Body Performance Physiotherapy is registered with the Information Commissioner’s Office - ICO Data Protection Licence: ZA038881
We take the security of your personal information very seriously and the notice below sets out your rights when using our website or visiting us in clinic and how Body Performance Physiotherapy, uses, retains and discloses personal information.
Please read this statement carefully to understand our policies and practices regarding how we will treat your personal data.
- Who we are
- What categories of personal data we collect about you and why
- How we maintain the confidentiality of your information
- Sharing your information
- Access to your information
This information also explains what rights you have to control how we use your information.
Who we are:
Lindsay Collings Practice Owner, Physiotherapist
Body Performance Physiotherapy trading at 688 South 5th street, Milton Keynes MK9 2FX
The categories of Personal Data we may collect about you and why:
- Personal information about who you are: such as your name, address, telephone number, email address and date of birth. It is necessary for the administration of our services to collect and process sensitive information, such as; your medical history, any previous investigations and other health professionals involved in your care. In such cases, we will always explain what information we require and why it is needed. Such data will always be processed and stored securely.
- Background Data including gender, identification such as driving licence number/ passport number, NHS number.
- Financial Data No financial details are stored with Body Performance Physiotherapy.
- Marketing and Communications Dataincluding your preferences in receiving marketing from us and appointment email and text reminders.
We do not share your information with any third parties unless we have your consent and they are relevant to your treatment, for example, your GP or another health professional or your referring party, such as an insurer. With your consent, we will send out exercise prescriptions via email we use an agency called ‘rehab my patient’. They are GDPR compliant.
Providing we have your consent, occasionally we may send you information in the form of a newsletter of latest offers. You may withdraw from this at any time by letting us know by any convenient method (email/text/verbal) We use Mailchimp to deliver newsletters via email and they are GDPR compliant.
Profile Data when you like, follow or connect with us on our social media such as our Facebook page, Twitter or Instagram you are providing your consent. Feedback, posts and survey responses may be viewed by us and others on the page should you decide to post or comment on our posts. We will not share your name without your permission.
- Photograph and Recordings Data including photographs, video and audio recordings in which you are identifiable for case studies. These will not be shared without your permission and if you do consent these will be anonymised should you request
- Cookies. Body Performance Physiotherapy, www.bodyperformance.co.uk website uses "cookies" which enables us to personalise your use of our website (for example by retaining your visit history, cookies allow the website to tailor the pages and create a custom experience for you. Most browsers allow users to turn off the cookie function - this will not prevent you from using most features of our website
How we maintain the confidentiality of your information:
- Physiotherapists have a professional and legal obligationto retain your health records in accordance with applicable legislation, protocols and guidelines for eight years after your most recent appointment for adult records and for children eight years after their 18 birthday or until 25 years of age.
- A 'health record' is any record which consists of information relating to the physical or mental health condition of an individual, and has been made by or on behalf of a health professional in connection with the care of that individual
- The clinic will securely destroy and dispose of the records after this period of time. We are committed to protecting your privacy and will only use information lawfully in accordance with the General Data Protection rules 2018 and the Health Care Professions Council (HCPC)
How your records are stored:
- On paper, in locked filing cabinets and premises are locked and alarmed out of working hours
- Our office computers which are password protected and backed up regularly and stored on an external secure server.
- On our web-based programme Cliniko, allowing the practitioners a platform for booking appointments and sending reminders, emailing invoices, preparing clinical letters, writing medical notes. This system is secure, password protected and GDPR compliant.
- Rehab my patient - an exercise platform allowing the practitioner to send you rehab exercise programmes with your consent. They are GDPR compliant.
Sharing your information:
There are several reasons why we share information. This can be due to:
- Our obligations to comply with current legislation, such as safeguarding
- You have consented to disclosure to a referring party, GP, other health care professional.
Access to your personal information / Data access service request (DARS)
The Data Protection Act 1998 gives you the right to see the information that Body Performance Physiotherapy holds about you and why.
Requests must be made in writing to the clinic address above and you will need to provide:
- Full name, address, date of birth, so that your identity can be verified, and your information located.
- an indication of what information you are requesting to enable us to locate this in an efficient manner
- There is no charge for copies of your file.
- We aim to comply with requests for access to personal data as quickly as possible. We will ensure that we deal with requests within 30 days of receipt unless there is a reason for delay that is justifiable under the Data Protection Act.
- You will need to provide photo ID when you collect the information
Change of details:
- We want to make sure that your personal information is accurate and up to date, such as change of address, telephone numbers, please keep the practitioner updated on any change of medication and/or medical history too. If you think any information is inaccurate or incorrect then please let your practitioner know so we can update the records, we hold about you.
Your right to be forgotten:
- Under Article 17 of the GDPR individuals have the right to have personal data erased. This is also known as the 'right to be forgotten'. The right is not absolute and only applies in certain circumstances. Physiotherapists are health professionals and we have a legal obligation to keep your records for a set timeframe as mentioned above and at this point, they will be destroyed. Prior to this legal obligation, this right may not apply.
Objections / complaints
- We want you to be confident that we are treating your personal data responsibly and that we are doing everything we can to make sure that the only people who can access that data have a genuine need to do so.
- If you feel that we are mishandling your personal data, you have the right to complain. please let us know by contacting the 'Data Controller', the clinic owner, Lindsay Collings.
- If you are still unhappy, you can then complain to the Information Commissioner’s Office via their website (ico.gov.uk).