Our data privacy statement..…
SPC Physiotherapy & Sports Injury Centre is committed to protecting the privacy of our patients and wants to be clear about the data we collect, how we use it and your rights.
Our Privacy Statement reflects the high standards established by the General Data Protection Regulation (GDPR), a set of laws passed in the European Union.
What data do we collect and for what purpose?
In order to deliver our services to our patients we ask for personal information such as, but not limited to, names, postal addresses, contact numbers, email addresses, GP and payment information. We are committed to recording data accurately and storing it securely to ensure all communications are limited to the intended recipient.
Email addresses and phone numbers will be used to provide appointment information and notifications and will only be used for marketing purposes if you opt-in to those services separately. We do not ask for any personal data unnecessarily.
We only collect data under the following lawful basis:
(a) Consent: the patient has given clear consent for us to process their personal data for a specific purpose. This relates to any patient receiving treatment from us and anyone that has opted in to receive our marketing messages. All private patients will complete our SPC Consent to Treatment and Payment of Fees Form.
(b) Contract: the processing is necessary for a contract we have with the patient, or because you have asked us to take specific steps before entering into a contract.
(c) Legal Obligation: as a healthcare provider we are governed by additional UK laws under which we must conform.
(d) Vital Interests: we ask for some information, such as next of kin details, which we consider to be in the vital interest of our patients due to the nature of our service.
(e) Legitimate Interests: we may contact patients if we feel that we are aware of a new treatment at SPC which can help with a condition they are being treated for.
How it is processed and stored
Our entire patient electronic data is held within our secure environment which is password protected and access to that environment is limited to our small internal administration team. Our website operates under an SSL Certificate providing a secure connection for its users. Any paper data is held within locked filing cabinets inside a secure office environment.
SPC will not provide third parties (other than as is necessary to provide our services) with your information unless legally required to do so or if we believe in good faith that it is appropriate to do so.
Any information provided by you in connection with any financial details will be processed and stored by our payment gateway providers, Global Payments, and may be used by us to facilitate any future transactions with you. For details on our payment providers data policies, please visit: Global Payments
We use certain tracking software that allows us to monitor how our website is used. For example, we are able to track how many times a certain page is viewed. We do not use tracking software to gather personal information about our visitors.
The SPC Website is brought to you by Squarespace, an international website platform with their own privacy rules and terms of service. To read their full privacy statement please click here.
We may link to third party sites, where appropriate, although we are not responsible for the content of those pages or their privacy practices.
We have never and will never sell your personal data to third parties.
How we protect your data
SPC are committed to keeping your data safe and secure and will regularly audit our internal processes and procedures to ensure they continue to maintain our high levels of security.
Should any issues be detected in terms of the use or security of our data, we will firstly ensure that corrective measures are taken to prevent any further breaches. Once the breach has been contained, the event will be fully document and we will analyse its severity. If the breach is considered to be of low severity and pose little risk to individuals, we will ensure it is documented and appropriate measures are taken to prevent a repeat occurrence.
If the breach is considered to be of high severity and have a risk to individual’s rights and freedoms, we will take all measures noted above in addition to notifying the individuals affected and notify the ICO within 72 hours.
How long we retain your data
SPC will only keep data for as long as is deemed necessary. The data we collect is used to fulfill our services and to communicate with customers that have indicated they would like to hear from us in the future. We will perform annual data cleanses to assess the relevance and purpose of the data we hold. Any data considered to be no longer relevant will be securely deleted and this process will be documented. As a healthcare provider we are governed by UK laws which mean that we are obligated to retain patient records for certain periods of time.
Under the GDPR you, as an individual, have the following rights:
1. The right of access
2. The right to rectification
3. The right to erasure
4. The right to restrict processing
5. The right to data portability
6. The right to object to processing
7. Rights in relation to automated decision making and profiling
For more information on your individual rights, please visit: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
To discuss or submit a data access request, please contact firstname.lastname@example.org. If the request is fair and appropriate, we will of course provide the requested information within one month of the request, free of charge.
We do reserve the right to refuse or charge for requests that are manifestly unfounded or excessive. In such a case we will communicate with the patient to explain our reasoning and if a fee is to be charged, the fee will be based on the administrative cost of providing the information requested.
SPC services are only available within the UK and therefore our governing body is the ICO and our data practices have been developed with ICO guidelines and the GDPR practices in mind.
If you have any queries relating to data or privacy, we are here and happy to help so please contact us at email@example.com