Privacy Notice

This privacy notice applies to Newquay Physiotherapy’s website at www.newquayphysiotherapy.co.uk (the ‘website’). We at Newquay Physiotherapy take your privacy seriously. This notice covers the collection, processing and other use of personal data under the Data Protection Act 1998 (‘DPA’) and the General Data Protection Regulations (‘GDPR’).

For the purpose of the DPA and GDPR we are the data controller and any enquiry regarding the collection or processing of your data should be addressed to Newquay Physiotherapy, Yoshimi Spa, Wesley Yard, Newquay, TR7 1LB.

By using the website you consent to this privacy notice. We are registered with the Information Commissioner’s Office for this purpose.

General Data Protection Regulations (GDPR):

Newquay Physiotherapy collects information relating to every patient’s health and personal details. This information is classed as sensitive data and is regarded as special category data. Under the new General Data Protection Regulations (GDPR), patients of Newquay Physiotherapy have a right to know why their information is collected, for what purpose it is used and how it is kept safe. Patients also have greater rights to access the information that Newquay Physiotherapy holds.

Looking after your Personal Information:

From May 25th 2018 the General Data Protection Regulations (GDPR) will replace the existing Data Protection Act of 1998. It will bring these regulations up to date and will help to protect your personal information and data.

Our Data Protection Promise:

As ‘Data Controllers’ of your personal data, we take our role in the protection of your personal and sensitive data very seriously.  As such, we promise to:

  1. Only collect data from you that is relevant to your physiotherapy treatment
  2. Not pass on your personal data to any third-parties for marketing purposes
  3. Contact you and get your consent if we need to communicate with other health professionals (such as your doctor) about your care.
  4. Protect your personal data in a manner consistent with the requirements of the GDPR. We will use a variety of security measures such as a lockable filing cabinet for patient records, computer and mobile device password protection, data encryption and security software. This means your information is well protected from theft or unauthorised access.
  5. We maintain annual registration with the Information Commissioner’s Office, the UK’s independent body set up to uphold information rights. www.ico.org.uk
  6. We will report any unlawful breach of data as required by the GDPR within 72 hours of the breach occurring, if it is considered that there is an actual, or possibility, that data within our control including the control of our data processors, has been compromised. If the breach is classified as ‘high risk’ we will notify all data subjects concerned using an appropriate means of communication. We will report any relevant breaches to the Information Commissioner’s Office.

Your Data Protection Rights under the GDPR:

When GDPR comes into effect from the 25th May 2018 onwards, you will have the right to:

  • Access any of the information that we collect plus any other content that forms part of your patient record, including notes and expect to be able to read them and understand what they mean without expert medical knowledge
  • Know if your personal information has been forwarded to a third-party (such as a fellow healthcare professional, consultant or GP)
  • Have any invalid information about you corrected
  • Have your personal data deleted by us if you decide to switch to another physiotherapy provider
  • Prevent further use (or processing) of your information
  • Ask your physiotherapist to send you (or your new physiotherapist) your personal information in an open electronic format like a .csv file or text file
  • Request that your physiotherapist stops sending you any marketing information
  • Ensure that any profiling that is undertaken using your personal data is fair, appropriate, statistically valid and transparent
  • Expect your physiotherapist to take appropriate measures to protect your data
  • Be notified if critical information about you has been inappropriately accessed and is deemed to be a critical breach
  • Not to have your personal information transferred outside of the EU
  • Know how your personal information is being used by your physiotherapist

Information We Collect:

We will collect personal data only if it has been provided to us directly by you, the user. This information has therefore been provided to us with your consent. You will normally provide us with personal data if you are contacting us regarding the services we provide or are a patient.

Identity Information:

At the clinic we will record your full name, date of birth, address and the name of your registered doctor. These details provide us with details of your identity and residence and details of your doctor’s surgery in case we need to contact your doctor for any reason. This may be for example, to refer you for an x-ray or MRI scan.

We will also ask you for your telephone number so that we can contact you should we need to change a booked appointment.

Health Information:

We will record details of your presenting condition together with your past and current medical history and health status. These details enable us to perform a detailed and accurate physiotherapy assessment and treatment which is safe and appropriate for you. Under the GDPR Newquay Physiotherapy has a lawful and legitimate interest in any patient information and any information obtained forms part of the contractual obligation between a health professional and their patient. The information we obtain helps to ensure that we provide patients with the best treatment possible.

Electronic Information:

If you contact us via the telephone, by email or through our website, we will save any details you provide such as your name, telephone number and email address. We save these details so that we can contact you to make an appointment and in case we need to change any booked appointments. We also require your email address in case we need to email you any requested information such as a receipt for treatment or any prescribed exercises. We may also use your details to contact you regarding general information about us and our services, feedback, reviews or testimonials. We retain copies of all website enquiries together with any emails sent to us and from us as a record of communication. The basis for holding this information is as being for legitimate legal purposes or to fulfil a contractual obligation with existing patients.

Photographs:

If we ever take any photos of you in the clinic, this will only occur with your express and informed consent. We will ask for your express consent to publish any photos of you on our website or on our Facebook page. You will be given the option of opting out and if we publish any photos with your consent we will remove them if you request it. We will not provide any further personal details alongside any photos used on our website or Facebook page.

Social Media Information:

We have a Newquay Physiotherapy Facebook page. We do not collect any personal information from social media interactions although third parties may track you. You should refer to the Privacy Policy of the social media channel concerned regarding this. If you send us a direct message via Facebook, any information you provide such as your name, telephone number and email address may be collected by us in order to contact you regarding an appointment where relevant and to contact you should we need to change any booked appointments. If you send us a direct message via social media, the details may be retained by us only as relevant to any ongoing contract or to further our legitimate business interests or as required for legal purposes. The third party provider (i.e. Facebook) may also retain details in accordance with their Privacy Policy.

Search Engine and Website Activity:

We use Google Maps to show our business location on Google. We do not track your geographical location or collect any data regarding this. To find out more you should refer to the Google Maps Privacy Policy at https://privacy.google.com/intl/en-GB/your-data.html

We also use analytical and statistical tools that monitor details of your visits to our website and the resources that you access, including, but not limited to, traffic data, location data, weblogs and other communication data. This data will not identify you personally.

Website Cookies

Cookies are small files saved to the user’s computer hard drive that track, save and store information about the user’s interactions and usage of the website. This allows the website, through its server, to provide the user with a tailored experience when navigating the website. Session Cookies may be used to validate your access to different parts of the website.

Newquay Physiotherapy uses Cookies to help the business identify and track visitors, their usage of the website, and their website access preferences. Where applicable this website uses a cookie control system allowing the user on their first visit to the website to allow or disallow the use of Cookies on their computer or device. This complies with UK legislation which requires that explicit consent is given before reading files are left, or applied, on a user’s computer or device. We do not use Cookies to collect any information that identifies you personally.

Cookies may be placed on your computer or device by third parties, which are outside of the control of Newquay Physiotherapy. You should refer to the Privacy and Cookie Policies of any social media and/or channel used to link to our website.

If you accept the use of Cookies on this website, you consent to the processing of data about you by us and any third parties as identified above in accordance with this Privacy Notice. You have the right to withdraw your consent at any time by contacting Newquay Physiotherapy.

If you are uncomfortable with the use of Cookies, you can disable Cookies on your device by changing the settings in the preferences or options menu in your browser.  You can set your browser to reject or block Cookies or to tell you when a website tries to put a cookie on your device. You can also delete any Cookies that are already stored on your device.  However, please be aware that if you do delete and block all Cookies from our website, parts of the website may not fully function.

How Is This Information Used?

Information such as telephone numbers allow us to contact you if a booked appointment needs to be changed.  Your date of birth and address provide us with details of your identity and residence. This helps to specifically identify you in case we need to contact your GP, consultant or other health professional. We will ask you for the name of your GP surgery so that we know which surgery to contact should we need to communicate with your doctor. If we need to contact a GP, consultant or other health professional, this will be carried out only with your consent.

Medical details and past and current medical history allow for a detailed assessment to take place in order to help us make an accurate and clinical diagnosis. It also helps to ensure that all treatment is as safe and effective as possible for you.

Patient email addresses enable us to email you regarding appointment bookings together with any requested information such as a receipt for treatment or a written copy of any prescribed exercises. We may also use your details to contact you regarding general information about us and our services, feedback, reviews or testimonials.

We monitor website cookies, statistics and traffic data to monitor the performance of the Newquay Physiotherapy website.

We never share, sell or distribute any of your data to any third parties for marketing purposes.

How Is Your Information Stored And Kept Safe?

All appointments including the initial assessment and any follow up appointments are written and recorded on paper. All patient notes are kept in an individual A4 folder which is specific to each patient. All paper records are kept in a filing cabinet under lock and key on the clinic premises and the doors to these premises remain locked at all times when staff are not on site. Only clinic staff have access to the filing cabinet containing patient records. All notes for each patient are kept for a period of 8 years after the last treatment or date of death at which point they will be permanently and securely deleted.

In some instances, we are required to produce written documentation such as, but not exclusive to, letters to doctors, consultants and other health professionals, receipts for patients and documents such as exercise plans when patients request a written copy. Any written electronic information such as this will include a patient’s name, date of birth and address for identity purposes. All written electronic information is written in a Word document which is saved on one computer belonging to Newquay Physiotherapy. All documents are stored in an encrypted folder within a password protected Word document. The computer is password protected and has robust security measures to prevent and minimise loss of information and the risk of information theft. All information is backed up on to an external hard drive which is encrypted and kept under lock and key when not in use.

We also hold electronic and online data including your name, email address, contact telephone number, online enquiry forms and photos. Electronic data is held on a password protected computer. The computer belongs to Newquay Physiotherapy and has robust security measures in place. On this computer, electronic data is also stored within a password protected Gmail account. Only clinic staff have password access to both the computer and the email account. Electronic data is also held on one mobile device. This mobile device is password protected which only Newquay Physiotherapy staff have access to.

The transmission of information via the Internet or email is not completely secure.  Although we will do our best to protect your personal data, we cannot guarantee the security of data while you are transmitting it to our site; any such transmission is at your own risk.  Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorised access.

Users of the Newquay Physiotherapy website are advised to adopt a policy of caution before clicking on any external web links. (External links are clickable text / banner / image links to other websites). Clicking an external link will take the user away from our website. Once you leave our website or are redirected to a third-party website or application, you are no longer governed by this Privacy Policy. We cannot guarantee or verify the contents of any externally linked website and users click on external links at their own risk. Newquay Physiotherapy and its owners cannot be held liable for any damages or implications caused by visiting any external links mentioned.

When information is shared with others, for example a letter to a GP, it will either be sent via encrypted email, recorded delivery or hand delivered.

Newquay Physiotherapy will take the utmost care to ensure that your personal information is safe whilst it is under our care. In the unlikely event that this safety is compromised you will be notified immediately as will the Information Commissioner’s Office.

Who Has Access To Your Information?

Only the staff at Newquay Physiotherapy have access to your information. All staff at Newquay Physiotherapy are bound by patient confidentiality laws, the standards of conduct, performance and ethics of the Health Care Professions Council (HCPC) and the Chartered Society of Physiotherapy (CSP) code of conduct. Your information will not be shared outside Newquay Physiotherapy unless you have given consent, except when;

  • requested by law;
  • in your best interests and you are unable to give consent;
  • in the public interest to prevent serious harm to others.

How Can You Access Your Records?

You have the right to request to see the information that Newquay Physiotherapy holds about you. All requests will be answered in the time frame of one month unless you are notified of a difference to this time scale. There will be no fee for any information provided.

Requests can be made in writing to:

Newquay Physiotherapy, Yoshimi Spa, Wesley Yard, Newquay, TR7 1LB.

Alternatively, you can email us at info@newquayphysio.co.uk or you can call us on: 07984341310

In the instance where requests are excessive or unfounded, Newquay Physiotherapy has the right to refuse and/or charge for time spent. This does not affect the individual’s right to complain to the Information Commissioner’s Office to seek judicial remedy. Where a fee is deemed appropriate Newquay Physiotherapy will not comply with any requests until the fee is received.

Your Right To Amend, Restrict And Object To The Information Held.

Under the GDPR all individuals have the right to have incorrect information that is held about them amended. If this arises within the notes held by Newquay Physiotherapy the notes will become restricted, i.e not used until the issue is resolved. However, if Newquay Physiotherapy deems the information to be accurate then no amendment will be made.

You have the right to have the information we hold restricted:

  • if you contest the accuracy;
  • you need the information kept to establish, defend or exercise a legal claim;
  • you object to the information held.

In this instance all treatment will be stopped until the issue is resolved. You also have the right to object to Newquay Physiotherapy holding your personal information on grounds relating to your particular situation and as with restriction, all treatments will stop and the notes will become restricted until the issue is resolved.

How Can You Contact Us?

Should you have any concerns about your personal data, if you wish to obtain information regarding the personal data we hold about you or wish to make a complaint about the data we hold, you can contact us at:

Newquay Physiotherapy, Yoshimi Spa, Wesley Yard, Newquay, TR7 1LB.

Alternatively, you can email us at info@newquayphysio.co.uk or you can call us on: 07984341310. You can also formally report an issue of concern to the Information Commissioner’s Office, the UK body that governs Data Protection. See https://ico.org.uk

We reserve the right to amend our Privacy Notice at any time to meet the requirements of the GDPR and our role as a data controller and processor.