BodySync Physiotherapy and Sports Injury Clinic - Privacy Policy

Monday, 11 March, 2019

Introduction
At BodySync Physio and Sport Injury Clinic we know how important your personal information is and we appreciate your trust in us to use and share that information carefully and sensibly. 
This notice, in accordance with the General Data Protection Regulation (GDPR) describes the privacy policy of BodySync Physio and Sport Injury Clinic. By undertaking sessions at BodySync Physio and Sport Injury Clinic, visiting our website or entering details into our website, you are accepting and consenting to the practices described in this privacy notice.
Contents
• Who we are
• The information we process
• The Lawful Basis for Processing Data
• The Information We Hold
• How We Obtain Information
• Our Information Storage Systems
• Transfer of your personal data to third countries and international organisations
• How Long We Keep Your Information – Retention Periods
• Sharing with Third Parties
• Your Rights
• Marketing Information
• Withdrawing Consent
• Complaints
• Updating Your Information
• Children
• Communications
• External Links
• Social Media
• Security
• Notices and Revisions
Who We Are
• Any personal information provided to BodySync Physio and Sport Injury Clinic or to be gathered by is controlled primarily Tamar Sharp.
• The designated Data Controller is:     Tamar Sharp.
• Our Data Processors include:            Tamar Sharp.

The Information We Process
• We use the personal information you give us to provide health services, maintain our accounts and records, carry out our obligations arising from any contracts entered into between you and us, notify you about any changes to our service, enhance the security of our network and information systems, better understand how people interact with our website, improve our website, determine the effectiveness of our promotional campaigns and marketing, promote our services, manage our employees, enhance, modify, personalise or otherwise improve our services and communications for the benefit of you and/or our customers and communicate with you.

• We will communicate with you about your appointments, our products and services, update our records, advise you on applicable offers, and generally maintain your accounts with us. We also display content such as customer reviews and may recommend businesses and services that might be of interest to you. When contacting you for the above purposes we may do so by phone, post, email, or other electronic means, unless you tell us otherwise.
• We also use sensitive information that you provide for such purposes as creating appropriate treatment plans, carrying out appropriate assessment and treatment, providing you with exercise plans and responding to your requests.
• From time to time, your individual physiotherapist may be required to discuss your personal and sensitive information with other BodySync Physio and Sport Injury Clinic staff to provide you with the best possible service and care.
• We receive and store personal information you enter on our website or give us in any other way. You can choose not to provide certain information, but this might mean you miss out on many of our features or it may affect the quality of the care that we can provide to you.

The Lawful Basis for Processing Data
As Physiotherapists, we have a legal obligation to accurately record and store the data we process about individuals that are classified as patients, as determined by the Health and Care Professions Council (HCPC) and the Chartered Society of Physiotherapy (CSP).
In the event that you request goods, services and/or information from us that is not covered by a legal obligation, we will rely on our contractual relationship with you to process your data.
For individuals that do not require us to process personal information under a legal or contractual obligation, the most appropriate lawful ground for processing of your data is our legitimate interests.
In certain circumstances we may also rely on a specific consent provided by you for the processing of your personal data.

The Information We Hold
At BodySync Physio and Sport Injury we will record and store a wide variety of personal and sensitive information to ensure we can fulfil our legal and contractual obligations. The information we gather may include, but not be limited to:
• Personal Details
• Family Details
• Medical Records
• Identifiable Information
• Medical History
• Employment Status
• Social Activities
• Treatment Plans
• Treatment Records
• Preferences
• Consent to Assessment and Treatment
• Authorisation to disclose medical records to designated healthcare professionals and insurance companies
• Contractual Agreements

How We Obtain Information
We gather information from a wide variety of sources including, but not limited to -
• You, the patient/client
o From your interactions between administrative staff and physiotherapists.
o Entering your details into our online enquiry system.
• Your physiotherapist – treatment notes and professional decision making processes
• Health Insurance Companies
• Your GP
• Your Consultant or Medical Professional
• Other Healthcare Porfessionals
• Your Relatives
• Case Managers
• Care Workers
• Your Web Browser
• Filling in forms on our website or at exhibitions or events, including information provided at that time to register for competitions, subscribing to our services, posting material or requesting further information.
• If you contact us, we may keep a record of that correspondence
• We may also ask you to complete surveys from time to time that we use for research purposes, although you do not have to respond to them.
• Details of your visits to our website and emails received including, but not limited to traffic data, location data, web logs and other communication data
Our Information Storage Systems
The information we hold about you is kept in a number of ways and locations. It is updated either manually or automatically depending on the way it is updated.
• Paper Medical Records  / Treatment Notes – these records are created by your physiotherapist on paper. They are kept on site at the clinic you have been treated at most recently in a locked filing cabinet. Any updates you make will be manually recorded.
• Diary / message book – telephone messages are written down in a message book. This may include personal data about you. Message books are stored in a locked cabinet when staff are not present. Information you provide that is taken down in a message book may be used to update your paper record.
• Electronic diary system – Google calendar – to keep a record of past and future physiotherapy appointment.
• Email System – Google mail.
• iZettle – Direct Debit Management System
• Computer records – for basic patient information – name, adress, email and phone contact details, receipts issued, doctors reports issued and received.
How Long We Keep Your Information – Retention Periods
We have a legal responsibility to hold medical information we gather for a period of 8 years following the conclusion of your treatment or after your death.
Personal Information that has been collected in relation to our contractual obligations will be held for a period of 6 years.
Other personal information will only be retained for as long as we believe it is up-to-date.
If you would like us to remove data that is not protected by our legal or contractual obligations, then all you need to do is ask. If you would like us to remove your data from our records, please email bodysyncphysio@gmail.com.
Sharing with Third Parties
Information about our patients/clients/members is confidential. It is an important part of our business and we are not in the business of selling it to others.
We will not share your information with anyone outside BodySync Physio and Sport Injury except:
• Where we have your permission
• With your Health or Medical Insurance Company when it is required to provide funding or with your permission to provide details related to your medical condition
• With your GP if required to provide appropriate medical support
• With other healthcare professionals if required to provide appropriate medical support
• Where we are required by law and by law enforcement agencies, judicial bodies, government entities, tax authorities or regulatory bodies around the world.
• In anonymised form as statistics and other aggregated data shared with third parties, for example as part of research projects.
Your Rights
At BodySync Physio and Sport Injury we want to ensure you are aware of your rights in relation to the personal information we collect and process about you.
If you wish to exercise any of the rights detailed below, if you have a query in relation to the way we use your personal information, or if you wish to complain to our Data Protection Officer, please call 01422 344499 or email us at bodysyncphysio@gmail.co.uk.
Please note that in some cases, if you do not agree to the way we process your information, it may not be possible for us to continue to provide you with our services.
Your Rights include -
• The right of access
You have a right to access personal data held about you. This includes the right to obtain confirmation on whether we are processing any of your personal data, obtain a copy of the data we hold about you, or know more about the way we use your data.
• The right to rectification
You have the right to rectify inaccurate personal information and to update incomplete personal information about you. If you believe that the information we hold about you is inaccurate, you have the right to request that we restrict the processing of that information and to rectify the inaccurate information.
• The right to erasure
You have a right to request that we delete your personal information. You may request that we delete your personal information if you believe that: we no longer need to process your information for the purposes for which it was provided; we have requested your permission to process your personal information and you wish to withdraw your consent; or we are not using your personal information in a lawful manner. In some circumstances we may not be able to delete your data for legal or contractual obligations.
• The right to restrict processing
You have a right to request that we restrict the processing of your personal information. You may request us to restrict processing your personal information if you believe that: any of the information that we hold about you is inaccurate; we no longer need to process your information for the purposes for which it was provided, but you require the information to establish, exercise or defend legal claims; or we are not using your information in a lawful manner.


• The right to data portability
You have a right to data portability. Where we have requested your permission to process your personal information or you have provided us with information for the purposes of entering into a contract with us, you have a right to receive the personal information we hold electronically that you provided to us in a portable format. You may also request us to provide it directly to a third party, if technically feasible. We’re not responsible for any such third party’s use of your personal information, which will be governed by their agreement with you and any privacy statement they provide to you.
• The right to object
You have a right to object to the processing of your personal information. This relates to information we process under legitimate interests, unless we can provide compelling and legitimate grounds for the processing, which may override your own interests, or where we need to process your information to investigate and protect us or others from legal claims.
Marketing Information
You have the absolute right to object to us processing your personal information for direct marketing at any time. Unless you have told us not to, we will send you marketing information relating to products and services that we think will be of interest and relevant to you. If you no longer want to receive these communications you can tell us at any time by contacting us on the details above, or using the links provided in direct marketing emails.
Withdrawing Consent
You have a right to withdraw your consent. Where we rely on your consent to process personal information, you have a right to withdraw your consent at any time. We will always make it clear where we need your permission to undertake specific processing activities.
Complaints
You have a right to lodge a complaint with the regulator. If you are unhappy about the way we have used your personal information or the way we have dealt with any request you have made under your rights, please contact our Data Protection Officer who will investigate the matter. We hope this will rectify the situation to your satisfaction, but if you are still unhappy, you can contact the Information Commisioners Office (ICO). For more information, visit www.ico.org.uk.
Updating Your Information
To update the information we hold about you, you may do one of the following:
In Person -
Please visit us at the clinic to update any of your details in person. Clinical information may require you to see a physiotherapist before your clinical record can be updated.
Email: Bodysyncphysio@gmail.co.uk
You can update your address or email address by email. Please therefore ensure the email address you provide is up to date. If you would like to send us clinical information, you can do this but unfortunately we cannot guarantee the safety of this email during its journey to us.
Phone: 01422 344499.
You can update any of your details over the phone, but we may require you to provide additional information to confirm your identity before we can make certain changes.
Children
Clients under the age of 18 must be accompanied by a parent or guardian that can take responsibility for their care. Consent for all treatment plans must be given by both the client and parent or guardian to allow us to treat the individual.
If you or your child do not wish to receive emails or other communications from us please let us know by contacting 01422 344499 or email Bodysyncphysio@gmail.co.uk.
Communications
We will contact you for a number of reasons, and in a variety of ways. Below we have included some, but not necessarily all, of the communication channels that may be used between us and you.
If you would like to stop a particular type of communication, please contact us.
Email Messaging
We use two forms of email systems to communicate with our patients.
Individual Emails – We use Google mail to communicate individual information related specifically to you that is not part of our automatic appointment email communication
Marketing Emails – We may use a bulk email system to send out marketing and promotional emails to the clients on our list, and to respond automatically.
External Links
Although this website only aims to include quality, safe and relevant external links, users are advised adopt a policy of caution before clicking any external web links mentioned throughout this site.
BodySync Physio and Sport Injury Clinic cannot and does not guarantee or verify the contents of any externally linked website. You therefore click on external links at your own risk and BodySync Physio and Sport Injury Clinic cannot be held liable for any damages or implications caused by visiting any external links on this Site.
 
Social Media
Communication, engagement and actions taken through external social media platforms that this website and its owners participate on are custom to the terms and conditions as well as the privacy policies held with each social media platform respectively.
Users are advised to use social media platforms wisely and communicate/engage upon them with due care and caution in regard to their own privacy and personal details. BodySync Physio and Sport Injury Clinic will never ask for personal or sensitive information through social media platforms and we encourage users wishing to discuss sensitive details to contact us through our primary communication channels i.e telephone or email.
This website may use social sharing buttons which help share web content directly from web pages to the social media platform in question. Users are advised before using such social sharing buttons that they do so at their own discretion and note that the social media platform may track and save your request to share a web page respectively through your social media platform account.
Security
BodySync Physio and Sport Injury Clinic is committed to ensuring that your information is processed and kept securely with us and the third parties that act on our behalf.
Notices and Revisions
If you have any worries about privacy at BodySync Physio and Sport Injury Clinic please e-mail us a thorough description of your concerns and we will try to resolve the issue for you. Our business changes constantly and our Privacy Notice and the Terms & Conditions will also change. Please check our website frequently to note any recent changes.

Latest News & Offers