Privacy Notice

This privacy notice sets out how The Practice uses and protects any information that you give.

The practice is committed to complying with the General Data Protection Regulation (GDPR), the Data Protection Act 2018, ICO and HCPC standards.

What type of information do we hold?

  • Personal details such as your address, date of birth, phone number and email address. This is for the provision of assessments, treatment plans/reports, notes/summaries, supervision, training, correspondence, estimates and invoices.
  • Personal details of family members or emergency contact details.
  • Medical history including your GP's name and address.
  • Past and present medical history including x-rays and photographs (if applicable).
  • Information about the assessments, treatment, supervision or training we have proposed and provided along with fees.
  • Notes of conversations or incidents that might occur for which a record needs to be kept.
  • Records of permission or consent for treatment.
  • Email correspondence.
  • Correspondence to other healthcare professions and/or solicitors if relating to a medicolegal case.
  • Financial information relating to your treatment or medicolegal case.
  • Details of any complaints made.

Why do we need to keep this information?

We need to keep records of personal information regarding our clients in order to provide safe and appropriate treatment, supervision and training. It is also used to maintain accurate professional records.

We also need to process personal data about you if we are providing treatment, supervision or training under other health authority/service arrangements and to ensure the proper management and administration of records.

Our legal basis for processing data is:

  • Consent
  • Legitimate interest - Processing is necessary for the performance of our services for clients and for defence of legal claims.
  • Data relating to your health care records is classed as special category data. Our legal basis for processing this is that it falls under Legal claims or judicial acts and Health and Social Care (Article 9 UK GDPR (f,h).

What do we do with your Information?

We will only share your information if it is done securely, and it is necessary for us to do so.

Your personal information may be securely shared with other health and social care professionals involved in your care/treatment.

We may also share your personal information securely to third parties where we are required by law or regulation to do so. This may include:

  • Case Managers
  • Solicitors
  • Insurers
  • GPs, NHS/local authorities

How do we store your Information?

Your Information is stored securely at the practice in paper form and on protected computer systems. Computer information is backed up regularly and may be securely stored awayfrom our premises.

Website

In order to make your visit to our website as user-friendly as possible, and to provide you with all the available features, we collect specific data from the device you used to access our website. This data includes your:

  • IP address
  • Operating system
  • Browser type and version
  • Date and time of access

We may include links to third party websites within our own website. Please note that our Privacy Notice is for our Company and that third party websites have their own policies and procedures.

An evaluation of this data for marketing purposes will not take place. All personal data that we have collected during your visit through the use of session cookies is automatically deleted as soon as the purpose for its collection has been fulfilled. The session data is therefore stored until you end your session (by leaving or closing the website). Details submitted through the 'contact form' are stored as per our standard retention period.

Retention periods

We are required to retain your records while you are a client of this practice and after you cease to be a client for a minimum of 7 years. Retention periods may be changed from time to time based on business or legal and regulatory requirements.

Your rights under GDPR (Adults)

  • Access

You have a right to access the information that we hold about you and to receive a copy. You can make a request in writing or by email.

  • Rectification

You have a right to correct any information that you believe is inaccurate or incomplete. Please contact us to request a change in information.

  • Erasure

You have a right to request that we delete your personal information, although you should be aware that, for legal reasons, we may be unable to erase certain information. You can make a request in writing or by email.

  • Restriction

You have the right to request us to restrict the processing of your personal information for example, sending you reminders for appointments or information about our service. Please contact us to make this request.

  • Portability

You have a right to data portability; this could include supplying your information to another clinician. Please contact us to make this request.

Concerns

If you have any concerns about how we use your information, please contact us in writing or by email.

You can also seek advice from The Information Commissioner's Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, or start a live chat or call helpline on 0303 123 1113.