Using Your Personal Data
As part of undertaking normal business activities, we (Blairgowrie Physiotherapy & Sports Injury Clinic ltd) collect and process personal data relating to prospective clients, clients and former clients. As a data controller of this information, the organisation is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.
The address and contact details of the data controller (Carla Sutherland at Blairgowrie Physiotherapy & Sports Injury Clinic Ltd) are set out at the end of this privacy notice.
What information do we collect?
Blairgowrie Physiotherapy & Sports Injury Clinic Ltd collects a range of information about you in the course of undertaking their normal business activities. This may include:
Your contact details including:
- your name,
- next of kin,
- email address and
- phone number.
Some biometric data including:
- your date of birth,
- your history of your presenting complaint,
- your medical history and
- medication list.
Health questionnaires for yoga or pilates classes.
Payment method details.
Blairgowrie Physiotherapy & Sports Injury Clinic Ltd may collect this information in a variety of ways. For example, data may be collected in our enquiry forms or over the phone, facebook and via email. The majority of your personal data will be collected from the reception team during booking and during consultation with your health care practitioner.
We may also collect data about you from 3rd parties, such as referrers like medical health care companies (BUPA, AXAPPP, etc) or insurance companies (Digby Brown, Rehabilitation network for example). We will seek information from these 3rd parties as part of your treatment should you be associated with the 3rd parties with whom we partner.
Why does process Blairgowrie Physiotherapy & Sports Injury Clinic Ltd your personal data?
We need to process your data to respond to any enquiries and to provide clinical care to you. Or, for the purpose of our classes- yoga/pilates.
We will need to process your personal data during the duration of the treatment of your clinical problem, or class attendance, or to respond to your enquiry. Our lawful basis for doing such is for the purpose of legitimate interest but also we satisfy the conditions for processing special category data. As a healthcare provider, processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional and subject to the conditions and safeguards.
In some cases, we need to process data to ensure that we are complying with legal obligations. For example, it is mandatory for us to hold invoice information for 7 years, from the date of invoice, in order to fulfil any potential obligations with HMRC or other government bodies. This processing will be applicable to both current and former clients.
Likewise we are duty bound to store your medical records for 7 years too.
Blairgowrie Physiotherapy & Sports injury clinic ltd has a legitimate interest in processing your personal data from the time you make your booking enquiry through to the end of your treatment or class block. As already mentioned we also have a special category interest in processing your health related data, this enables us to assess and treat your clinical problem.
Where does Blairgowrie Physiotherapy & Sports Injury Clinic Ltd store your data?
We store all your personal data you give us when you book your initial appointment on the IT systems provided by Blue Zinc, including database and email systems. This is stored securely in off-site ISO27001 certified data centres with appropriate technical and organisational security measures in place, including redundancy and back up.
Health related data is stored on paper format in your personal file, in a locked filing cabinet. Health questionnaires are kept in a folder in locked storage.
Payment details are kept in a file in locked storage.
Any handwritten messages with personal details on are shredded if they are not to be filed and stored securely.
Emails are kept on our email system and the password to the email system is changed every 6 months.
Access to our computer system is protected by password and this is changed every 6 months.
Who has access to data?
Your information will be shared internally across various teams in order to complete the enquiry process and/or to fulfil your booking. This includes members of our admin team, our health care professionals, and/or the class instructors.
We will only share information with 3rd parties at your request or where required by law. For example, if you wish to work with any of our partners, at your request, we will share your basic information with them to enable this.
How does Blairgowrie Physiotherapy & Sports Injury Clinic Ltd protect your data?
We take the security of your data seriously. We have internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the proper performance of their duties.
Under the obligations of data protection, we have policies and procedures in place to keep your data safe during the processing activity.
For how long does Blairgowrie Physiotherapy & Sports Injury Clinic Ltd keep data?
The organisation will hold personal data throughout the duration of your treatment and this will be kept within a secure database. For future identification purposes, your contact details will be stored for when you next use the clinic, unless you ask us to remove them from our database. With regards to invoices and treatment records, we will hold them for 7 years from the invoice date due to legal obligations. We will delete all records and invoice data when the 7 year retention period has elapsed.
As a data subject, you have a number of rights. You can:
- Access and obtain a copy of your data on request;
- Require the organisation to change incorrect or incomplete data;
- Require the organisation to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing;
- Object to processing of your data where Blairgowrie Physiotherapy & Sports Injury Clinic Ltd is relying on its legitimate interests as the legal ground for processing;
- Withdraw your consent to us processing your data.
If you would like to exercise any of these rights, please contact Blairgowrie Physiotherapy & Sports Injury Clinic Ltd
If you believe that the organisation has not complied with your data protection rights, you can complain to the Information Commissioners Office.
What if you do not provide personal data?
You are under no statutory obligation to provide data to Blairgowrie Physiotherapy & Sports Injury Clinic Ltd, however if you do not provide the required information we may be unable to complete the enquiries process or assess and treat your health complaint.
Address and contact details of the data controller
(Blairgowrie Physiotherapy & Sports Injury Clinic Ltd);
Blairgowrie Physiotherapy Ltd
1 High Street
Address of Blue Zinc (clinical software IT company);
Unit 4C Dill House
Castlereagh Business Park
478 Castlereagh Road
Telephone: 02890 998696