Edinburgh Physiotherapy Centres Ltd (“We”, ‘The Physio Centres”) are committed to protecting and respecting the confidentiality, integrity and security of the personal information about individuals whose data we hold.
This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us, and how The Physio Centres complies with its responsibilities under applicable data protection laws, including, when and to the extent in force, the Data Protection Act 1998, the General Data Protection Regulation (Regulation (EU) 2016/679) and the Privacy and Electronic Communications Regulations 2003 (“Data Protection Laws“). Please read this policy carefully.
For the purpose of the Data Protection Laws, the data controller is Edinburgh Physiotherapy Centre Ltd of 36 Henderson Row, Edinburgh, EH3 5DN and the Data Protection Officer is Nicola Thomson-Berwick.
Personal data collection
We hold personal data about you which you provide to us in the course treatment or correspondence between you and us, or (where you are a patient or potential patient) via our patient contact forms or email correspondence.
We may collect the following information from you:
- Contact Details;
- Date of Birth;
- Medical information
- Private Medical Insurance details
- Next of Kin details
Use of personal data and legal basis for processing
All personal data we hold about you will only be used for the purposes set out below or for any other purpose specifically permitted by the Data Protection Laws or which you may authorise (which may include direct marketing, if you authorise us to do so).
If you are a patient, we may use information you provide to us to:
- Provide medical or relaxation treatment;
- Send you a copy of our email newsletter (if you agree);
- Send you details of offers and discounts on services we offer (if you agree);
- Complete Marketing and Sales analyses;
- Analyse Medical data;
- Invite you to any Physio Centre events (if you agree).
Where you provide personal information to us, we are processing it in order to perform our obligations under our agreement with you or in order to take steps at your request prior to entering into a treatment service with you.
Where you provide personal information to us, you will be asked if you consent to us adding you to our distribution list for our email newsletter and offers. If you give your consent, we are processing your information for that purpose on the basis of your consent.
Access and other rights
You may request to view or receive copies of records held about you at any point by making a request in writing to us at 36 Henderson Row, Edinburgh, EH3 5DN. This request will be responded to within 30 working days. If we require more time to respond fully to any request, we will notify you in writing within the 30-day period referred to.
You also have other rights under Data Protection Laws in relation to your personal data. In particular, you may have (i) the right to request that we rectify or erase information we hold about you in certain circumstances, (ii) the right to ask us to limit our processing of your information, (iii) the right (if we are processing information based on your consent, such as for marketing purposes) to withdraw your consent, (iv) the right to object to certain processing of your information (including the right to object to processing of your personal data for direct marketing purposes at any time), (v) the right to ask us to move, copy or transfer your personal information to another organisation. If you wish to exercise any of these rights, please contact us at 36 Henderson Row, Edinburgh, EH3 5DN.
Accuracy of personal data
The Physio Centres tries to ensure that personal data we hold about you is accurate and kept up-to-date. If you believe that any information we are holding about you is inaccurate, out-of-date or incomplete, please notify us at 36 Henderson Row, Edinburgh, EH3 5DN as soon as possible. We will promptly correct or delete any information found to be incorrect.
We have put in place what we consider to be appropriate security measures against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to, personal data.
Disclosure and sharing of your personal data
We may disclose personal data to third parties for the purposes of finance, IT, professional advice, clinical record system development/support, or for any other purposes specifically permitted by the Data Protection Laws or for any other purpose which you may authorise.
We may also disclose personal data we hold to third parties:
1. a) in the event that we have received a referral from your Private Medical Insurance Company, GP, Medical Specialist; and/or
2. b) if we are under a duty to disclose or share your personal data in order to comply with any legal obligation.
To the extent we transfer any personal data to any third party, we will only do so if that third party agrees to put in place appropriate security measures against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to, the personal data.
Retention of personal data
The Physio Centres will retain records of patients/customers for 7 years, after which they will be destroyed.
We will take all reasonable steps to destroy, or erase from our systems, all personal data which is no longer required.
Please note that you may contact us at any time at 36 Henderson Row, Edinburgh, EH3 5DN and ask for your details to be removed (please refer to the section headed “Access and other rights” above). We may not be able to continue to provide you with our services in the event you request that your details are removed. We may also refuse to destroy medical records prior to the 7-year retention period after consultation with out Practice Liability insurance provider.
We may use "cookies" from time to time on our website. Otherwise known as a type of tracking software, a cookie is a small, unique text file that is sent to your browser from a web server and stored on your computer's hard drive. Cookies will help our web site tailor the information presented to you based on your preferences by collecting information such as which areas of the web site you have visited and for how long, so the next time you visit the site, those pages may be readily accessible. Cookies will also allow us to collect statistical information such as countries of origin, search engines used, how many visitors download files and which files these were. We will also be able to study how visitors navigate around the site and this will help us manage and improve the site where necessary.
A cookie cannot read data off your hard disk or read cookie files created by other sites and cookies do not damage your system. You can choose whether to accept cookies by changing the settings on your browser so that it rejects them or notifies you when a web site tries to send you a cookie. Rejecting cookies may affect the scope of your enjoyment of a web site and may mean that some features do not operate as intended. We do not use single-pixel gif images, sometimes referred to as "web bugs" or "web beacons".
Changes to this policy
We may make changes to this data protection policy at any time. Any changes we make will be notified to you in writing.
If you have any queries about this policy or your data, or you wish to submit an access request or raise a complaint about the way your personal information has been handled, please do so in writing and address this to Nicola Thomson-Berwick at 36 Henderson Row, Edinburgh, EH3 5DN.
If you are not satisfied with our response to any queries or complaints you raise with us or believe we are not processing your personal data not in accordance with the Data Protection Laws you can complain to the Information Commissioner’s Office (https://ico.org.uk/).