Updated March 2018. Reviewed March 2019
Physio To Go (Scotland) Ltd T/A The Physio Stop
44 Denton Street, Carlisle, CA2 5EG
‘Personal information’ means any information that is capable of identifying you.
‘We’ means Physio To Go (Scotland) Ltd and The Physio Stop.
We collect and process data because we have a legal obligation to do so and it is adequate, relevant and limited to what is necessary.
What information we collect and when
We collect and process information when you telephone the clinic to make an enquiry or appointment, when you email us, when you access our online booking system via our website or if you visit the clinic in person.
At the point of enquiry or booking we may ask you for ;
your date of birth
your telephone number, either landline or mobile or both
your e-mail address
At your appointment at the clinic, we will ask for information regarding your general health, your previous health and information regarding the condition you are seeing advice about.
We will also ask for information regarding any activities you undertake, your employment and any medication you take.
We will also record the findings of a physical examination.
How we use this information.
We use electronic records that are hosted by a third party (BlueZinc IT Ltd)
All information is kept electronically in a file that directly relates to your episode of care.
We use this information;
1. To provide a legal record of any treatment or advice we provide
2. To ensure continuity of care
3. To contact you in regard to your ongoing treatment including sending exercises by e-mail. We use a third party for this service (PhysioTools)
4. To contact you if new information or treatments become available that may be of benefit to you.
5. We may pass information with your permission to other medical professionals who may be involved in your care; this may include GPs, consultants, occupational health departments or other Health and Care Professions.
6. We may use your information for quality feedback purposes.
7. We may use your information for audit purposes.
We do not pass on your information for commercial purposes.
We take all reasonable steps to ensure that our information is kept up to date and rectified if necessary. It is also your responsibility to inform us if any personal information changes.
How long do we keep personal information
We have a legal obligation to retain records for 8 years after the conclusion of treatment.
If the record relates to a child or young person, the records must be kept until the patient’s 25th birthday or 8 years after death.
We may retain electronic records indefinitely for use if you return for another episode of care and for analytical purposes.
How do we protect your information
We take organisational and technical security measures to protect the information against unauthorised disclosure or unlawful processing.
Your rights - Summary
Individual rights – The right to be informed
Under the GDPR an individual has the right to be informed about the collection and use of their data.
The information must be clear and transparent.
We must provide individuals with information including: the purpose for processing their personal data, the retention periods for that personal data, and who it will be shared with. We call this ‘privacy information’.
The right of access
Individuals have the right to access their personal data and supplementary information. They may also request the purpose for which it is being collected, recipients, the retention period, rights of rectification, erasure and objections.
The right of rectification
Individuals may request that a controller rectifies any errors in their personal data or completed if it is inaccurate.
The right of erasure (the right to be forgotten)
Data subjects are entitled to ask a controller to delete their personal data.
This is not an absolute right and is dependent on the legal basis for collecting the data.
Restriction of processing
Data subjects may be entitled to limit the purpose for which the controller can process the data.
This means that they can restrict the way that their data is processed.
Data subjects have the right to transfer their personal data between controllers and to use their data for their own purposes.
Object to processing
A controller must have a lawful basis for processing personal data. If the lawful basis is ‘public interest’ or ‘legitimate interest’ these are not absolute and data subjects have the right to object.
Right not to be evaluated on the basis of automated processing
Data subjects have the right not to be evaluated in any material sense solely on the basis of automated processing of their personal data.
Further information is available from the ICO on the website – www.ico.org.uk.
Individuals also have the right to complain to the ICO.
Disclosure of your information
We may pass information with your permission to other medical professionals who may be involved in your care; this may include GPs, consultants, occupational health departments or other Health and Care Professions.
This information may be passed on in the form of a written letter which is given to you - if this is the case, the letter becomes your responsibility and the protection of its contents is your responsibility.
If the information is passed electronically by email, it will be password protected and we will take all reasonable precautions to transmit the information securely.
All changes will be notified on our website
Physio To Go (Scotland) Ltd
44 Denton Street
Carlisle CA2 5EG
Telephone 01228 525559