This policy may be updated from time to time. This version was updated on 25th May 2018.
What is a Privacy Notice
Under GDPR, as a user of our website or a client of Bradley Physio you have specific rights. To communicate these rights to you in a clear and concise manner, we are providing you with this Privacy Notice.
Who We Are
Bradley Physio trades as three separate Limited Companies:
- Bradley Associates Leisure Limited T/A Bradley Physio Rochdale, 92 Edenfield Road, Rochdale, OL11 5AE, telephone number 01706 522922, email firstname.lastname@example.org.
- Bradley Physio Bury Ltd, 80 Market Street, Bury, BL8 3LJ, telephone number 01204 888788, email email@example.com
- Bradley Physio Rossendale, 207 Bacup Road, Rawtenstall, BB4 7NW, telephone number 01706 577899, email firstname.lastname@example.org
For the purposes of processing your personal data Bradley Physio is the Data Controller.
If you have any questions about this policy please contact our Data Protection Officer, Carole Waggett at 92 Edenfield Road, Rochdale, OL11 5AE, telephone number 01706 522922, email email@example.com.
The Personal Data We Process and What We Do With It
If you are a client of Bradley Physio we record and use the following categories of personal data which may include:
Name, address, date of birth, telephone numbers, email address, medical history, diagnosis, treatment information, relevant health related information, GP details, details of other healthcare professionals or companies involved in your care and credit/debit card details.
This data may be collected in a variety of ways. For example, data may be collected over the telephone when booking your appointment, on your registration form, verbally during your assessment with your therapist, by email, via a referring insurance company or through another medical practitioner involved in your care (eg: your GP/Consultant).
Data will be stored in a variety of different places, including in your paper case notes, secure storage facilities, in the organisations Practice Management Systems and in other IT systems.
Whilst under our care the legal basis for processing this data is one of consent, enabling Bradley Physio and its employees to fulfil its legal and professional obligations to provide your care.
As a user of our website we may collect your email (for example, if you make an enquiry or leave a comment on a blog post). If you make prospective enquiries or comments via our website, social media pages or email we will reply on the basis of legitimate interest.
We may contact you about additional, associated services that may be of benefit to you on the basis of legitimate interest.
Why Do We Collect This Data
If you are a client of Bradley Physio this data is collected and stored for the purpose of health diagnosis and treatment, liaison with other healthcare professionals and companies that are involved in your care, payment for these services and forms part of our contract to provide your care. In addition, we will only examine and treat you, or liaise with third parties on your behalf with your explicit consent.
Sharing Your Personal Data
If you are a client of Bradley Physio your data may be shared internally including with our team of physiotherapists and receptionists.
We may share your data with a third party where, for example, we need to contact a medical practitioner or a referring insurance company as part of your care. Where third parties are used by us to store your personal data, we ensure they are compliant with the data protection law and any such data is not stored outside of the EU.
Storing and Retaining Your Personal Data
Whilst you are a client of Bradley Physio we will continue to store and use your personal data. Bradley Physio takes the security of your data seriously and has internal policies and controls in place to try to ensure your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties.
Once you have been discharged, in accordance with the Records Management Code of Practice for Health And Social Care 2016, we are required to retain your personal data for a minimum of 8 years from your last contact with us or until you are 25 (or 26 if you are 17 when treatment ends).
If you have not received treatment, data will be kept for no longer than 6 months.
Any data stored on our website will be kept for no longer than 6 months.
As we process your personal data, you have certain rights. These are a right of access, a right of rectification, a right of erasure and a right to restrict processing.
- You may request a copy of your data at any time. Please make such a request in writing or by email to our Data Protection Officer, Carole Waggett, whose details are shown above. Please provide the following information: your name, address, telephone number, email address and details of the information you require.
- If you believe any of the personal data we hold on you is inaccurate or incomplete, please contact us directly and any necessary corrections to your data will be made without undue delay.
- If you believe we should erase your data, please contact the Data Protection Officer, whose details are shown above.
- If you wish us to stop storing or using your data, please contact the Data Processing Officer, Carole Waggett, whose details are shown above.
- Where you have provided us with explicit consent for us to use your data you have a right to withdraw this consent at any time.
Should your personal data that we control be lost, stolen or otherwise breached, where this constitutes a high risk to your rights and freedoms, we will contact you without delay. We will give you the contact details of the person who is dealing with the breach, explain to you the nature of the breach and the steps we are taking to deal with it.
Should You Wish to Complain
You can contact the ICO via their website: www.ico.org.uk should you wish to make a complaint about the way we are processing your personal data.
Automated Decision Making and Profiling
We do not use any system, including Cookies, which uses automated decision making or profiling in respect of your personal data.