This Policy is designed to help you understand what kind of information we collect in connection with our services and how we will process and use this information. In the course of providing you with services we will collect and process information that is commonly known as personal data. This Policy describes how we collect, use, share, retain and safeguard personal data. It sets out your individual rights; these rights include your right to know what data is held about you, how this data is processed and how you can place restrictions on the use of your data.

What is personal data?

Personal data includes an individual’s name, age/date of birth, gender and contact details e.g. address/email/telephone number. Personal data may contain information which is known as special categories of personal data. This may be information relating to and not limited to, an individual’s health, GP/other professional details, family, lifestyle or social circumstance, racial or ethnic origin, political opinions, religious or philosophical beliefs and data relating to sexual orientation. Personal information may include ’criminal offences’ if applicable. For the purposes of safeguarding and processing criminal conviction and offence data responsibly, this data is treated in the same manner as special categories of personal data, where we are legally required to comply with specific data processing requirements.

Who we are

Specialised Physio is run by a self-employed neuro physiotherapist, working as a sole trader. You can find out more on our website www.specialisedphysio.com or by contacting us.

Name: Specialised Physio at Home

Phone Number:02087151365

E-mail: annakharin@specialisedphysio.com

Personal information that we collect

For Specialised Physio at Home to provide assessment and exercise sessions as part of a physiotherapy service we will collect and process sensitive personal data about you, such as your name, address, date of birth, medical history, details of your medical condition and how it affects you, and the details of your next of kin as an emergency contact. Most of the personal information we process is provided to us directly by you to allow us to make a risk assessment for your safety and suitability to participate in therapy. We will also collect your personal information when you request information about our services. Where you disclose the personal data of other people, you must ensure you are entitled to do so.

We use the information you have given to us to offer consultation, advice, assessment and physiotherapeutic treatment, and to keep a record of your personal and health related details to ensure your safety in every session you subsequently attend. We will use this data to respond to any requests from you about services we provide and any complaints made. We also have a legitimate interest in good governance and auditing business operations.This data will only be seen by physiotherapists treating you under Specialised Physio at Home. The next of kin emergency contact details will only be used in the event of an adverse incident during assessment or a session.

We will share your personal data with your knowledge and consent with other appropriate professionals if applicable and appropriate e.g. GP, other medical professionals, medical insurance companies, solicitors. We will share information with other professionals e.g. GP and the police if you disclose any risk to yourself or others and this may be without your consent.

We may collect your personal data when you visit our website, where we may collect your unique online electronic identifier; this is commonly known as an IP address. We will also collect electronic personal data when you first visit our website where we will place a small text file that is commonly known as a cookie on your computer. Cookies are used to identify visitors and to simplify accessibility, and to monitor visitor behaviour when viewing website content, navigating our website.

Where we collect data directly from you, we are considered to be the controller of that data i.e. we are the data controller. Medical insurance companies also process your data, these parties are known as processors of your personal data. Where there are other parties involved in treatment they may also process your data in which circumstance we will be a joint data controller of your personal data. A data ‘controller’ means the individual or organisation which, alone or jointly with others, determines the purposes and means of the processing of personal data. A data ‘processor’ means the individual or organisation, which processes personal data on behalf of the controller. As a provider of services, we will process the following categories of data: Personal data such as an individual’s name, address, date of birth, gender, contact details and special categories of personal data such as health. If you object to the collection, sharing and use of your personal data we may be unable to provide you with our services.

Storing your data

We will retain your personal data at the end of our treatment contractual agreement for a further 8 years. This data will be retained for the protection of you and the service and is required by professional liability insurance Terms and Conditions. We store personal information on secure servers that are managed by us, and occasionally hard copy files that are kept in a secure location. Personal information that we store or transmit is protected by security and access controls, including two-factor authentication, and data encryption where appropriate. The records shall be kept for at least 8 years following the last occasion on which treatment was given After this retention period data will be securely deleted.

Where you have requested information only or contacted us for details of our services, and where this does not progress to assessment and or treatment and we do not have any contracts with you, we will retain your personal data for a period of 18 months. Where you make a complaint we will retain the data for 10 years. Where you or law enforcement agencies inform us about any active investigation or potential criminal prosecution, we will comply with legal requirements when retaining this data. The retaining of data is necessary where required for contractual, legal or regulatory purposes. Sometimes we may need to retain your data for longer, for example if we are defending ourselves in a legal dispute or as required by law or where evidence exists that a future dispute may occur.

Your data protection rights

Individuals are provided with legal rights governing the use of their personal data. These grant individuals the right to understand what personal data relating to them is held, for what purpose, how it is collected and used, with whom it is shared, where it is located, to object to its processing, to have the data corrected if inaccurate, to take copies of the data and to place restrictions on its processing. Individuals can also request the deletion of their personal data.

Under data protection law, you have rights including:

Your right of access - You have the right to ask us for copies of your personal information.

Your right to rectification - You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.

Your right to restriction of processing - You have the right to ask us to restrict the processing of your information in certain circumstances.

Your right to object to processing - You have the right to object to the processing of your personal data in certain circumstances.

Your right to data portability - You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Please contact us at annakharin@specialisedphysio.com if you wish to make a request.

Protecting your data

We will take all appropriate technical steps to protect the confidentiality, integrity, availability and authenticity of your data, including when sharing your data with authorised third parties. All electronic data is encrypted with restricted access, and all computers are password protected. 123 reg is our encrypted email service. Wherever possible we use pseudonymisation and encryption when communicating with you and authorised third parties. Mobile phones that hold your telephone number are anonymised and a secure PIN protects the phone and information. We remove details from the phone when there is no longer a reason to retain it. If lost the phone can be remotely erased. We will share your information in an emergency that would protect your vital interests. If there is a breach we inform you and the Information Commissioner's Office (ICO) within 72 hours.

How to complain

If you are dissatisfied with any aspect of the way in which we process your personal data please contact us via email at annakharin@specialisedphysio.com. You also have the right to complain to the UK’s data protection supervisory authority, the Information Commissioner’s Office (ICO). The ICO may be contacted via its website, or by calling their helpline on 0303 123 1113.

Contact us

If you have any questions regarding this policy, the use of your data and your Individual Rights, please contact us via email at annakharin@specialisedphysio.com.