Data Privacy Policy
The Policy and Principal for Holding Data
This policy explains why we collect personal information about our patients, how we use it, how we secure it and what your rights are. It is compliant with the mandatory law from 25th May 2018. The General Data Protection Regulation (GDPR) says that personal data is any information that leads to a person being identified or identifiable. Whether the data is stored on paper, a computer, memory stick, CD disc or any other electronic device, it is still personal data. We may collect, use and store your data as described in this Data Privacy Policy. You will be notified of Policy changes that may affect your data. If the change is significant then revised agreements will be sought from you. The Principle under which your data is stored and used are:
- Lawful under British law, fair & transparent.
- Accountable to demonstrate compliance with this policy.
- Limited in scope, adequate & relevant for the purpose of running the clinic.
- Kept while you are under treatment and to comply with legal requirement only.
- Protected from breech with notification procedures.
Why we hold your Data
We hold your personal data only when you have given us permission to do so and in order to register you, make appointment bookings and keep track of payments. We must also securely store your personal data as a legal requirement.
Where is your Data being Held?
- a) Computer diary data is held on local computers with secure passwords and use is limited to the participating physiotherapists only.
- b) Written data is held in a locked secured cabinet with key access restricted to the participating physiotherapists only.
- c) Telephone message handwritten notes are destroyed as soon as they are no longer needed
Who holds what Data?
The Data Controller is responsible for all Data access and storage. Each individual treating Physiotherapist is responsible for maintaining Privacy and preventing Data breech of both electronic and manual files.
For how long is Data held?
It is held for legal reference for a minimum of 8 years for adult and 12 years for minors as a requirement by law
How else do we Protect your Data?
We will never pass your Data to a third party, without your permission. We do not allow others to use our patient lists. We will notify you promptly in the event of ant breech of your personal data.
What Rights do you have once you have given your Data?
You have the right to access your personal data through the Data Controller or your Physiotherapist and have your data corrected. A copy of the data we hold about you can be provided if you request it in writing.