Privacy Policy May 2018
Scope
This document refers to personal data, which is defined as information concerning any living person (a natural person who hereafter will be called the Data Subject) that is not already in the public domain.
The General Data Protection Regulation (GDPR), which is EU-wide, and far more extensive than its predecessor the Data Protection Act, along with the Privacy and Electronic Communications Regulations (PECR), seek to protect and enhance the rights of EU Data Subjects. These rights cover the safeguarding of personal data, protection against the unlawful processing of personal data and the unrestricted movement of personal data within the EU and its storage within the EEA.
Bradford's Veterinary Physiotherapy and Bradford's Physiotherapy, based at Open Space Business Centre, Willow End Park, Blackmore Park Road, Malvern, WR13 6NN
Personal Data
Bradford's collect personal information about our clients and former clients for the purpose of performing physiotherapy services and any follow up services that may be required.
The information that we collect from you may include your name, email address, telephone number, mobile telephone number, postal address, insurance details, medical details (for human physio services) and information from your vet (for animal physio services).
We may also receive the above personal information about you from external sources such as vets, doctors, or insurers where that information is necessary to carry out the physiotherapy services received from Bradford's.
This data is always held securely and is only shared with paraprofessionals to keep them informed of progress and changes in treatment. For data storage purposes your data may be handled by admin staff who have all signed an integrity and confidentiality agreement. When you agreed to treatment by Bradford's you agreed to give your explicit consent to allow the Physiotherapists to document and process your personal data. Contact details provided by you, such as telephone number, email address, postal address may be used to remind you of future appointments and provide reports or other information regarding treatment. There may be circumstances related to treatment, on-going care or medical diagnosis that will require the sharing of the records with other paraprofessionals and/or insurance companies. Where this is required, we will request your written permission first, unless we are under a legal obligation to comply.
In addition, we may use your personal information for the following reasons; the legal basis for these uses is set out next to each use:
1) To manage our business – this is in our legitimate interests as it furthers our aims and objectives.
2) To manage any complaints, feedback and queries received from clients – this is in our legitimate interests as it allows us to provide the service expected by our clients.
3) To send you marketing materials about Bradford's Veterinary Physiotherapy and Bradford's Physiotherapy – this information will only be sent to you where we have your consent or where we feel there are legitimate reasons of interest.
We may also use your personal information to comply with any legal or regulatory obligations where necessary.
Consent
Through agreeing to this Privacy Policy you are consenting to Bradford's Veterinary Physiotherapy and Bradford's Physiotherapy processing your personal data for the purposes outlined. You can withdraw your consent at any time by using the postal, email address or telephone number provided at the end of this Privacy Policy.
How long will we keep your personal information?
We will keep your personal information for as long as is necessary for the purposes for which we collect it. The exact period will depend on the purpose for which we hold your information; we will keep the information for the duration of the provision of any physio services and for a number of years afterwards, as detailed below;
1) Adult's clinical notes are kept for 8 years from the last treatment
2) Children's clinical notes are kept for 8 years after their 18th birthday or up to 25 years old
3) Vet physio notes are kept for 8 years from last treatment
4) Accounts are kept for 7 years
When these times have lapsed, all personal data will be shredded securely.
Where we are required to keep your personal information to comply with a legal or regulatory obligation, we will keep it for at least as long as is required to comply with that obligation.
How do we keep your personal information secure?
We will use appropriate technical and organisational security measures which comply with the requirements of data protection law in order to keep your personal information secure against unauthorised or unlawful use and accidental loss, damage or destruction.We will store all of your personal data on secure servers, personal computers and mobile devices and in secure manual record-keeping systems.
Although we will do our best to keep your personal information secure, we cannot guarantee the security of your personal information transmitted via email or via our website as the transmission of information via the internet is not completely secure; therefore, any transmission is at your own risk.
What rights do you have as a Data Subject in relation to your personal information?
Please see below a summary of your rights in relation to your personal information under data protection law, some of these rights are subject to exemptions:
1) Right of access to your personal information held by Bradford's Veterinary Physiotherapy and Bradford's Physiotherapy.
2) Right to rectify any personal information that is incorrect or incomplete.
3) Right to erasure of your personal information in certain circumstances where it is no longer required by Bradford's Veterinary Physiotherapy and Bradford's Physiotherapy, or you withdraw your consent in relation to the receipt of marketing materials.
4) Right to restrict the use of your personal information in certain circumstances.
5) Right to data portability – this means that your personal information will be provided to you in a structured, commonly used and machine-readable format where the use of your personal information is by electronic means.
6) Right to object to the use of your personal information and direct marketing.
7) Right to withdraw consent where we rely on your consent as our legal basis for using your personal information.
8) Right to complain to the relevant data protection authority; this would be the Information Commissioners Office, address below in 'Complaints' section.
Cookies
A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
Mailchimp – mailchimp.com
Mailchimp is a cloud-based software used to organise and control subscription lists. This enables the Data Controller to email all the subscribers to a newsletter.
The Data Controller abides by a Double Opt-in procedure regarding your data. i.e Once the Users' Data from the Website form is sent to Mailchimp, a secondary email is sent to the User from Mailchimp which requests further confirmation before the Data can be added to the Mailchimp Subscription List.
It is only the Data Controller which has access to the Mailchimp account associated to the Website.
Updating or deleting the Users Data. This can be done either by clicking the links at the foot of the Newsletter emails or by contacting the Data Controller.
Accessing your personal data
The Data Controller will accept the following forms of identification (ID) when information on your personal data is requested;
One piece of photographic ID (driving licence, passport), a birth certificate and a utility bill not older than three months. If the Data Controller is not satisfied with the quality of the evidence, further information may be sought before personal data can be released. All requests should be made to Rhiannon Bradford, Data Controller for Bradford's Physiotherapy : rhiannon@bradfordsvetphysio.co.uk tel 01432 890490
Complaints
In the event that you wish to make a complaint about how your personal data is processed by Bradford's Physiotherapy, you have the right to complain to us. If you do not get a response within 30 days you can complain to the ICO, Wycliffe House, Water Lane, Wilmslow, SK9 5AF
Tel 0303 1231133 email https://ico.org.uk/global/contact-us/email/
Contact details
In order to exercise any of the rights listed above, or if you have any queries relating to the way we collect, use, or store your personal information, please contact Bradford's using the details below:
By email: info@bradfordsvetphysio.co.uk or info@bradfordsphysio.co.uk
By phone: 01432 890490
By post: Open Space Business Centre, Willow End Park, Blackmore Park Road, Malvern, WR13 6NN