top of page
Harley Street Physiotherapy
Harley Street Physiotherapy
Harley Street Physiotherapy

PRIVACY NOTICE - Version 28-08-2024

At Harley Street Physiotherapy we respect your Privacy and are committed to protecting and maintaining your trust and confidence in our management of your personal data.

YOUR PRIVACY IS IMPORTANT TO US

This notice informs you how we use the information you give us and how we protect your privacy. It also explains your rights under the UK Data Protection Act (update 2018) and the EU General Data Protection Regulations 2018 {GDPR). We abide by UK law and our data protection regulator within the UL is the Information Commissioners Office.

BACKGROUND

Harley Street Physiotherapy offers services and products such as physiotherapy, acupuncture, rehabilitation, and sports medicine to our
clients.

We are based at 3rd Floor (North) 25 Wimpole Street, London W1G 8GL.

WHAT PERSONAL DATA MAY WE COLLECT?

· Name

· Contact details
· Insurance details
· Medical records
· Referral letters and information from Consultants, GP or referrer.

 

We may collect this via telephone, email, letter or in person. At present we do not collect personal information via our website.
Where permitted by law, we may also receive information about you from 3rd parties such affiliates, business partners, credit and fraud checking services, as well as third parties, with whom we have had no prior contact.

HOW DO WE USE YOUR DATA?

We are required by GDPR to only use your personal data for lawful reasons. This may be to enable us to provide you with the services you request from us, because you have consented to the use of your personal data, or because we are required by law to retain it.

  • To carry out obligations arising from any contracts entered into between you and us.

  • Medical record keeping.

  • To provide and receive reports on your management between us and your referrer or other, to whom you have given consent. You may request to see any information before it is sent.

  • To send information and reminders about your appointments or return calls /texts/emails from you to us.

  • To notify you about changes to our services.

  • For audit purposes to improve our services.

  • To provide you with information, products or services that you request or

  • We feel may be of interest to you, where you have consented to be contacted for such purposes.

  • With your consent up write case studies on your management.

  • Withholding required data may result in an insufficient service being provided.

Marketing and Newsletters

You are asked to opt in to this service before being contacted for these reasons.
We may contact via post, phone, text or email you to inform you of offers, news, updates or bulletins we think you may be interested in.
You can opt out of this at any stage by emailing info@harleystreetphysiotherapy.co.uk
You will not receive any unlawful marketing or spam.
We do not use any automatic systems for profiling or other purposes.

Sharing your data

We may share your personal details with the following organisations:
Credit reference agencies.
We do not disclose, sell or distribute email lists or your personal information with other organisations and businesses or other third parties, unless we have obtained additional consent from you.

LEGAL BASIS FOR COLLECTING AND PROCESSING DATA

CONSENT: You have given clear consent for us to process your data for specific purposes.
LEGAL OBLIGATION: The processing is necessary for us to comply with the law
e.g. storing Medical records.
VITAL INTEREST: The processing is necessary to protect someone’s life e.g. next of Kin information, in certain circumstances.

HOW LONG IS YOUR PERSONAL INFORMATION RETAINED BY US?

The data is collected from you via telephone, email, letter and in person at reception or during your consultation and subsequent treatments.

There is a legal obligation to retain medical records for at least 7 years from the date of last treatment for adults and for children, eight years after their 18th birthday or until 25 years of age. Your medical records may be kept indefinitely for legal purposes.

WHAT ARE YOUR RIGHTS UNDER GDPR LAWS?

In certain circumstances, you have rights under data protection laws in relation to your personal data. These include:
RIGHT TO:

  • · Request access, correction and removal of personal data.

  • · Object to processing of personal information.

  • · Restrict processing of personal information.

  • · Request moving, copying and transferring of personal data.

  • · Right to withdraw consent.

If you request access to your personal data, there will not be a fee unless the request is excessive or repeated. All legitimate requests will be dealt with within 30 days of request.


Subject Access Requests should be made in writing via post or email to the Data controller details whose contact details can be found at the end of this document.

SECURITY

  • We take data security very seriously. We have robust physical, electronic and managerial processes in place to prevent unauthorised access or disclosure and to safeguard and secure your personal information.

  • Paper medical records are kept in locked filing cabinets.

  • The clinics electronic data base and medical records are kept on password & security protected hardware and also hosted by web based third parties Cliniko acting as word processor (see links below).

  • We will take all reasonable steps necessary to ensure your data is treated securely

  • and in accordance with this privacy policy.

  • Emails containing information of a sensitive nature containing medical information are sent via a secure encrypted email service ( Egress).

WEBSITE & COOKIES

Like many site operators, we collect information that your browser sends whenever you visit our website (log data). This information about your use of our site including details of your visits such as pages and resources accessed. Such information may include traffic data, location data and other communication data.

At present the only information collected is via Wix and Google Analytics.

Use of Cookies

We may collect information about your computer, including IP address, operating system and browser type, for system administration and in order to create reports. This is statistical data about our users browsing actions and patterns and does not identify any individual.

The only cookies in use on our website are for Wix and Google Analytics. Wix and Google Analytics is a web based analytics tool that helps website owners understand how visitors engage with their website. Google Analytics customers can view a variety of reports about how visitors interact with their website so they can improve it.


Like many services, Wix and Google Analytics uses first-party cookies to track visitor interactions as in our case, where they are used to collect information about how visitors use our site. We then use the information to compile reports and to help us improve our site. Cookies contain information that is transferred to your computers hard drive.


These cookies are used to store information, such as the time the current visit occurred, whether the visitor had been to the site before and what site referred the visitor to the web page.


Google analytics collects information anonymously. It reports website trends without identifying individual visitors. https://policies.google.com/privacy?hl=en.


You can opt out of google analytics without affecting how you use our site. For more information on opting out of google analytics tracking across all websites.  click here  https://tools.google.com/dlpage/gaoptout

Third Party Links

On occasions we include links to third parties such as Twitter, Instagram, Linkedin and newsletters and other businesses. Where we provide a link it does not mean that we endorse or approve of that site’s policy towards visitor privacy. You should review their privacy policy before sending them personal data. We cannot be responsible for the contents or behaviour of third party sites.

Data processing outside of the EU
Data required for processing invoicing and for bookkeeping may be shared outside of the EU to Appnocrat Technology Pty Ltd who by contract adhere to the same data protection processes as Harley Street Physiotherapy.


EGRESS secure email
https://www.egress.com/privacy-policy


GOOGLE
https://policies.google.com/privacy?hl=en.

ICO information commission

https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/


PRACTICE SOFTWARE
https://www.tm3practicemanagement.com/information/policy/ personal contact details and medical records.

CHANGES TO THE PRIVACY NOTICE

Any changes to our privacy policy will be posted to this website at any time. You should re check the wording periodically. If there is any material changes to this policy, we will notify you by placing a prominent notice on our website.

DATA CONTROLLER

Harley Street Physiotherapy
3rd Floor (North) 25 Wimpole Street, London W1G 8GL.
Email : info@harleystreetphysiotherapy.co.uk

Privacy Policy 

bottom of page