Contents

• Who we are
• The information we process
• The Lawful Basis for Processing Data
• The Information We Hold
• How We Obtain Information
• Our Information Storage Systems
• Transfer of your personal data to third countries and international organisations
• How Long We Keep Your Information – Retention Periods
• Sharing with Third Parties
• Your Rights
• Marketing Information
• Withdrawing Consent
• Complaints
• Updating Your Information
• Children
• Communications
• External Links
• Social Media
• Security
• Notices and Revisions

At C-Physio we know how important your personal information is and we appreciate your trust in us to use and share that information carefully and sensibly.  This notice describes the privacy policy of C-Physio. By undertaking sessions at C-Physio, visiting our website or entering details into our website, you are accepting and consenting to the practices described in this privacy notice.

Who We Are

Any personal information provided to or to be gathered by C-Physio is controlled primarily by David Carter t/a C-Physio, Unit 1, Drumhill House, Clayton Lane, Clayton, Bradford, BD14 6RF.

The Organisation is registered with the Information Commissioner’s Office.

The designated Data Controller is:     David Carter

Our Data Processors include:            Our Administration Team, Physiotherapists

The Information We Process

We use the personal information you give us to provide health services, maintain our accounts and records, carry out our obligations arising from any contracts entered into between you and us, notify you about any changes to our service, enhance the security of our network and information systems, better understand how people interact with our website, improve our website, determine the effectiveness of our promotional campaigns and marketing, promote our services, manage our employees, enhance, modify, personalise or otherwise improve our services and communications for the benefit of you and/or our customers and communicate with you.

We will communicate with you about your appointments, our products and services, update our records, advise you on applicable offers, and generally maintain your accounts with us. We also display content such as customer reviews and may recommend businesses and services that might be of interest to you. When contacting you for the above purposes we may do so by phone, post, email, or other electronic means, unless you tell us otherwise.

We also use sensitive information that you provide for such purposes as creating appropriate treatment plans, carrying out appropriate assessment and treatment, providing you with exercise plans and responding to your requests.

From time to time, your individual physiotherapist may be required to discuss your personal and sensitive information with other C-Physio staff to provide you with the best possible service and care.

We receive and store personal information you enter on our website or give us in any other way. You can choose not to provide certain information, but this might mean you miss out on many of our features or it may affect the quality of the care that we can provide to you.

The Lawful Basis for Processing Data

As Physiotherapists, we have a legal obligation to accurately record and store the data we process about individuals that are classified as patients, as determined by the Health and Care Professions Council (HCPC) and the Chartered Society of Physiotherapy (CSP).

In the event that you request goods, services and/or information from us that is not covered by a legal obligation, we will rely on our contractual relationship with you to process your data.

For individuals that do not require us to process personal information under a legal or contractual obligation, the most appropriate lawful ground for processing of your data is our legitimate interests.

In certain circumstances we may also rely on a specific consent provided by you for the processing of your personal data.

The Information We Hold

At C-Physio we will record and store a wide variety of personal and sensitive information to ensure we can fulfil our legal and contractual obligations. The information we gather may include, but not be limited to:

• Personal Details
• Family Details
• Medical Records
• Identifiable Information
• Medical History
• Employment Status
• Social Activities
• Treatment Plans
• Treatment Records
• Preferences
• Consent to Assessment and Treatment
• Authorisation to disclose medical records to designated healthcare professionals and insurance companies
• Contractual Agreements

How We Obtain Information

We gather information from a wide variety of sources including, but not limited to:

• You, the patient/client
  • From your interactions between administrative staff and physiotherapists
  • Entering your details into our online booking system
• Your physiotherapist – Treatment notes and professional decision making processes
• Health Insurance Companies
• Your GP
• Your Consultant or Medical Professional
• Other Healthcare Porfessionals
• Your Relatives
• Case Managers
• Care Workers
• Your Web Browser
• Filling in forms on our website or at exhibitions or events, including information provided at that time to register for competitions, subscribing to our services, posting material or requesting further information.
• If you contact us, we may keep a record of that correspondence
• We may also ask you to complete surveys from time to time that we use for research purposes, although you do not have to respond to them.
• Details of your visits to our website and emails received including, but not limited to traffic data, location data, web logs and other communication data

Our Information Storage Systems

The information we hold about you is kept in a number of ways and locations. It is updated either manually or automatically depending on the way it is updated.

• Paper Medical Records – These records are created by your physiotherapist on paper. They are kept on site at the clinic you have been treated at most recently in a locked filing cabinet. Any updates you make will be manually recorded.
• Cliniko – We use a practice management system called Cliniko. It is a cloud-based system that can be accessed by your physiotherapist and administration staff as requested by C-Physio. Each person that can access the system has their own username and password for security. Your details are manually inputted from your paper medical records, or automatically updated with any details you input using our online booking system.
• Mailchimp – We use an email delivery service to deliver information to you about our services, offers and news. Personally identifiable information is only accessible to people within C-Physio with the relevant username and password to access the system. This integrates with our Cliniko system to update your records automatically.
• Xero – To maintain our accounts, we use an accounting package. This integrates with our Cliniko system to update your records automatically. Errors are identified by email notification and manually updated.
• Message Books – Telephone messages are written down in a message book. This may include personal data about you. Message books are stored in a locked cabinet when staff are not present. Information you provide that is taken down in a message book is used to update your paper record and Cliniko.
• Email System – MS Outlook – Email Host
• GoCardless – Direct Debit Management System
• Directli (GoCardless for Xero) – Links GoCardless and Xero

Transfer of your personal data to third countries and international organisations

We use international organisations to enable the processing of personal data, who provide systems essential to the running of our business and providing our services.

We will only transfer your personal information using these systems if the European Commission has decided that the country or organisation we are sharing your information with will protect your information adequately. We will also ensure we are satisfied that these organisations and countries have policies in place to ensure your information is adequately protected in line with the appropriate Data Protection Legislation.

If you would like more information regarding the privacy policy of these third parties, please send us an email to This email address is being protected from spambots. You need JavaScript enabled to view it..

How Long We Keep Your Information – Retention Periods

We have a legal responsibility to hold medical information we gather for a period of 8 years following the conclusion of your treatment or after your death.

Personal Information that has been collected in relation to our contractual obligations will be held for a period of 6 years.

Other personal information will only be retained for as long as we believe it is up-to-date.

If you would like us to remove data that is not protected by our legal or contractual obligations, then all you need to do is ask. If you would like us to remove your data from our records, please email This email address is being protected from spambots. You need JavaScript enabled to view it.. 

Sharing with Third Parties

Information about our patients/clients/members is confidential. It is an important part of our business and we are not in the business of selling it to others.

We will not share your information with anyone outside C-Physio except:

• Where we have your permission
• With your Health or Medicolegal Insurance Company when it is required to provide funding or with your permission to provide details related to your medical condition
• With your GP if required to provide appropriate medical support
• With other healthcare professionals if required to provide appropriate medical support
• Where we are required by law and by law enforcement agencies, judicial bodies, government entities, tax authorities or regulatory bodies around the world.
• In anonymised form as statistics and other aggregated data shared with third parties, for example as part of research projects.

Your Rights

At C-Physio we want to ensure you are aware of your rights in relation to the personal information we collect and process about you.

If you wish to exercise any of the rights detailed below, if you have a query in relation to the way we use your personal information, or if you wish to complain to our Data Protection Officer, please call 01274 270450, email us at This email address is being protected from spambots. You need JavaScript enabled to view it..

Please note that in some cases, if you do not agree to the way we process your information, it may not be possible for us to continue to provide you with our services.

Your Rights include:

• The right of access
  You have a right to access personal data held about you. This includes the right to obtain confirmation on whether we are processing any of your personal data, obtain a copy of the data we hold about you, or know more about the way we use your data.
• The right to rectification
  You have the right to rectify inaccurate personal information and to update incomplete personal information about you. If you believe that the information we hold about you is inaccurate, you have the right to request that we restrict the processing of that information and to rectify the inaccurate information.
• The right to erasure
  You have a right to request that we delete your personal information. You may request that we delete your personal information if you believe that: we no longer need to process your information for the purposes for which it was provided; we have requested your permission to process your personal information and you wish to withdraw your consent; or we are not using your personal information in a lawful manner. In some circumstances we may not be able to delete your data for legal or contractual obligations.
• The right to restrict processing
  You have a right to request that we restrict the processing of your personal information. You may request us to restrict processing your personal information if you believe that: any of the information that we hold about you is inaccurate; we no longer need to process your information for the purposes for which it was provided, but you require the information to establish, exercise or defend legal claims; or we are not using your information in a lawful manner.
• The right to data portability
  You have a right to data portability. Where we have requested your permission to process your personal information or you have provided us with information for the purposes of entering into a contract with us, you have a right to receive the personal information we hold electronically that you provided to us in a portable format. You may also request us to provide it directly to a third party, if technically feasible. We’re not responsible for any such third party’s use of your personal information, which will be governed by their agreement with you and any privacy statement they provide to you.
• The right to object
  You have a right to object to the processing of your personal information. This relates to information we process under legitimate interests, unless we can provide compelling and legitimate grounds for the processing, which may override your own interests, or where we need to process your information to investigate and protect us or others from legal claims.

Marketing Information

You have the absolute right to object to us processing your personal information for direct marketing at any time. Unless you have told us not to, we will send you marketing information relating to products and services that we think will be of interest and relevant to you. If you no longer want to receive these communications you can tell us at any time by contacting us on the details above, or using the links provided in direct marketing emails.

Withdrawing Consent
You have a right to withdraw your consent. Where we rely on your consent to process personal information, you have a right to withdraw your consent at any time. We will always make it clear where we need your permission to undertake specific processing activities.

Complaints
You have a right to lodge a complaint with the regulator. If you are unhappy about the way we have used your personal information or the way we have dealt with any request you have made under your rights, please contact our Data Protection Officer who will investigate the matter. We hope this will rectify the situation to your satisfaction, but if you are still unhappy, you can contact the Information Commisioner’s Office (ICO). For more information, visit www.ico.org.uk.

Updating Your Information

To update the information we hold about you, you may do one of the following:

In Person:

Please visit us at the clinic to update any of your details in person. Clinical information may require you to see a physiotherapist before your clinical record can be updated.

Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

You can update your address or email address by email. You may also request changes or cancellations to your appointments by email using the email address we hold on our Cliniko system for you. Please therefore ensure the email address you provide is up to date. If you would like to send us clinical information, you can do this but unfortunately we cannot guarantee the safety of this email during its journey to us.

Phone: 01274 270450

You can update any of your details over the phone, but we may require you to provide additional information to confirm your identity before we can make certain changes.

Children

Clients under the age of 18 must be accompanied by a parent or guardian that can take responsibility for their care. Consent for all treatment plans must be given by both the client and parent or guardian to allow us to treat the individual.

If you or your child do not wish to receive emails or other communications from us please let us know by contacting 01274 270450 or email This email address is being protected from spambots. You need JavaScript enabled to view it..

Communications

We will contact you for a number of reasons, and in a variety of ways. Below we have included some, but not necessarily all, of the communication channels that may be used between us and you.

If you would like to stop a particular type of communication, please contact us.

Automatic Communications:

Appointment Confirmation and Reminders

We have several automated communications that allow us to continue to provide effective services to you. Automated appointment confirmations and reminders and text reminders are automatically sent out using the details you have provided to us to reduce the risk of forgetting your appointment. You may opt out of these essential communications but you may be at risk of incurring cancellation or missed appointment fees as a result.

Email Messaging

We use three forms of email systems to communicate with our patients.

Individual Emails – We use Microsoft Outlook to communicate individual information related specifically to you that is not part of our automatic appointment email communication

Practice Management Email Communication – We use the email system in our practice management software to generate automatic email appointment confirmations, automatic email appointment reminders and communicate information generated within our practice management system, such as letters or accounts information to communicate this information with you. It is an essential part of our business to make these communications with you.

Marketing Emails – We use a bulk email system to send out marketing and promotional emails to the clients on our list, and to respond automatically. Your email address will be automatically added when you sign up on our website or book an appointment with us. To remove yourself from bulk emails, please use the link in the email to update your email preferences.

Automatic Information received by us via our website and email communications
We receive and store certain types of information whenever you interact with us. For example, like many websites, we use "cookies" and we obtain certain types of information when your Web browser accesses C-Physio. A number of companies offer utilities designed to help you visit websites anonymously. Although we will not be able to provide you with a personalised experience at C-Physio if we cannot recognise you, we want you to be aware that these tools exist.

E-mail Communications:
To help us make e-mails more useful and interesting we often receive a confirmation when you open e-mail from C-Physio, if your computer supports such capabilities. If you do not want to receive e-mail or other mail from us, please let us know by using the link on your email to update your email preferences.

Read more about Cookies … (provide a link to cookie page with info in italics)

Cookies are small text files that websites put on your computer whilst you are browsing. Cookies are used for many different purposes.

For example they can:

• help search engines remember that you want your search results in English
• help a website remember your preferences so that you don’t need to customise it every time;
• help a website to deliver a better service by showing you the content most relevant to you
• identify and resolve errors so that the site is improved for everybody
• analyse how well a website is performing

The most common function of cookies is to remember pieces of information that help make browsing the web easier and more hassle-free for you.

An example of a cookie

• Name: SomeCookie
• Value: 1234a5b678c9
• Domain: www.yourwebsite.co.uk
• Expires: 13th September 2015

The cookie explained

• Name = The name of the cookie
• Value = The piece of information that the cookie is created to store
• Domain = The website where the cookie is used
• Expires = The date when the cookie will be deleted from your web browser

All modern browsers have tools to help you delete or block cookies but it is important to remember that many websites need cookies in order to function properly. By deleting or blocking cookies you could also block certain personalised features and you may not be able to take full advantage of some of the website's features.

External Links

Although this website only aims to include quality, safe and relevant external links, users are advised adopt a policy of caution before clicking any external web links mentioned throughout this site.

C-Physio cannot and does not guarantee or verify the contents of any externally linked website. You therefore click on external links at your own risk and C-Physio cannot be held liable for any damages or implications caused by visiting any external links on this Site.

Social Media

Communication, engagement and actions taken through external social media platforms that this website and its owners participate on are custom to the terms and conditions as well as the privacy policies held with each social media platform respectively.

Users are advised to use social media platforms wisely and communicate/engage upon them with due care and caution in regard to their own privacy and personal details. C-Physio will never ask for personal or sensitive information through social media platforms and we encourage users wishing to discuss sensitive details to contact us through our primary communication channels i.e telephone or email.

This website may use social sharing buttons which help share web content directly from web pages to the social media platform in question. Users are advised before using such social sharing buttons that they do so at their own discretion and note that the social media platform may track and save your request to share a web page respectively through your social media platform account.

Security

C-Physio is committed to ensuring that your information is processed and kept securely with us and the third parties that act on our behalf.

Notices and Revisions

If you have any worries about privacy at C-Physio please e-mail us a thorough description of your concerns and we will try to resolve the issue for you. Our business changes constantly and our Privacy Notice and the Terms & Conditions will also change. Please check our website frequently to note any recent changes.