Grantham Physiotherapy Practice is committed to protecting and respecting your privacy. We understand that your personal data is entrusted to us and appreciate the importance of protecting and respecting your privacy. To this end, we comply fully with the data protection law in force in the UK (“Data Protection Laws”) and with all applicable clinical confidentiality guidelines.
For the purpose of Data Protection Laws, the data controller is Grantham Physiotherapy Practice Ltd.
What personal data may we collect from you?
When we refer to personal data in this policy, we mean information that can or has the potential to identify you as an individual. Accordingly, we may hold and use personal data about you as a customer, a patient or in any other capacity, for example, when you visit one of our websites, complete a form, access our services or speak to us.
Personal data we collect from you may include the following:
information that you give us when you enquire or become a customer or patient of us or apply for a job with us including name, address, contact details (including email address and phone number)
details of referrals, quotes and other contact and correspondence we may have had with you
details of services and/or treatment you have received from us or which have been received from a third party and referred on to us
information obtained from customer surveys, promotions and competitions that you have entered or taken part in
notes and reports about your health and any treatment and care you have received and/or need, including about clinic and hospital visits and medicines administered
patient feedback and treatment outcome information you provide
information about complaints and incidents
a record of the money we have received or is owed to us by yourself.
When do we collect personal data about you?
We may collect personal data about you if you:
enquire about any of our services or treatments
register to be a customer or patient with us or book to receive any of our services or treatments
fill in a form or survey for us
fill out a form on our website
participate in a competition or promotion or other marketing activity
contact us, for example by email, telephone or social media.
What personal data we may receive from third parties and other sources?
We may collect personal data about you from third parties such as:
Insurance providers will pass Grantham Physiotherapy Practice personal data of patients who have commenced a claim and require treatment with Grantham Physiotherapy Practice. This will normally be in the form of a referral and may consist of basic details e.g full name, date of birth, address, contact number and email address and the type of procedure/treatment they require.
How do we use your personal data?
We normally process personal data if it is:
necessary to provide you with our services - to enable us to carry out our obligations to you arising from any contract entered into between us and you including relating to the provision by us of services or treatments to you and related matter such as billing, accounting and audit, credit or other payment card verification and anti-fraud screening
in our or a third party's legitimate interests to do so e.g private medical insurer
required or allowed by any applicable law
with your explicit consent e.g direct marketing communications.
Generally, we will only ask for your consent to processing if there are no other legal grounds to process. In these circumstances, we will always aim to be clear and transparent about why we need your consent and what we are asking it for. Where we are relying on consent to process personal data you have the right to withdraw your consent at any time, please see details below.
Your right to be forgotten
You have the right to have your personal data deleted or amended on request and to withdraw treatment consent at any time. However, we are required by law to retain medical notes pertaining to treatment episodes.
How to request access to personal data
Put your request in writing specifying the personal data you want to access. Send the request to Grantham Physiotherapy Practice Ltd or email firstname.lastname@example.org. If someone else is making this request on your behalf, you must send us a signed and dated statement that you give your consent for this.
You have the right to request that we correct any inaccuracies in your data. If you wish to do this, please follow the same guidelines as above for requesting personal data. Please be specific as to the information that requires correction and the new information that should replace it.
You also have the right to ask us to stop processing your personal data for direct marketing purposes. If you wish to exercise this right, you should:
put your request in writing
provide us with enough information to identify you.
GDPR require a child’s parents to give consent to use their data, therefore it is essential that we document any processes related to the collection of children’s data.
The collection of children’s data does not vary from the collection of adult data except that the parent/guardian email address and home address will be used. The storage of notes for children will be 30 years. Consent to collect data is requested from the parent at time of first attendance.
What we would do if there was a data breach?
If there was a data breach the source of the breach would be investigated. The measures put in place to rectify the data breach and prevent future breaches would be documented and audited. Patients affected by the data breach would be informed.