrs & cannot be modified again (inline with HCPC regulations). Data stored in this software may also be analysed for marketing purposes to help recall past patients (see section 5).

5. Marketing

We may make contact with you in the future about clinic news, offers and information about other services that maybe of interest to you, using the information you originally provided to us. We may contact you via post, email &/or phone call. You have the right to stop us from contacting you for marketing purposes at any time by contacting us in writing to be removed from our marketing list (see section 10.) If you have enquired about our services by any means but you don’t end up attending any appointments, your details given may still be saved and added to our marketing database to receive direct marketing for a period of time thereafter. If you also ‘Like’, ‘Follow’ or ‘Direct Message’ us on our social medial channels (Facebook &/or Instagram), we may re-market our services to you as well through organic and/or paid advertising on these two channels too.

6. Website hosting

The Physio & Sports Injury Clinic website uses HTTPS url authentication. Our website is hosted on the platform - SquareSpace. All personal information provided through our online web-forms on this site is therefore subject to the privacy policy & terms of SquareSpace too. By using our website you are agreeing to Square Space’s privacy policy too.

7. Website Cookies

Our websites uses cookies to collect information about you via our host (Squarespace) along with Google Analytics software. Cookies are pieces of information that a websites transfers to an individual’s hard drive for record-keeping purposes to make loading that website quicker in the future. Cookies do not store personal information nor do they retain historical or transactional data. The cookie data we obtain helps us analyse how well our website is performing. We collect data on: traffic sources, total page views, location (via IP address) and the device-type you viewed this site on. We may use the information to make improvements and updates to the website and to tailor our services to our visitors better. You have the option of disabling cookies using your browser preference settings at any time.

8. Other Websites

You will find on this website (www.thephysionorthwales.co.uk) there are hyperlinks to other related websites. This privacy policy only applies to this website only. The Physio & Sports Injury Clinic is therefore not liable for the privacy practices & security of any other website which you may be forwarded onto via any hyperlink off this website.

E-gift cards are sold on this website via a 3rd party provider (SquareUp). The Physio & Sports Injury Clinic is not liable for the privacy practices & security of your data when you make a purchase through SquareUp. When making a E-gift card purchase you are agreeing to SquareUp’s privacy/security policies as well. Following an E-gift card purchase, The Physio & Sports Injury Clinic are given the following data from SquareUp to store until the gift card is redeemed: Purchases name, Recipient’s name, Email, Voucher code and Total amount paid. The Physio & Sports Injury Clinic do not receive any transactional data from E-gift card sales.

9. Policy changes

We reserve the right to make changes to our privacy terms at any time. Please feel free to check this page periodically for any changes we may make. Once a change has been made we will amend the “Effective date” at the top of this page.

10. Contact us

If you believe that any information we are holding about you is inaccurate, out-of-date or if you have any other questions about our privacy policy then please notify us in writing:

The Physio and Sports Injury Clinic, Le Sport Health and Fitness, Colwyn Avenue, Rhos on Sea, LL28 4RB.