What data do we collect?
To provide you with our healthcare service.
We will use your information to provide treatment and to contact you, this includes to remind you of your appointment and emailing exercises.
Your information is not passed to third parties except in relation to your care, and as specified above unless any overriding lawful reason exists for sharing this, and is usually only done with your consent wherever possible.
It is important data is accurate and up-to-date, we will do our utmost to ensure it is, however, you must also advise of any changes to your circumstances whilst you are a patient of the clinic.
We would like to stay in touch with you to provide general information that can help you live well, keep you up to date with any changes in our service, and generally send you information which the GDPR labels as direct marketing. We will only do this with your permission.
To keep clients and subscribers up to date with information we will use a third party email broadcast company which may be outside of the EEA, we will ensure that they have adequate technical and organisation measures in place to protect the information. Subscribers can change their preferences at any time by clicking on the unsubscribe link in any email broadcast, or simply email us at firstname.lastname@example.org and you will be removed from our broadcast list.
If you give a testimonial, we would attribute this to you in a way you choose although we don’t usually state your full name. At any time you can withdraw your consent, but any testimonial or case study used in hardcopy marketing materials or already indexed by search engines may be difficult to stop.
If you attend an event run by us some of the organisation of this may be managed by a third party company such as Eventbrite. When this is the case the company may eb outside of the EEA, we will ensure that they have adequate technical and organisation measures in place to protect the information.
Your data is stored on a locked computer, backed up onto a password protected external drive and cloud storage which is also password protected and meets GDPR requirements. Emails are downloaded and stored with your patient file and then the email is deleted. Text messages are stored on a locked phone.
Whilst we always aim to keep your data within the UK, or EU, this may not always be possible. For example, we utilise some exercise management platforms to assist you with doing your exercises and these may be hosted outside the EEA. Your name, email and list of recommended exercises is the only data held on these sites. We will only use sites that can demonstrate adequate security to protect your information.
Legally medical records have to be kept 8 years from the date of your last treatment, and to age 25 years for children so this is the duration of time we store your data for.
Where specific concerns have been identified, it may be necessary to retain certain records for a longer period of time. Where this is the case they will be securely stored.
Under GDPR you have specific rights, those rights that are applicable to the data we hold on you include:-
- The right to be informed of what information we hold
- The right to access the information we hold on you
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to object
The above rights are not absolute, and there may be reasons why we are unable to comply which your request, for example we are legally bound to keep your notes for the period of time outlined above and would therefore not be able to erase your data if you ask us to Each enquiry will be treated and considered on a case by case basis in-line with GDPR guidelines.
If you have any concerns or questions please contact:
If you are unhappy with how we have processed your information, you have the right to lodge a complaint with the office of the Information Commissioner at:
Information Commissioners Office
We use session cookies to remember your log-in and what you’ve put in the shopping basket. These we deem strictly necessary to the working of the website. If these are disabled then various functionality on the site will be broken. More information on session cookies and what they are used for at http://www.allaboutcookies.org/cookies/session-cookies-used-for.html.
|PHPSESSID||This cookie is used to hold the unique session ID which is generated every time our site is visited. This cookie is deleted when you close the browser.|
|Session_ID||This retains your ID for your shopping basket. Without this cookie, you cannot add products to your basket or make any purchases.|
|Provider||Cookie name||Expires||Purpose||More information|
|Google Analytics||_utma||2 years||This cookie is typically written to the browser upon the first visit to your site from that web browser. If the cookie has been deleted by the browser operator, and the browser subsequently visits your site, a new __utma cookie is written with a different unique ID. This cookie is used to determine unique visitors to your site and it is updated with each page view. Additionally, this cookie is provided with a unique ID that Google Analytics uses to ensure both the validity and accessibility of the cookie as an extra security measure.||Read Google Analytics Safeguarding your data|
|Google Analytics||_utmb _utmc||30 minutes||These cookies work in tandem to calculate visit length. Google __utmb cookie demarks the exact arrival time, then Google __utmc registers the precise exit time of the user.||Read Google Analytics Safeguarding your data|
|Google Analytics||_utmz||6 months||This cookie stores the type of referral used by the visitor to reach your site, whether via a direct method, a referring link, a website search, or a campaign such as an ad or an email link. It is used to calculate search engine traffic, ad campaigns and page navigation within your own site. The cookie is updated with each page view to your site.||Read Google Analytics Safeguarding your data|
|Google Analytics||_utmv||2 years||This cookie is not normally present in a default configuration of the tracking code. The __utmv cookie passes the information provided via the _setVar() method, which you use to create a custom user segment. This string is then passed to the Analytics servers in the GIF request URL via the utmcc parameter. This cookie is only written if you have added the _setVar() method for the tracking code on your website page.||Read Google Analytics Safeguarding your data|
|Google Analytics||_utmx||2 years||This cookie is used by Website Optimizer and only set when the Website Optimizer tracking code is installed and correctly configured for your pages. When the optimizer script executes, this cookie stores the variation this visitor is assigned to for each experiment, so the visitor has a consistent experience on your site. See the Website Optimizer Help Center for more information.||Read Google Analytics Safeguarding your data|