Hillview Physiotherapy and Sports Injuries Clinic Ltd
Hillview Physiotherapy is committed to protecting your personal information.
This policy sets out the basis on which personal data we collect from you, or that you provide to us, will be used by us.
All personal data must be dealt with properly, however it is recorded and used – whether on paper, in a computer or recorded on other material – and there are safeguards to ensure this in the Data Protection Act 1998.
For the purpose of the Data Protection Act 1998 the data Controller is:-
Hillview Physiotherapy and Sports Injuries Clinic (c/o Chancery House 30 St Johns Road, Woking, Surrey GU21 7SA )
Postal Address: 3 Heathside Road, Woking Surrey GU22 7QP
Tel: 01483 766668
We regard the lawful and correct treatment of personal information as very important to successful operations and to maintaining confidence between those we deal with and ourselves. We ensure that our organisation treats personal information lawfully and correctly.
Health and Personal Data information we may collect from you:
Health data: We have to ask you questions about your present and past health in order to provide the appropriate plan of treatment for you. This information is stored securely but may be shared between therapists in the clinic if they are providing an episode of treatment.
We are legally obliged to retain all medical data for eight years to coincide with legal requirements and professional standards. For patients under the age of 18 years, records must be kept until the age of 25 (26 if treated in their 18th year).
We will only keep your records for as long as necessary to fulfil the purpose it has been collected for, satisfying any legal, accounting or reporting requirements. After the required number of years your data is disposed of securely.
Computerised records (closed practice management system) consisting of contact details, treatment dates, insurance details and payments; will be retained indefinitely unless deletion is requested (after 8 years, as above).
Identity and contact data: may include your full name and date of birth, marital status, gender, postal and email address and telephone numbers.
Financial and transaction data: may include your bank account and payment card details and Insurance company membership and authorisation numbers. All information and payment transactions you provide to us will be stored securely.
How we use your data:
Legally we will only use your data to perform the contract between us.
We use Consent as a Legal Basis for processing your personal data and where it is necessary for performance of a contract for which you are a party, in compliance with our binding legal obligation to perform such processing.
We may be required to discuss or write to your GP, Consultant, or other health professionals in order to facilitate further management of your condition. We would always gain your consent prior to doing this and this will be by email, post or in person.
Many health insurance companies now require regular progress updates prior to authorising more treatment and at discharge. We will always discuss this with you. We or your Insurance Company will have gained your consent for this prior to authorising your treatment episode with us.
We will use your home/mobile numbers or email, for appointment reminders, treatment discussion and patient accounts.
We may use your data to provide you with information, products or services that you request from us or which we feel may interest.
To allow you to participate in interactive features of our service, when you choose to do so.
To notify you about changes to our service.
If you are an existing customer, we will only contact you by electronic means email or SMS with information about goods or services similar to those which were the subject of a previous sale/service.
Disclosure of your information:
We may disclose your personal information to any member of our group.
We may disclose to third parties, with your consent i.e. medical professional.
In the event we buy or sell any business assets in which case we may disclose your personal data to the prospective buyer.
If Hillview Physiotherapy Ltd or substantially all of its assets are acquired by a third party in which case personal data held by it about its customers will be one of the transferred assets.
We require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. We will not sell any of personal information to any third parties (other than if we sell or transfer our business or part of it).
Our website may from time to time contain links to and from the websites of our partner networks advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies.
Please check these policies before you submit any personal data to these websites.
Data Protection Act 1998 (C.29):
Specifically, Hillview Physiotherapy Clinic requires that personal information:
Shall be processed fairly and lawfully, and in particular, shall not be processed unless specific conditions are met;
Shall be obtained only for one or more specific and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or purposes;
Shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed;
Shall be adequate, and kept up to date;
Shall not be kept for longer than is necessary for that purpose;
Shall be processed in accordance with the rights of data subjects under the Act;
Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to personal data;
Shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data;
Therefore, Hillview Physiotherapy will, through appropriate management, strict application of controls and criteria;
Observe fully conditions regarding the fair collection and use of information;
Meet its legal obligations to specify the purpose for which information is used;
Collect and process appropriate information and only to the extent that it is needed to fulfil operational needs or to comply with any legal requirements;
Ensure the quality of information used;
Apply strict checks to determine the length of time information is held;
Ensure that the rights of people about whom information is held, are able to be fully exercised under the Act. (These include: the right to be informed that processing is being undertaken, the right of access to one’s personal information, the right to prevent processing in certain circumstances and the right to correct, rectify, block or erase information which is regarded as wrong information);
Take appropriate technical and organisational security measures to safeguard personal information;
Ensure that personal information is not transferred abroad without suitable safeguards.
In addition, Hillview physiotherapy will ensure that:
There is someone with specific responsibility for data protection in our organisation (Data protection Officer).
Everyone managing and handling personal information is appropriately trained to do so.
Queries about handling personal information are promptly and courteously dealt with.
A regular review and audit is made of the way personal information is managed.
Methods of handling personal information are regularly assessed and evaluated.
Performance with handling personal information are regularly assessed and evaluated.
Your Legal Rights:
Under data protection laws you have rights as follows:
The right to ask us not to process your personal data for marketing purposes.
Request access to your personal data.
Request erasure of your personal data.
Request transfer of your personal data.
Right to withdraw consent.
We do not charge for access / transfer of personal data, however we will charge delivery and reserve the right to refuse the request if it is deemed excessive or repetitive. Requests must be made in writing and proof of identity is required.
You can see more of these rights on the ICO website (https://ico.org.uk/).
If you wish to exercise any of these rights, please email us at firstname.lastname@example.org.
Our website only records the IP address of those who login in to do maintenance and upgrades, primarily Hillview Physiotherapy and our web designer. We do not record IP addresses of our website users.