This policy is updated from time to time. The latest version is published on this page.
If you have any questions about this policy, please email firstname.lastname@example.org or write to: 22 Kineton Road, Upper Shirley, Southampton, Hampshire SO15 7PQ.
What is a Privacy Notice?
Under GDPR, as client of Atherley Physio Clinic, you have specific rights. To communicate these rights to you in a clear and concise manner, we are providing you with this privacy notice.
Who We Are
We are Atherley Physio Clinic, 22 Kineton Road, Upper Shirley, Southampton, Hampshire SO15 7PQ, telephone number 023 8077 2511, email address email@example.com. For the purposes of processing your personal data we are the Controller.
The Personal Data We Process and What We Do with It
We record and use the following categories of personal data which may include: name, address, telephone numbers, email address, DOB, gender, medical history, diagnosis, treatment information, health related information. This data is collected and stored for the purpose of health diagnosis and treatment and forms part of our contract to provide our services. In addition, we will only examine or treat you with your explicit consent. When booking an appointment only name, address, telephone numbers and email address are recorded. This information is used by our appointment system to send automate appointment reminders and booking confirmations.
Data collected and stored for the purpose of health diagnosis and treatment is not stored online or in digital format.
We may contact you about additional, associated services that may be of benefit to you on the basis of legitimate interest.
If you make prospective enquiries via the website or by email, we will only contact you with your explicit consent.
Sharing Your Personal Data
We only share your personal data with your explicit consent, where, for example we need to contact a medical practitioner as part of your care. Where third parties are used by us to store your personal data, we ensure they are compliant with the data protection law and any such data is not stored outside of the EU.
Retaining Your Personal Data
Whilst you are receiving treatment from our clinic we will continue to store and use your personal data. Once you have been discharged, in accordance with the records management code of practice, we are required to retain your personal data for a minimum of 8 years from your last contact with us or until you are 25 (or 26 if you are 17 when treatment ends).
If you have not received treatment, data will be retained for no longer than 6 months.
As we process your personal data, you have certain rights. These are a right of access, a right of rectification, a right of erasure and a right to restrict processing.
You may request a copy of your data at any time. Please make such a request in writing or by email to the Data Controller, whose details are shown above. Please provide the following information: your name, address, telephone number, email address and details of the information you require.
If you believe any of the personal data we hold on you is inaccurate or incomplete, please contact us directly and any necessary corrections to your data will be made without undue delay.
If you believe we should erase your data, please contact the Data Controller, whose details are shown above.
If you wish us to stop storing or using your data, please contact the Data Controller, whose details are shown above.
Where you have provided explicit consent for us to use your data you have a right to withdraw this consent at any time.
Should your personal data that we control be lost, stolen or otherwise breached, where this constitutes a high risk to your rights and freedoms, we will contact you without delay. We will give you the contact details of the Data Controller who is dealing with the breach, explain to you the nature of the breach and the steps we are taking to deal with it.
Should You Wish to Complain
You can contact the ICO via their website: www.ico.org.uk should you wish to make a complaint about the way we are processing your personal data.
Automated Decision Making and Profiling
We do not use any system which uses automated decision making or profiling in respect of your personal data.