PK Physio understands that your personal data is entrusted to us and appreciates the importance of protecting and respecting your privacy. To this end we comply fully with the data protection laws in force in the UK and with all applicable clinical confidentiality guidelines. We are registered and compliant with the Information Commissioner’s Office (ICO) reference ZA452783.
Please read the following carefully to understand how we collect and process your personal data. When we refer to personal data in this policy we mean information which can, or has the potential to identify you as an individual.
By providing your personal data to us or by using our services you are accepting or consenting to the practices described in this policy.
For the purpose of data collection laws, the data controller is: PK Physio of Annex 4, Worting House, Basingstoke, RG23 8PX.
When do we collect personal data?
We may collect personal data about you if you: visit our website; enquire about treatment with us; register or become a patient with us; fill in a form or survey; contact us by phone, email or social media.
What personal data may we collect from you?
Information required for us to provide a service to you. This may include
Name, DOB, address, phone numbers, email addresses.
Information about your health relating to your service needs.
Information from other sources eg. Referring healthcare professionals or insurers.
Information you give us when you make a payment such as financial or credit/debit card information.
How is your information used?
Your personal data will be kept confidential and secure and will only be used for the purposes for which it was collected. We may use your personal data to:
Accurately identify your record in the future for further treatment.
To make or change appointments or contact you related to your treatment.
To enable us to carry out our service obligations to you.
To communicate with other healthcare professional, insurers or legal services where necessary.
Who has access to your information?
Your information will not be shared outside PK Physio unless your consent is obtained. Examples include: communications with your GP, consultant or other healthcare profession related to your treatment; legal team in the event of an accident claim; medical insurer if they require an update on progress; forms for occupational health, social services, disability assessment.
We will not sell or rent your information to third parties.
The security of your personal data
We protect all personal data that we hold about you, by ensuring we have appropriate organisational and technical security measures in place to prevent unauthorised access or unlawful processing of personal data and to prevent personal data being lost, damaged or destroyed.
All paper information held on you is stored securely in locked cabinet. At your request we may occasionally transfer information to you via e-mail. E-mail is not a secure method of information transfer. If you choose to send or receive information by e-mail, you do so at your own risk.
Data Subject Rights
The law gives you certain rights as a ‘data subject’ in respect to the personal data we hold about you:
Subject Access Request (SAR): The General Data Protection Regulation (GDPR) gives data subjects the right to access personal data held about them by a SAR. We will respond quickly to any such requests and we are legally required to respond within 1 month of receiving the request and necessary information.
Rights to rectification: Data subjects have the right to request that we amend personal information that is inaccurate or incorrect. This does not extend to matters of opinion such as medical diagnosis.
Right to erasure: Data subjects have the right to request we delete personal information from our systems at any time without giving a reason. This right is not absolute and only applies in certain circumstances.
Right to data portability: Data subjects have the right to obtain and transfer their data to different service providers. We will act on any request by the individual without delay.
Right to object: Data subjects have the right to object to the processing of data at any time based on their particular situation. We will only process data where we can demonstrate lawful grounds for doing so.
We will report any unlawful breach of data as required by GDPR within 72 hours of the breach occurring. If the breach is considered high risk, we will notify the data subjects concerned using an appropriate method of communication.
Our website may store some information on your computer in the form of a cookie or similar file. You can erase or block these or receive a notification before they are stored. Personal information cannot be collected in this way.