Privacy Policy

Radlett Physiotherapy Privacy Notice

 

Introduction

We take data protection seriously.

If a Data Subject wishes to use certain services via our website processing of Personal Data could become necessary. Personal Data Processing shall always be in line with General Data Protection Regulation (GDPR). By means of this Privacy Notice, we would like to inform the general public why we collect and process Personal Data and Data Subjects rights relating to the collection and processing of Personal Data.

Definitions

“Controller”

The natural or legal person, agency or other body which, alone or jointly, with others determines the purposes and means of the processing of Personal Data; where the purposes and means of such processing are determined by Union or Member State Law, the Controller or specific criteria for its nomination may be provided for by Union or Members States Law.

“Personal Data”

Any information relating to any identified or identifiable natural person (“Data Subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.

“Data Subject”

Any identified or identifiable natural person, whose Personal Data is processed by the Controller responsible for the processing.

“Processor”

A natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Controller.

“Recipient”

A natural or legal person, public authority, agency or another body, to which the Personal Data are disclosed, whether a third party or not. However, public authorities which may receive Personal Data in the framework of a particular enquiry in accordance with Union or Member States Law shall not be regarded as Recipient; the processing of those data by those public authorities shall be in compliance with the applicable Data Protection rules according to the purposes of the processing.

“Third Party”

A natural or legal person, public authority, agency or body other than a Data Subject, Controller, Processor and persons who, under the direct authority of the Controller or Processor, are authorised to process Personal Data.

“Restriction of Processing”

The marketing of stored Personal Data with the aim of limiting their processing in the future.

“Processing”

Any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by a transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

“Consent”

Consent of the Data Subject is any freely given, specific, informed and unambiguous indication of the Data Subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of Personal Data relating to him or her.

Name & Address of the Controller

The Controller is:- Radlett Physiotherapy Ltd, 96 Watling Street, Radlett, Hertfordshire WD7 7AB

Name & Address of the Data Protection Officer

The Data Protection Officer of the Controller is:- Julie Sterling

A Data Subject may contact our Data Protection Officer directly with any enquiries relating to Data Protection.

Name & Address of the Lead Supervisory Authority

The Lead Supervisory Authority overseeing the Controller is:-

Information Commissioners Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
United Kingdom

Telephone: +44 (0) 303 123 1113
Email: casework@rco.org.uk
Website: https://ico.org.uk

Reasons/Purposes For Processing Information

The following is a broad description of the way Radlett Physiotherapy Ltd processes personal information. To understand how your personal information is processed you may also need to refer to any personal communications you have received. We process personal information to enable us to provide medical diagnosis and physiotherapy services

We collect information relating to the above reasons/purposes from the following sources:-

  • The Data Subject directly (e.g. from information entered into forms and in the performance of our services);
  • Referrals received from medical practitioners or insurance companies.

We process information relating to the  above reasons/purposes.This information may include:-

  • Personal details;
  • Medical

Rights Of The Data Subject

GDPR affords EU Data Subjects with rights. These rights are summarised below. In order to assert any of these rights, the Data Subject may contact our Data Protection Officer

The Right of Confirmation

Each Data Subject shall have the right to obtain from the Controller confirmation as to whether or not Personal Data concerning him or her is being processed.

The Right of Access

Each Data Subject shall have the right to obtain from the Controller, free information about his or her Personal Data stored at any time and a copy of this information. Furthermore, the Data Subject shall have the right to obtain information as to whether Personal Data is transferred to a third country or to an international organisation.  Where this is the case, the Data Subject shall have the right to be informed of the appropriate safeguards relating to the transfer.

A Right to Rectification

Each Data Subject shall have the right granted by the European Legislator to obtain from the Controller without undue delay the rectification of inaccurate Personal Data concerning him or her. Taking into account the purposes of the processing, the Data Subject shall have the right to have incomplete Personal Data  completed, including by means of providing a supplementary statement.

A Right to Erasure (Right to be Forgotten)

Each Data Subject shall have the right to obtain from the Controller that the erasure of Personal Data concerning him or her without undue delay, and the Controller shall have an obligation to erase Personal Data without undue delay when one of the statutory grounds apply, as long as the processing is not necessary.

A Right or Restriction of Processing

Each Data Subject shall have the rights granted by the European Legislator to obtain from the Controller restriction of processing where a statutory reason applies.

Right to Data Portability

Each Data Subject shall have the rights granted by the European Legislator, to receive the Personal Data concerning him or her, which was provided to a Controller, in a structured, commonly used and machine-readable format.

Right to Object

Each Data Subject shall have the right to object, on grounds relating to his or her particular situation at any time, to the processing of Personal Data concerning him or her.

Automated Individual Decision-Making, including Profiling

Each Data Subject shall have the right not to be subject to a decision based solely on automated processing, including profiling.

Right to Withdraw Consent

Where consent forms the basis for processing, each Data Subject shall have the right to withdraw his or her consent to the processing of his or her Personal Data at any time. Data Subjects can withdraw consent by logging contacting the Data Protection Officer.

Right to Complain to the Supervisory Authority

Where consent forms the basis for Processing, the Data Subjects shall have the right to withdraw his or her consent to the processing of his or her Personal Data at any time. The details of the Supervisory Authority are contained at the top  of this  Privacy Notice.

Legal Basis For The Processing

The legal basis for Processing shall be where:-

  • The Data Subject has given consent to the Processing of his or her Personal Data for one or more specific purposes;
  • Processing is necessary for the performance of a contract to perform physiotherapy services
  • Processing is necessary for the performances of medical diagnosis;
  • Processing is necessary for sending reports to medical practitioners or insurance companies/3rd parties when accident claims are involved.

Security of Processing

We are committed to keeping your Personal Data confidential. We have implemented technical and organisational measures to ensure the Personal Data processed remains secure, however absolute security cannot be guaranteed.

Personal Data Retention Periods

The criteria used to determine the retention of Personal Data is the respective statutory retention period within the Members State and also any statutory retention period imposed for the retention of medical records. After the expiration of those periods, Personal Data shall be securely deleted, as long as it is no longer necessary for the fulfilment of the contract, the initiation of a contract, or in relation to any legal proceedings.

General

You may not transfer any of your rights under this Privacy Notice to any other person. We may transfer our rights under this Privacy Notice where we reasonably believe your rights will not be affected. If any Court or competent authority finds that any provision of this Privacy Notice (or part of any provision) is invalid, illegal or unenforceable, that provision or part provision will, to the extent required, be deemed to be deleted, and the validity and enforceability of the other provisions of this Privacy Notice will not be affected. Unless otherwise agreed, no delay, act or omission by a party in exercising any right or remedy will be deemed a waiver of that or any other, right or remedy.