Effective date: 5th January 2019
The Physio & Sports Injury Clinic is committed to protecting and respecting the confidentiality, integrity and security of the personal information of all individuals whose data we hold. Therefore we want to make it clear what information we collect about you from you, when we collect it and why we collect it. Definitions: ‘We’, ‘Us’ and ‘Our’ = The Physio & Sports Injury Clinic.
Where do we collect personal information
We collect information about you from various sources:
when you fill in our online contact form
When you phone us
when you email us
when you message us via Facebook or Instagram
when you fill in a new patient registration form in the clinic
Based upon the information you provide us with, we will communicate back to you in response to your enquiry, to provide the services you request and to manage your account with us fully.
You do not need to register with us to view this website. Registration forms are only required to be filled in when; you arrive at our clinic as a new patient, if you have changed your personal details or if we have changed our terms and conditions then we will ask you to complete a new registration form again. Our registration form requests the following information from you.
Date of Birth
Your GP practice name
Any health insurance provider details (company name, membership no. & authorisation code)
Any current medical conditions
All current medications you are taking
Your signature (& date of signature) to confirm you agree to our terms of business.
3. How we use your personal information
We collect the above information about you to:
to create a digital client account record online & a back-up paper record
to provide you with the support which you have requested
to provide you with a service you would like & also inform you about other services that we offer
for management and auditing of our business operations
for direct marketing via email, post or phone call (see section 5)
to comply with all legal and regulatory obligations
to comply with any contractual agreements from referral sources. (E.g. a health insurer or 3rd party intermediary who is funding your treatment may require copies of your clinical records to authorise care for you). This data is only shared with your written permission.
Personal information you provide on your new patient registration form is added to our cloud-based practice management software (WriteUpp) to create a patient account file. The original paper copy is then archived in a securely locked filling cabinet. To request a copy of your data please submit an Access Request in writing to the address below (in section 10). As part of GDPR regulations, *please note that your right to be forgotten will be overridden, as there are legal requirements to keep medical records for a mandatory period of 8 years from your most recent appointment, after which time they are permitted to be destroyed/deleted.
4. PRACTICE MANAGEMENT SOFTWARE data
We take your privacy seriously and will take all reasonable steps to ensure the protection of your data. Your data is stored on cloud-based software - WriteUpp. Access to this software is via password & HTTPS (Hypertext Transfer Protocol Secure) and SSL/TLS (Secure Sockets Layer/Transport Layer Security) authentication. All cloud data is stored on the secure hosting platform - Microsoft Azure along with 256-bit encryption, making it GDPR compliant.
We use this software to record all appointment dates/times, services provided, treatment notes, assessment forms and all finances. From here we are able to send out appointment confirmation & reminders by email &/or text message (if requested). All clinical assessments forms & notes created are locked as ‘Read only’ 24hrs after creation & cannot be modified again - inline with HCPC regulation. Data stored in this software may also be analysed for marketing purposes to help recall past patients (see section 5).
We may make contact with you about new, offers and information about other services that maybe of interest to you. This is done using the information you provided on your new patient registration form via: post, email &/or phone call. You have the right to stop us from contacting you for marketing purposes by contacting us in writing to be removed from our marketing list (see section 10.) If, after enquiring about our services by phone, email or webform, but don’t make a booking, your name and email address may still be added to our marketing database to receive periodic email marketing for a period of time thereafter. If you also ‘Like’, ‘Follow’ or ‘Direct Message’ us on our social medial channels (Facebook &/or Instagram), we may re-market our services to you as well through organic and/or paid advertising on these two channels too.
6. Website hosting
7. Website Cookies
8. Other Websites
E-gift cards are sold on this website via a 3rd party provider (SquareUp). The Physio & Sports Injury Clinic is not liable for the privacy practices & security of your data when you make a purchase with SquareUp. By making a purchase you are agreeing to SquareUp’s privacy/security policies too. Following a purchase, The Physio & Sports Injury Clinic is given the following data from SquareUp to store until the gift card is redeemed: purchases’s name, recipient’s name & email, voucher code and total amount paid. The Physio & Sports Injury Clinic do not receive any transactional data at any point.
9. Policy changes
We reserve the right to make changes to our privacy terms at any time. Please feel free to check this page periodically for any changes we may make. Once a change has been made we will amend the “Effective date” at the top of this page.
10. Contact us