Your privacy is very important to Us. We aim to collect and process your personal information in accordance with the GDPR and the UK’s Data Protection Act of 2018. This document details what information We collect from you as well as what We do and don’t do with the personal information that We collect.
“Contact information” refers to personal information including but not restricted; to your name, address, phone number, Skype name and email address that is provided to Us for the purposes of interacting with us through the Website and consulting our physiotherapists online.;
“Content” means all text (including all blog posts), graphics, images, video, sound and other data displayed on, or made available from, the Website;
“Health information” means personal information collected or generated by Us during the course of providing paid physiotherapy services to you or to answer a quick question regarding your physical condition;
“Personal information” means any information that identifies you or could be used to identify you. This includes contact information and health information;
4. Sourcing health information
We aim to collect health information exclusively from prospective clients who want to make use of our paid physiotherapy services. However, if the client is under 18 years of age, we will require a parent or legal guardian to provide health information, personal information and make payments on behalf of the client.
5. What activities will require you to provide personal information?
The types of personal information that we will collect, will vary according to the type of activity you take part in on our website:
a. Contact information
You will need to provide your name and your email address to us if you choose to submit a question or request to us via email or use our Contact form.
You will need to provide a name and email address to us if you choose to subscribe to our newsletter or blog posts. We use MailChimp for all our email campaigns. MailChimp goes to great lengths to protect your details and you can read more about their security here. MailChimp is owned by Intuit, and you can read their privacy statement here.
We may run competitions with the aim of promoting ourselves. The information that you will be asked to provide will be detailed in the terms and conditions of each competition that we run.
You will need to provide contact information to us if you decide to make use of our paid physiotherapy services or purchase other products from this Website. Depending on the items you are buying, some of the information that you may be asked to provide will include your name, billing address, phone number, emergency contact name and phone number, Skype name, and email address, and we may also record your computer’s unique Internet Protocol (IP).
If you require us to write a letter on your behalf, we may ask you for your residential address.
When purchasing physiotherapy services or other products from the Website, you may also provide sensitive and confidential payment information. All payments are processed on the PayPal or Square website and we do not ask for or store any account number or card details on our website. Square is HIPAA compliant.
If you use WeTransfer to send us a video of you playing sport or running etc. for motion analysis purposes, WeTransfer will collect personal information in the form of your IP address and email address and will install cookies to remember your email address. WeTransfer abides by EU law and encrypts files during transfer and storage. They only store your files for 7 days after which they delete them from their servers. Read more on their website.
Other Activities: We may use information for purposes not listed above in the following circumstances: (a) where specifically authorised by you; (b) where the use is related to one of the primary purposes listed above and where it could reasonably be expected; (c) where it is necessary for Us to comply with the law or the lawful direction of a governmental authority or court; or (d) where it is in the interests of public health and safety as set out in the UK’s Data Protection Act 2018.
b. Health Information
We will be required to collect health information from you or generate health information about you, if We provide physiotherapy services to you in the form of a physiotherapy consultation and a customised treatment programme.
Your health information will be collected through an online questionnaire and/or voice and/or video call which is designed to obtain a detailed medical history and other information required to make a diagnosis and recommend a treatment plan. Such information may take the form of:
personal details such as your name, age, and gender;
information about your current health service providers, including general medical practitioner;
information about current or past symptoms, injuries, diseases conditions or disabilities;
information about past operations, treatments received, and treatment programmes undertaken;
information about allergies;
information about medications which you are taking or have taken;
information about your family medical history where relevant to your own condition;
information about accidents, incidents or circumstances which caused or may have caused injury or discomfort;
information about medical investigations e.g. x-rays, MRI, ultrasound, blood tests etc.
our opinion of your medical condition;
our recommended treatment plan.
We store all our files containing your personal and health information in Cliniko. Cliniko is a medical notes keeping system that stores all the files in encrypted folders. We use Two Factor Authentication to access the files. Cliniko meets or exceeds all regulations of the Australian Privacy Principles, GDPR, PIPEDA, and HIPAA. Read more about their data security measures here.
Health information that you submit to Us during the consultation booking process will also be stored in Acuity Scheduling for a minimum of 2 years after your last appointment was scheduled using their software. Acuity Scheduling is GDPR and HIPAA compliant.
Health information that you submit to Us by filling in a contact form on the Website, will be deleted from the Website's database within 31 days of when you first submitted it.
All health information that you submit to Us via email as part of our paid online physiotherapy services is copied to and stored securely as part of your medical notes in Cliniko. All emails containing health information are deleted once the information is copied unless the information was not submitted by someone making use of our paid for service. If the health information was submitted as part of a general inquiry and the person decides not to make use of our paid for physiotherapy services, we delete the email and health information within 7 days and do not store any of it for longer than is needed to comply with their request.
We also use the following Google services, which are HIPAA compliant: Gmail and Drive.
6. How we will NOT use your personal information
Except as set out in Clauses 7 and 8 below, we will not disclose your personal information to other persons or entities. In particular:
We will not give, lend, rent or sell your personal information to third party telemarketing, market research organisation or email list building organisation that might on-sell it to other people or organisations.
We will not use or disclose your health information except in accordance with your directions, or as necessary to deliver our health services to you
7. How we will use your personal information
a. Contact Information
We may use your contact information for the following purposes:
We use your IP address and demographic information, which We collect with the help of cookies, to generate a holistic but anonymous picture of our user base and usage patterns. This information allows us to analyse trends and demographics and helps Us to improve on the content and services provided.
We will use your contact information to respond to any query or request that you have contacted Us with.
If you subscribe to receive our newsletter or new blog post alerts or a feed via a social networking service, We will use your contact information to send that information to you. The information may contain direct marketing material which contains special promotions and special offers.
We have the right to display any comment you submit on the Website (blog comments and testimonials), along with your name. We will not publish your email address.
If you register to use our Physiotherapy Services, we will use your contact information to deliver those services to you.
If you win a prize in one of our competitions, We will use your contact information to notify you, and will publish your name as the winner if required to do so by law.
b. Health information
We may use or disclose your health information for the following purposes:
We will use your health information to enable Us to diagnose your condition, recommend a treatment plan and/or to provide you with further information about other treatment options.
We will use your health information anonymously to allow Us to manage our business, for example through planning, or evaluating and assessing the cost-effectiveness of a particular treatment or service.
We will use your health information anonymously to perform clinical audit activities, where We evaluate and seek to improve the delivery of a particular treatment or service.
We will use your health information to comply with accreditation activities, and the requirements of professional and industry bodies e.g. the Chartered Society of Physiotherapy and the UK’s Health and Care Professions Council.
We will use your health information to respond to complaints made by you.
We will use your health information to co-operate with Our liability insurers (e.g. by disclosing details to a medical expert, insurer, defence organisation or legal advisor) in the event that We become aware of a potential or actual claim against Us by you.
We will use your health information to obtain advice and legal services in relation to the defence of potential or actual legal proceedings.
c. Personal information
We may use personal information (both contact information and health information) for the following purposes:
Should something happen to you during your online consultation with one of our physios that means that you require immediate help or assistance and you are unable to access it yourself, the physio will use the emergency contact details that you've provided to alert your emergency contact that you require help.
We will use financial data to process payments and co-ordinate refunds.
Online businesses occasionally suffer from the fraudulent activities of some shoppers. We have the right to use the personal information that We collect to verify your identity. The checks will usually be done only if there is a reason to suspect fraud.
We may use your personal information to recover debts owing to Us.
If We are involved in a reorganisation, merger, acquisition or sale of our assets, your information may be transferred as part of that deal. We will notify you (for example, via a message to the email address associated with your account) of any such deal and outline your choices in that event.
We may also disclose your personal information where required or necessary under the provisions of the Data Protection Act 2018 (e.g. where disclosure is required by law or is necessary for legal proceedings).
8. Disclosing personal information
a. Parties to whom we could disclose your information
During the course of our business, we may disclose your personal information as follows:
Third party companies and individuals (including Google and Paypal) are engaged from time to time to perform specific business services for us. These services include the processing of payments, trend analysis, marketing and promotions. We may need to provide some of your details to these services providers (or require you to provide your details directly to them) in order for them to perform their functions. We will only do so where it is strictly necessary for them to perform these functions.
We will pass on information relating to suspected fraudulent activity to appropriate authorities including the police, banks and credit card issuers, or otherwise if required to do so by law.
If you win a prize in one of our competitions, we will disclose some of your contact information in certain publications in order to comply with our obligations under applicable trade lotteries legislation. Precise details of the disclosures to be made appear in the terms and conditions of each competition and entry into each of our competitions requires your consent to such disclosures.
b. Cross-border disclosures
The disclosures of information listed in section (a) above, may involve transmitting, storing or processing information across national borders. This includes (amongst other things): our right to host the website on servers located outside the United Kingdom; our right to conduct usage analysis; and our right to process payments. You consent to the transmission of data for these purposes in accordance with the Data Protection Act 2018.
In addition, personal information that you submit in the form of, or relating to, comments or testimonials will be published on the Internet and will be accessible in any location around the world in which there is Internet access.
9. Your rights in relation to personal information that you provide
Subject to the exceptions allowed by law, you have a right to view, change and remove the personal information that we store about you.
Requests for Us to assist you to view, change or remove your personal information, should be made in writing through the Website using the Contact page or email us direct at firstname.lastname@example.org. You should provide us with any details necessary to enable us to comply with your request, including your name and the capacity in which you believe we are storing your personal information (i.e. as a customer, newsletter subscriber, patient etc). We shall also request information to verify your identity.
We have the right to request a small fee (to cover our costs if any) before We can assist you, but in most cases we will provide your information free of charge. Before We act on requests of this nature, We will tell you how much this service will cost if anything. We will respond to your request within 10 business days.
Please note that We may not be able to destroy or remove your health information as We may be required to maintain this for legal purposes. Notes for children must be maintained until their 25th birthday or 26th if they were 17 or older when they were last seen, or eight years after death (whichever is longer). Other records should be kept for a minimum of eight years after the date of last treatment. Diaries should be kept for a minimum of two years.
10. Changing your communication preferences
If you have subscribed to our newsletter or new blog post alerts in the past, but have now changed your mind, please either:
click on the “unsubscribe” link in any one of Our communications; or
reply to any of our email messages using the word “unsubscribe” in the heading; or
contact Us by visiting our Contact page.
There is no charge associated with being removed from our mailing or communications list.
11. Information security
We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information, and to prevent unauthorised access, modification or disclosure of your personal information. Payment information is processed by secure servers hosted by PayPal or Square, and not on this Website.
12. Affiliate links
We sometimes recommend products that we think are good value for money or may be useful for certain health conditions. The links that we use to direct you to the products are affiliate links created through Genius Link Services provided by GeoRiot. GeoRiot comply with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. GeoRiot has certified to the Department of Commerce that it adheres to the Privacy Shield Principles.
When you click a Genius Link the following information is collected automatically. The information collected is determined by the coding of the Genius Link by GeoRiot:
Information identifying the operating system and browser used by the Device for the Transaction ("User Agent Information"), including information identifying and describing the Device used for the Transaction ("Device Data").
Information identifying the language used by the Device for the Transaction ("Language Information").
The Internet Protocol ("IP") address of the Device used for the Transaction, which allows identification of the logical and to some extent geographical location of the Device used in the Transaction ("Location Data").
The URL of the Client's Digital Property on which the originating Geni.us Link is sited ("Client URL").
Product identification information for Products via the Geni.us Link the Device was used to click ("Product Information").
13. Other privacy information
You are responsible for the security of and access to your computer. There are particular risks when you use your computer for online shopping in a public place.
Further Privacy information can be obtained on the website of the UK Information Commissioner’s Office.
This document was compiled using the Privacy Notices Code of Practice document provided by the UK Information Commissioner’s Office.