1 PRIVACY NOTICE
At Louise Malone, we are committed to protecting and respecting your privacy. We want you to know that when you use our clinic and our website you can trust us with your information. We are determined to do nothing that would infringe your rights or undermine your trust. This Privacy Notice describes the information we collect about you, how it is used and shared, and your rights regarding it.
2 DATA CONTROLLER
We are registered with the Information Commissioner’s Office (“ICO”) as a Data Controller for the personal data that we hold and process. Our registered Organisation is Louise Malone and our ICO registration number is ZA875234.
3 DATA COLLECTION
3.1 The type of personal information we collect.
We currently collect and process the following personal information:
- Personal details: first name, surname, email, address and phone number.
- Your date of birth, gender and age.
- Emergency contact information.
- Medical or health records.
- Your Private Medical Insurance details – where relevant.
- Records of your contact with us.
- Financial and transactional data – when you make a payment with us in studio or on our website, your payment information is collected directly by Stripe, a payment processor, and will be subject to the third party’s privacy policy. We have no control over, and are not responsible for, third parties’ collection, use and disclosure of your Personal Information.
3.2 How we get the personal information and why we have it.
Most of the personal information we process is provided to us directly by you for one of the following reasons:
- To make an appointment booking.
- To ensure safe and effective assessment and treatment.
We also receive personal information indirectly, from the following sources in the following scenarios:
- Your medical Consultant or GP or other health care professional who:
- may refer you to our care for physiotherapy or
- share your details with us for us to treat you safely and effectively.
Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:
- Legal obligation. Physiotherapy staff have a professional and legal obligation to keep an accurate record of their interactions with patients.
- All record keeping is governed by the Data Protection Act 2018. The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR).
- Being able to make and maintain records is a requirement of HCPC registration.
- Keeping detailed records is a requirement of CSP membership.
3.3 How we store your personal information?
Your information is securely stored on Cliniko which is a practice management software for clinics and allied health practitioners.
4 DATA RETENTION
Records form a legal record of treatment and therefore must be retained safely and securely in accordance with the Data Protection Act 2018. Under GDPR regulations, data must only be kept for as long as necessary for the original reason it was collected.
Each UK country sets out minimum retention periods for health records. The minimum retention periods apply to all formats/media that contain components of information relating to the health record. Retention schedules vary according to the type of record but, in general, for those with capacity it is usually:
- Eight years from the date of last treatment for adult records.
5 YOUR RIGHTS
Under data protection law, you have rights including:
- Your right of access – You have the right to ask us for copies of your personal information.
- Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
- Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.
- Your right to object to processing – You have the right to object to the processing of your personal information in certain circumstances.
- Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Please contact us at [email protected] if you wish to make a request.
6 DATA SHARING
We are professionally obliged to share information with other health professionals directly involved in a patient’s care to give appropriate advice and treatment. We do not need a patient’s written permission to do this, but the patient should be aware of the communication with other health professionals. The patient has the right to prevent sharing information. If they do so, they will be informed of how this might affect continuity of care. However, if we feel that a patient is in danger to themselves or to others we may contact the patient’s doctor, even without the patient’s consent, to raise the concerns.
7 HOW TO COMPLAIN
If you have any concerns about our use of your personal information, you can make a complaint to us at [email protected]
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk