- Who we are
- The information we process
- The Lawful Basis for Processing Data
- The Information We Hold
- How We Obtain Information
- Our Information Storage Systems
- Transfer of your personal data to third countries and international organisations
- How Long We Keep Your Information – Retention Periods
- Sharing with Third Parties
- Your Rights
- Marketing Information
- Withdrawing Consent
- Updating Your Information
- External Links
- Social Media
- Notices and Revisions
Who We Are
Any personal information provided to or to be gathered by C-Physio is controlled primarily by David Carter t/a C-Physio, Unit 1, Drumhill House, Clayton Lane, Clayton, Bradford, BD14 6RF.
The Organisation is registered with the Information Commissioner’s Office.
The designated Data Controller is: David Carter
Our Data Processors include: Our Administration Team, Physiotherapists
The Information We Process
We use the personal information you give us to provide health services, maintain our accounts and records, carry out our obligations arising from any contracts entered into between you and us, notify you about any changes to our service, enhance the security of our network and information systems, better understand how people interact with our website, improve our website, determine the effectiveness of our promotional campaigns and marketing, promote our services, manage our employees, enhance, modify, personalise or otherwise improve our services and communications for the benefit of you and/or our customers and communicate with you.
We will communicate with you about your appointments, our products and services, update our records, advise you on applicable offers, and generally maintain your accounts with us. We also display content such as customer reviews and may recommend businesses and services that might be of interest to you. When contacting you for the above purposes we may do so by phone, post, email, or other electronic means, unless you tell us otherwise.
We also use sensitive information that you provide for such purposes as creating appropriate treatment plans, carrying out appropriate assessment and treatment, providing you with exercise plans and responding to your requests.
From time to time, your individual physiotherapist may be required to discuss your personal and sensitive information with other C-Physio staff to provide you with the best possible service and care.
We receive and store personal information you enter on our website or give us in any other way. You can choose not to provide certain information, but this might mean you miss out on many of our features or it may affect the quality of the care that we can provide to you.
The Lawful Basis for Processing Data
As Physiotherapists, we have a legal obligation to accurately record and store the data we process about individuals that are classified as patients, as determined by the Health and Care Professions Council (HCPC) and the Chartered Society of Physiotherapy (CSP).
In the event that you request goods, services and/or information from us that is not covered by a legal obligation, we will rely on our contractual relationship with you to process your data.
For individuals that do not require us to process personal information under a legal or contractual obligation, the most appropriate lawful ground for processing of your data is our legitimate interests.
In certain circumstances we may also rely on a specific consent provided by you for the processing of your personal data.
The Information We Hold
At C-Physio we will record and store a wide variety of personal and sensitive information to ensure we can fulfil our legal and contractual obligations. The information we gather may include, but not be limited to:
- Personal Details
- Family Details
- Medical Records
- Identifiable Information
- Medical History
- Employment Status
- Social Activities
- Treatment Plans
- Treatment Records
- Consent to Assessment and Treatment
- Authorisation to disclose medical records to designated healthcare professionals and insurance companies
- Contractual Agreements
How We Obtain Information
We gather information from a wide variety of sources including, but not limited to:
- You, the patient/client
- From your interactions between administrative staff and physiotherapists
- Entering your details into our online booking system
- Your physiotherapist – Treatment notes and professional decision making processes
- Health Insurance Companies
- Your GP
- Your Consultant or Medical Professional
- Other Healthcare Porfessionals
- Your Relatives
- Case Managers
- Care Workers
- Your Web Browser
- Filling in forms on our website or at exhibitions or events, including information provided at that time to register for competitions, subscribing to our services, posting material or requesting further information.
- If you contact us, we may keep a record of that correspondence
- We may also ask you to complete surveys from time to time that we use for research purposes, although you do not have to respond to them.
- Details of your visits to our website and emails received including, but not limited to traffic data, location data, web logs and other communication data
Our Information Storage Systems
The information we hold about you is kept in a number of ways and locations. It is updated either manually or automatically depending on the way it is updated.
- Paper Medical Records – These records are created by your physiotherapist on paper. They are kept on site at the clinic you have been treated at most recently in a locked filing cabinet. Any updates you make will be manually recorded.
- Cliniko – We use a practice management system called Cliniko. It is a cloud-based system that can be accessed by your physiotherapist and administration staff as requested by C-Physio. Each person that can access the system has their own username and password for security. Your details are manually inputted from your paper medical records, or automatically updated with any details you input using our online booking system.
- Mailchimp – We use an email delivery service to deliver information to you about our services, offers and news. Personally identifiable information is only accessible to people within C-Physio with the relevant username and password to access the system. This integrates with our Cliniko system to update your records automatically.
- Xero – To maintain our accounts, we use an accounting package. This integrates with our Cliniko system to update your records automatically. Errors are identified by email notification and manually updated.
- Message Books – Telephone messages are written down in a message book. This may include personal data about you. Message books are stored in a locked cabinet when staff are not present. Information you provide that is taken down in a message book is used to update your paper record and Cliniko.
- Email System – MS Outlook – Email Host
- GoCardless – Direct Debit Management System
- Directli (GoCardless for Xero) – Links GoCardless and Xero
Transfer of your personal data to third countries and international organisations
We use international organisations to enable the processing of personal data, who provide systems essential to the running of our business and providing our services.
We will only transfer your personal information using these systems if the European Commission has decided that the country or organisation we are sharing your information with will protect your information adequately. We will also ensure we are satisfied that these organisations and countries have policies in place to ensure your information is adequately protected in line with the appropriate Data Protection Legislation.
How Long We Keep Your Information – Retention Periods
We have a legal responsibility to hold medical information we gather for a period of 8 years following the conclusion of your treatment or after your death.
Personal Information that has been collected in relation to our contractual obligations will be held for a period of 6 years.
Other personal information will only be retained for as long as we believe it is up-to-date.
Sharing with Third Parties
Information about our patients/clients/members is confidential. It is an important part of our business and we are not in the business of selling it to others.
We will not share your information with anyone outside C-Physio except:
- Where we have your permission
- With your Health or Medicolegal Insurance Company when it is required to provide funding or with your permission to provide details related to your medical condition
- With your GP if required to provide appropriate medical support
- With other healthcare professionals if required to provide appropriate medical support
- Where we are required by law and by law enforcement agencies, judicial bodies, government entities, tax authorities or regulatory bodies around the world.
- In anonymised form as statistics and other aggregated data shared with third parties, for example as part of research projects.
At C-Physio we want to ensure you are aware of your rights in relation to the personal information we collect and process about you.
Please note that in some cases, if you do not agree to the way we process your information, it may not be possible for us to continue to provide you with our services.
Your Rights include:
- The right of access
You have a right to access personal data held about you. This includes the right to obtain confirmation on whether we are processing any of your personal data, obtain a copy of the data we hold about you, or know more about the way we use your data.
- The right to rectification
You have the right to rectify inaccurate personal information and to update incomplete personal information about you. If you believe that the information we hold about you is inaccurate, you have the right to request that we restrict the processing of that information and to rectify the inaccurate information.
- The right to erasure
You have a right to request that we delete your personal information. You may request that we delete your personal information if you believe that: we no longer need to process your information for the purposes for which it was provided; we have requested your permission to process your personal information and you wish to withdraw your consent; or we are not using your personal information in a lawful manner. In some circumstances we may not be able to delete your data for legal or contractual obligations.
- The right to restrict processing
You have a right to request that we restrict the processing of your personal information. You may request us to restrict processing your personal information if you believe that: any of the information that we hold about you is inaccurate; we no longer need to process your information for the purposes for which it was provided, but you require the information to establish, exercise or defend legal claims; or we are not using your information in a lawful manner.
- The right to data portability
You have a right to data portability. Where we have requested your permission to process your personal information or you have provided us with information for the purposes of entering into a contract with us, you have a right to receive the personal information we hold electronically that you provided to us in a portable format. You may also request us to provide it directly to a third party, if technically feasible. We’re not responsible for any such third party’s use of your personal information, which will be governed by their agreement with you and any privacy statement they provide to you.
- The right to object
You have a right to object to the processing of your personal information. This relates to information we process under legitimate interests, unless we can provide compelling and legitimate grounds for the processing, which may override your own interests, or where we need to process your information to investigate and protect us or others from legal claims.
You have the absolute right to object to us processing your personal information for direct marketing at any time. Unless you have told us not to, we will send you marketing information relating to products and services that we think will be of interest and relevant to you. If you no longer want to receive these communications you can tell us at any time by contacting us on the details above, or using the links provided in direct marketing emails.
You have a right to withdraw your consent. Where we rely on your consent to process personal information, you have a right to withdraw your consent at any time. We will always make it clear where we need your permission to undertake specific processing activities.
You have a right to lodge a complaint with the regulator. If you are unhappy about the way we have used your personal information or the way we have dealt with any request you have made under your rights, please contact our Data Protection Officer who will investigate the matter. We hope this will rectify the situation to your satisfaction, but if you are still unhappy, you can contact the Information Commisioner’s Office (ICO). For more information, visit www.ico.org.uk.
Updating Your Information
To update the information we hold about you, you may do one of the following:
Please visit us at the clinic to update any of your details in person. Clinical information may require you to see a physiotherapist before your clinical record can be updated.
You can update your address or email address by email. You may also request changes or cancellations to your appointments by email using the email address we hold on our Cliniko system for you. Please therefore ensure the email address you provide is up to date. If you would like to send us clinical information, you can do this but unfortunately we cannot guarantee the safety of this email during its journey to us.
Phone: 01274 270450
You can update any of your details over the phone, but we may require you to provide additional information to confirm your identity before we can make certain changes.
Clients under the age of 18 must be accompanied by a parent or guardian that can take responsibility for their care. Consent for all treatment plans must be given by both the client and parent or guardian to allow us to treat the individual.
We will contact you for a number of reasons, and in a variety of ways. Below we have included some, but not necessarily all, of the communication channels that may be used between us and you.
If you would like to stop a particular type of communication, please contact us.
Appointment Confirmation and Reminders
We have several automated communications that allow us to continue to provide effective services to you. Automated appointment confirmations and reminders and text reminders are automatically sent out using the details you have provided to us to reduce the risk of forgetting your appointment. You may opt out of these essential communications but you may be at risk of incurring cancellation or missed appointment fees as a result.
We use three forms of email systems to communicate with our patients.
Individual Emails – We use Microsoft Outlook to communicate individual information related specifically to you that is not part of our automatic appointment email communication
Practice Management Email Communication – We use the email system in our practice management software to generate automatic email appointment confirmations, automatic email appointment reminders and communicate information generated within our practice management system, such as letters or accounts information to communicate this information with you. It is an essential part of our business to make these communications with you.
Marketing Emails – We use a bulk email system to send out marketing and promotional emails to the clients on our list, and to respond automatically. Your email address will be automatically added when you sign up on our website or book an appointment with us. To remove yourself from bulk emails, please use the link in the email to update your email preferences.
Automatic Information received by us via our website and email communications
We receive and store certain types of information whenever you interact with us. For example, like many websites, we use "cookies" and we obtain certain types of information when your Web browser accesses C-Physio. A number of companies offer utilities designed to help you visit websites anonymously. Although we will not be able to provide you with a personalised experience at C-Physio if we cannot recognise you, we want you to be aware that these tools exist.
To help us make e-mails more useful and interesting we often receive a confirmation when you open e-mail from C-Physio, if your computer supports such capabilities. If you do not want to receive e-mail or other mail from us, please let us know by using the link on your email to update your email preferences.
Read more about Cookies … (provide a link to cookie page with info in italics)
Cookies are small text files that websites put on your computer whilst you are browsing. Cookies are used for many different purposes.
For example they can:
- help search engines remember that you want your search results in English
- help a website remember your preferences so that you don’t need to customise it every time;
- help a website to deliver a better service by showing you the content most relevant to you
- identify and resolve errors so that the site is improved for everybody
- analyse how well a website is performing
The most common function of cookies is to remember pieces of information that help make browsing the web easier and more hassle-free for you.
An example of a cookie
- Name: SomeCookie
- Value: 1234a5b678c9
- Domain: www.yourwebsite.co.uk
- Expires: 13th September 2015
The cookie explained
- Name = The name of the cookie
- Value = The piece of information that the cookie is created to store
- Domain = The website where the cookie is used
- Expires = The date when the cookie will be deleted from your web browser
All modern browsers have tools to help you delete or block cookies but it is important to remember that many websites need cookies in order to function properly. By deleting or blocking cookies you could also block certain personalised features and you may not be able to take full advantage of some of the website's features.
Although this website only aims to include quality, safe and relevant external links, users are advised adopt a policy of caution before clicking any external web links mentioned throughout this site.
C-Physio cannot and does not guarantee or verify the contents of any externally linked website. You therefore click on external links at your own risk and C-Physio cannot be held liable for any damages or implications caused by visiting any external links on this Site.
Communication, engagement and actions taken through external social media platforms that this website and its owners participate on are custom to the terms and conditions as well as the privacy policies held with each social media platform respectively.
Users are advised to use social media platforms wisely and communicate/engage upon them with due care and caution in regard to their own privacy and personal details. C-Physio will never ask for personal or sensitive information through social media platforms and we encourage users wishing to discuss sensitive details to contact us through our primary communication channels i.e telephone or email.
This website may use social sharing buttons which help share web content directly from web pages to the social media platform in question. Users are advised before using such social sharing buttons that they do so at their own discretion and note that the social media platform may track and save your request to share a web page respectively through your social media platform account.
C-Physio is committed to ensuring that your information is processed and kept securely with us and the third parties that act on our behalf.
Notices and Revisions
If you have any worries about privacy at C-Physio please e-mail us a thorough description of your concerns and we will try to resolve the issue for you. Our business changes constantly and our Privacy Notice and the Terms & Conditions will also change. Please check our website frequently to note any recent changes.