Privacy Policy

This website is operated by the Lady Basset Physiotherapy Centre. We take your privacy very seriously, therefore we urge you to read this policy carefully because it contains important information regarding:

Who we are,
How and why we collect, store, use and share personal information,
Your rights in relation to your personal information, and
How to contact us/supervisory authorities in the event that you have a complaint

In this policy, "we", "our", or "us" refer to The Lady Basset Physiotherapy Centre.

Our registered office is at:

The Lady Basset Physiotherapy Centre, Church Road, Pool, Cornwall, TR15 3PT.

Introduction

This privacy notice aims to inform you about how we collect and process any information that we collect from you, or that you provide to us. It covers information that could identify you (“personal information”) and information that could not. In the context of the law and this notice, “process” means collect, store, transfer, use or otherwise act on information. It tells you about your privacy rights and how the law protects you.

We are committed to protecting your privacy and the confidentiality of your personal information. Our policy is not just an exercise in complying with the law, but a continuation of our respect for you and your personal information.

We undertake to preserve the confidentiality of all information you provide to us, and hope that you reciprocate.

Our policy complies with the Data Protection Act 2018 (Act) accordingly incorporating the EU General Data Protection Regulation (GDPR).

The law requires us to tell you about your rights and our obligations to you in regard to the processing and control of your personal data. We do this now, by requesting that you read the information provided at http://www.knowyourprivacyrights.org

Except as set out below, we do not share, or sell, or disclose to a third party, any information collected through our website.

Your rights – more details

Encryption of data sent between us

Complaints

Retention period for personal data

Compliance with the law

Review of this privacy policy

Information we collect

1. Information we collect

Data Sources

We will collect and process certain types of data about you, such as:

Identity Data, which may include your first name, last name, date of birth and gender

Contact Data, such as your billing address, email address and telephone numbers

Medical Data, such as information regarding injuries, ailments and symptoms as well as your medical history

Transaction Data, such as details about payments between us and other details of purchases made by you

Technical Data, such as internet protocol addresses, browser type and version, browser plug-in types and versions, time zone setting and location, operating system and platform and other technology on the devices you use to access The Lady Basset Physiotherapy Centre’s website

Usage Data, such as information about how you use The Lady Basset Physiotherapy Centre’s website and services

Whay happens if you don'

2. What happens if you don't give us your personal data?

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform that contract. In that case, we may have to stop providing a service to you. If so, we will notify you of this at the time.

The bases

3. The bases on which we process information about you

The law requires us to determine under which of six defined bases we process different categories of your personal information, and to notify you of the basis for each category.

If a basis on which we process your personal information is no longer relevant then we shall immediately stop processing your data.

If the basis changes then if required by law we shall notify you of the change and of any new basis under which we have determined that we can continue to process your information.

The following sets out the Lawful Basis for the Processing of your information in accordance with Article 6 of the GDPR;

Information we process because we have a contractual obligation with you

1 (b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;

When you book a service from us, or otherwise agree to our terms and conditions, a contract is formed between you and us.

In order to carry out our obligations under that contract we must process the information you give us. Some of this information may be personal information.

We may use it in order to:

provide you with our services at The Lady Basset Physiotherapy Centre

contact you regarding the contracted service i.e. an email/SMS appointment reminder

verify your identity for security purposes

provide you with advice on services and how to obtain them.

We process this information on the basis there is a contract between us, or that you have requested we use the information before we enter into a legal contract.

In order to fulfill the terms of a contract, physiotherapy staff have a professional and legal obligation to keep an accurate record of their interaction with patients. A health record means any record which:

Consists of information relating to the physical or mental health or condition of an individual

Has been made by or on behalf of a health professional in connection with the care of that individual, in accordance with the Data Protection Act.

This record includes all the information relating to the health status and management of the individual patient (Data Subject).

Details can be found at;

https://www.csp.org.uk/system/files/csp_quality_assurance_standards.pdf

https://www.hcpc-uk.org/standards/standards-of-conduct-performance-and-ethics/

https://www.hcpc-uk.org/resources/standards/standards-of-proficiency-physiotherapists/

We shall continue to process your personal data in connection with the services/products you have bought for 8 years after your last treatment. Records concerning young people who have received treatment will be retained until the young person has reached the age of 25. We are required to retain this data for our own records in line with the Chartered Society of Physiotherapy (CSP) guidelines.

Details can be found here;

https://www.csp.org.uk/system/files/publication_files/PD061%20Version%203.2%20Record%20Keeping%20Guidance.pdf

Information we process with your consent

1 (a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes;

Through certain actions when otherwise there is no contractual relationship between us, such as when you browse our website or ask us to provide you more information about our content or services, you provide your consent to us to process information that may be personal information.

Wherever possible, we aim to obtain your explicit consent to process this information, for example, by asking you to agree to our use of cookies and clicking to accept the terms and conditions before sending information on the contact page.

Sometimes you might give your consent implicitly, such as when you send us a message by e-mail to which you would reasonably expect us to reply. Whether you contact us by e-mail, phone or through our website, we collect the data you have given to us in order to reply with the information you need.

We record your request and our reply in order to increase the efficiency of our company. We may keep personally identifiable information associated with your message, such as your name and email address so as to be able to track our communications with you to provide a high-quality service.

We continue to process your information on this basis until you withdraw your consent or it can be reasonably assumed that your consent no longer exists.

You may withdraw your consent at any time by instructing us info@ladybasset.co.uk. However, if you do so, you may not be able to use our website or our services further.

Information we process for the purposes of legitimate interests

1 (f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

We may process information on the basis there is a legitimate interest, either to you or to us, of doing so.

Where we process your information on this basis, we do after having given careful consideration to:

whether the same objective could be achieved through other means

whether processing (or not processing) might cause you harm

whether you would expect us to process your data, and whether you would, in the round, consider it reasonable to do so

For example, we may process your data on this basis for the purposes of:

record-keeping for the proper and necessary administration of The Lady Basset Physiotherapy Centre

responding to unsolicited communication from you to which we believe you would expect a response
protecting and asserting the legal rights of any party

protecting your interests where we believe we have a duty to do so

Special Personal

4. Special Personal Information

Special category data is personal data that needs more protection because of its sensitive nature. This data refers to information concerning your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data.

The GDPR provides elevated protection for this Special personal information by expressly prohibiting their processing without a legal basis to do so.

In order to lawfully process special category data, you must identify both a lawful basis under Article 6 of the GDPR and a separate condition for processing under Article 9

The legal basis in which we process Special Category Data under Article 6 of the GDPR is;

6 1 (b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;

Article 9 of the GDPR sets out a further set of conditions, of which at least one must be fulfilled for the processing of Special Categories of Data to be lawful.

The condition upon which we process Special Category Data is set out in Article 9(2)(h) of GDPR and in Schedule 1 condition 2 of the DPA 2018.

For processing special categories of personal data;

Article 9(2) (h) - Necessary for the purposes of preventative or occupational medicine, for assessing the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or management of health or social care systems and services, carried out by or under the supervision of health professional or social work professional or by another person who in the circumstances owes a duty of confidentiality under an enactment or rule of law.

The relevant basis in UK law is set out in the DPA 2018, in Schedule 1 condition 2. This condition covers the following purposes:

preventive or occupational medicine;

the provision of health care or treatment;

the management of health care systems or services or social care systems or services.

We may ask for details relating to your health and medical conditions – to be able to accommodate them suitably and for the performance of contract. We welcome dialogue with you about what aspects are essential for disclosure in order to be able to perform a safe and professional treatment.

We shall continue to process your special personal data in connection with the services/products you have bought for 8 years after your last treatment. Records concerning young people who have received treatment will be retained until the young person has reached the age of 25. We are required to retain this data for our own records in line with the Chartered Society of Physiotherapy (CSP) guidelines.

CSP Record Keeping Guidance PD061 version 3.1issuingfunctionPractice and Development date of issue November 2016 (amended April 2017)

Information relating payment

5. Information relating to your method of payment

At present we do not accept online payments. Details concerning the methods of payment can be found here. If you have any question please contact one of the team for more details.

Communicating with us

6. Communicating with us

When you contact us, whether by telephone, through our website or by e-mail, we collect the data you have given to us in order to reply with the information you need.

We keep personally identifiable information associated with your message, such as your name and email address so as to be able to track our communications with you to provide a high-quality service.

We continue to process your information on this basis until you withdraw your consent or it can be reasonably assumed that your consent no longer exists.

automated systems

7. Cookies and information we collect through automated systems when you visit our website

By continuing to use our website you are agreeing to our use of cookies. Please read our Cookies Policy for more details.

Personal identifiers from your browsing activity

When you visit our website, we automatically receive information from your web browser or mobile device. Requests by your web browser to our servers for web pages and other content on our website are recorded.

We record information such as your geographical location, your Internet service provider and your IP address. We also record information about the software you are using to browse our website, such as the type of computer or device and the screen resolution.

We use this information in aggregate to assess the popularity of the webpages on our website and how we perform in providing content to you.

If combined with other information we know about you from previous visits, the data possibly could be used to identify you personally.

Creditref

8. Credit Reference

To assist in combating fraud, we share information with credit reference agencies, so far as it relates to clients or customers who instruct their credit card issuer to cancel payment to us without having first provided an acceptable reason to us and given us the opportunity to refund their money.

outside eu

9. Data may be processed outside the European Union

Our website is hosted by Wix.com.

Wix can store your site-visitors' data in a number of locations.

Your personal information may be stored in data centres located in the United States of America, Ireland, South Korea, Taiwan and Israel. Wix may use other jurisdictions as necessary for the proper delivery of their services and/or as may be required by law.

Wix is a global company that respects the laws of the jurisdictions it operates within. The processing of your personal data may take place within the territory of the European Union, Israel or a third country, territory, or one or more specified sectors within that third country, of which, the European Commission has decided that it ensures an adequate level of protection (transfer on the basis of an adequacy decision).

Any transfer to a third country, outside the European Union, that does not ensure an adequate level of protection according to the European Commission, will be undertaken in accordance with the Standard Contractual Clauses (2010/87/EU) set out in Appendix 1 of the Wix Data Processing Agreement (DPA)

links

10. Links

The Lady Basset Physiotherapy Centre website may include links to other websites of interest, not owned or managed by us. Once you have used these links to leave our site, you should note that we do not have any control over that other website. We cannot be held responsible for the privacy of information collected by websites not managed by us and therefore not covered by this privacy statement. Please exercise caution and take time to read the privacy policy applicable for each individual website.

security

11. Security

We will not give, sell or rent your personal data to third parties so they can market their services to you. Nor do we accept advertising from third parties on the Website.

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

how w protect

12. How we protect your information

We will not disclose any patient/personal information to a third party e.g. private organisation, solicitor, employer, police officer without obtaining your explicit consent and in line with Data Protection laws.

Where you have asked a company to act on your behalf e.g. solicitor, we will not release information about you without your explicit consent. Where we receive requests relating to your care by a police officer or employer your information will not be released without your explicit consent or in line with Data Protection laws.

We will only collect the minimum information required to provide and support your care.

Data protection law requires us to only collect information which is relevant to your care and is not excessive

rights

13. Your rights – more details

Right to be informed - you have the right to be informed about the collection and use of your personal data.

Right of access - you have a right to ask us to confirm whether we are processing information about you and to request a copy of the information. For more information on this please contact Sonia Jeffreys at info@ladybasset.co.uk

Right to rectification - you have a right to correct data that we hold about you that is inaccurate or incomplete. You may also ask us to remove information which is inaccurate. You also have the right to complete information which is at the time incomplete.

We want to ensure that your personal information is accurate and up to date. If any of the information that you have provided us with changes, for example if you change your email address, name, contact number, please let us know:

info@ladybasset.co.uk or call us on 01209 698353.

We will update your details as soon as possible and within 30 days.

Right to be forgotten - you have a right to seek the erasure of your data. You may wish to exercise this right for any reason, for example where it is no longer necessary for us to continue holding or processing your personal data you may withdraw your consent. This right is not absolute, as we may need to continue processing this information, for example, to comply with our legal obligations. We may also need to keep some information about you in order to, for example, comply with an instruction not to contact you again.

We will respond to a right to be forgotten request within one 30 days.

Restriction of processing - where certain conditions apply you have a right to restrict the processing of your information. This is an alternative right to the right to be forgotten and it is not an absolute right. If we refuse a request for restriction we will explain why.

We will respond to requests for restriction within 30 days.

Right of portability - you have a right to obtain your personal data from us and reuse it for your own purposes. This includes the right to require us to pass on information we obtained from you to another physiotherapist or organisation.

Right to object - you have the right to object to certain types of processing such as direct marketing.

We may not be able to act on your request if we have a compelling legal reason not to. In the event that The Lady Basset refuses your request under rights of access, we will provide you with a reason as to why, which you have the right to legally challenge.

To access what personal data is held, identification will be required

We will accept the following forms of identification (ID) when information on your personal data is requested: a copy of your driving licence, passport, birth certificate and a utility bill not older than three months. A minimum of one piece of photographic ID listed above and a supporting document is required.

If we are dissatisfied with the quality, further information may be sought before personal data can be released. All requests should be made to info@ladybasset.co.uk or by phoning 01209 698353.

encryption

14. Encryption of data sent between us

We use Secure Sockets Layer (SSL) certificates to verify our identity to your browser and to encrypt any data you give us.

Whenever information is transferred between us, you can check that it is done so using SSL by looking for a closed padlock symbol or other trust mark in your browser’s URL bar or toolbar.

complaints

15. Complaints

In the event that you wish to make a complaint about how your personal data is being processed by The Lady Basset Physiotherapy Centre you have the right to complain to us.

The details for each of these contacts are:

Sonia Jeffreys, The Lady Basset Physiotherapy Centre, Church Road, Pool, Cornwall, TR15 3PT

or email info@ladybasset.co.uk

If a dispute is not settled then we hope you will agree to attempt to resolve it by engaging in good faith with us in a process of mediation or arbitration.

If you do not get a response within 30 days or if you are in any way dissatisfied about how we process your personal information, you have a right to lodge a complaint with the Information Commissioner's Office (ICO).

Further details are here:

https://ico.org.uk/make-a-complaint/.
ICO helpline: 0303 123 1113.

Wycliffe House, Water Lane, Wilmslow, SK9 5AF

We would, however, appreciate the opportunity to talk to you about your concern before you approach the ICO.

retention

16. Retention period for personal data

The Lady Basset Physiotherapy Centre has in place a data life cycle policy to ensure that we keep your data only as long as necessary, considering the data protection principles and codes of best practice.

The Lady Basset Physiotherapy Centre will process personal data during the duration of any treatment and will continue to store only the personal data needed for eight years after the contract has expired to meet any legal obligations. After eight years all personal data will be deleted, unless basic information needs to be retained by us to meet our future obligations to you, such as erasure details. Records concerning minors who have received treatment will be retained until the child has reached the age of 25.

compliance

17. Compliance with the law

Our privacy policy has been compiled so as to comply with the law of every country or legal jurisdiction in which we aim to do business. If you think it fails to satisfy the law of your jurisdiction, we should like to hear from you.

Ultimately, however it is your choice as to whether you wish to use our website.

review

18. Review of this privacy policy

In order to continually comply with the relevant legislation and guidance, we may periodically change this Privacy Policy.

The terms that apply to you are those posted here on our website on the day you visit our website. We advise you to print a copy for your records.

If we make changes to this privacy notice, we will post those changes on our website so that our users and customers are always aware of what information we collect, use, and disclose.

If you have any question regarding our privacy policy, please contact Sonia Jeffreys at info@ladybasset.co.uk

This privacy policy was published on: Nov 2020

This privacy policy was last updated: April 2021