Privacy Notice
Privacy Notice
To ensure compliance with the General Data Protection Regulation (GDPR), SMARTPHYSIO must ensure that information is provided to patients about how their personal data is processed in a manner which is:
• Concise, transparent, intelligible, and easily accessible.
• Written in clear and plain language, particularly if addressed to a child.
• Free of charge.
This privacy notice details SMARTPHYIOS's privacy policy relating to personal information that we collect, create, use and share when you are using our services. It explains what personal data we hold, what we do with that data and how long we keep it. Your privacy is important to us, and we are committed to protecting and safeguarding your data privacy rights.
Last updated
This privacy notice was last updated on the 1st of January, 2021.
We may update this Notice from time to time, and you should review it whenever you visit our website or before providing us with any personal data about yourself.
​
What is GDPR?
The GDPR replaces the Data Protection Directive 95/46/EC and is designed to harmonise data privacy laws across Europe to protect and empower all EU citizens’ data privacy and to reshape the way in which organisations across the region
approach data privacy. The GDPR came into effect on 25th May 2018.
​
Who we are
We are The Physiotherapist Company Limited, trading as SMARTPHYSIO.
We are based in North & North West London, and we are a team of expert chartered physiotherapy clinicians providing first-class physiotherapy care and specialist treatments.
For the purpose of the UK General Data Protection Regulation (“the UK GDPR”), SMARTPHYSIO is a data controller in respect of any personal data we collect.
How we collect your personal data
We will only collect and use your personal data where we have legitimate business reasons to do so. We may obtain personal data from you to provide you with a service when you contact us or visit our practices or when you get in touch with us via our website. This includes personal data provided to us when you register with us to receive our services or when you enter a competition or promotion.
We also collect your data when you contact us about employment with SMARTPHYSIO, when you provide our staff with business cards or contact details if you deal with us, when we are providing services to one of our clients, when we receive referrals from other employees, clients or suppliers when you deal with us in order to provide us with goods or services, when staff give us your details as an emergency contact or when potential employees give us your details as a referee.
​
We may also collect your data when we search websites where you have posted your data to be found in relation to business opportunities. We will, of course, let you know at the earliest opportunity when we have gathered your data in this manner.
​
The personal data we collect
We collect personal data in order to provide the best possible service we can or to maintain good business and client relationships. We only collect the data we need, and we will ensure we have appropriate physical and technological security measures to protect your personal data.
​
For clients using our services or suppliers whose services we use, depending on the relevant circumstances, we may collect some or all of the following information: name, title, email address, postal address, telephone numbers and other contact numbers, bank details, health information and health insurance information. We may also collect data from medical professionals whom you have given us permission to do so.
​​
How do we store your data?
Your personal data is stored safely and securely in the UK. All personal data will be processed for the duration of your treatment, and we will continue to store the data needed for eight years after the contract has expired to meet any legal obligations.
After eight years, all personal data will be deleted unless basic information needs to be retained by us to meet future obligations to you. Records concerning minors who have received treatment will be retained until the child has reached the age of 25.
​
What we use your information for
SMARTPHYSIO collects and processes your personal data for legitimate business purposes, including diagnosing and administering treatment, internal record-keeping, processing financial transactions, and processing instructions from clients, in connection with legal, financial and dispute management, for compliance with legal, regulatory and tax reporting obligations and releasing your personal information to regulatory or law enforcement agencies, if they require us to do so by law for the prevention, detection and investigation of crimes. We may also use your data to market our related products and services directly to you and advise you of any updates to our services; where we do so, you will be able to unsubscribe at any time from receiving any further communications from us.
​
We may use your personal data where we deem it to be necessary for our legitimate interests or for mutually beneficial legitimate interests. These legitimate interests are explained a little further down this notice.
​
Sharing your personal data
Where appropriate and in accordance with local laws and regulatory obligations, we may share some of your personal data with other medical professionals and third-party service providers who perform functions on our behalf, including external consultants, business associates and professional advisers such as lawyers, auditors and accountants, debt collectors, technical support consultants.
If SMARTPHYSIO merges with or is acquired by another business or company in the future (or is in meaningful discussions about such a possibility), we may share your personal data with the other business or company, subject to appropriate assurances as to the protection of your data privacy.
​
Maintaining confidentiality
We are committed to maintaining confidentiality and protecting the information we hold about you. We adhere to the GDPR, the NHS Code of Confidentiality and Security, as well as guidance issued by the Information Commissioners Office (ICO).
​
Invoice validation
Your information may be shared if you have received treatment, to submit invoices to third parties where relevant when they are responsible for paying for your treatment. This information may include your name, address and treatment date. All of this information is held securely and confidentially; it will not be used for any other purpose or shared with any third parties.
Opt-outs
You have a right to object to your information being shared. Should you wish to opt out of all data collection, please contact a member of staff who will be able to explain how you can opt-out and prevent the sharing of your information.
​
Accessing your records
You have a right to access the information we hold about you, and if you would like to access this information, you will need to complete a Subject Access Request (SAR). Please ask reception for a SAR form, and you will be given further information. Furthermore, should you identify any inaccuracies, you have a right to have the inaccurate data corrected.
​
What to do if you have any questions
If you are unsure about patient data and want to know more, try this easy to
understand website https://understandingpatientdata.org.uk/what-you-need-know.
Should you have any questions about our privacy policy or the information we hold about you, you can:
1. Contact the practice’s data controller via email at the practice.
2. Write to the data controller at the practice.
3. Ask to speak to the practice manager.
Your Rights
You have individual rights under the UK GDPR. You can exercise any of these rights by contacting us using our contact details at the end of this notice or by any other means. Your rights are listed and explained below. You have the right to:
-
be informed of what we do with your data;
-
ask us to share what information we hold about you;
-
update your data if you think it’s incorrect or insufficient;
-
have your personal data deleted (right to be forgotten);
-
ask us to stop processing your data - where consent has been given, you can withdraw that consent at any time by contacting us using the details at the bottom of this notice;
-
have the personal data you have given us transferred to another company;
-
object to us processing your personal data where we do so under legitimate interests;
-
ask us to explain and ask us to stop decisions made by automated means without any human involvement) (where we classify you into different groups or sectors, using algorithms and machine learning to identify links between different behaviours and characteristics to create profiles for individuals).
​
Transfer of data outside the UK
Normally your data will not be transferred to a country or territory outside the UK unless that country or territory ensures an adequate level of protection or the appropriate safeguards are in place for your rights and freedoms.
Retention
It is our policy only to keep records of your personal data for as long as required under the legal obligations of delivering a service to you or as required by relevant authorities or other legislation, whichever requirement is longer, after which it will be deleted or destroyed.
If you are a client or a supplier, we may, for regulatory reasons or to settle a dispute, keep your data for six years after the end of your engagement with us.
If you have contacted us via our website or sent us an email and we do not engage in a professional relationship with you, we will destroy your data after two years or sooner. If you send us your CV, we may keep it for a period of one year.
Legitimate interests
The UK GDPR states (in Article 6(1)(f)) that we can process your data where it is necessary for the purposes of the legitimate interests pursued by us, except where such interests are overridden by your interests or fundamental rights or freedoms. SMARTPHYSIO thinks it's reasonable to expect that if we have had a professional relationship with you or you have contacted us about a job, or we have been given your name as an emergency contact or as a referee, you are happy for us to use your personal data to contact you for a relevant reason. If you don’t want any further contact with us, you can ask us to stop by contacting us using the details at the end of this Privacy Notice.
Cookies
Cookies are small text files that are created on your device when you visit our website, and we may read these text files to understand more about your online interaction with us. We do not store any personal data in our cookies. We use a third-party service, Google Analytics, to collect this information, and it is only processed in a way which does not identify you. You can manage cookies when you first log on to our using the options provided to you, or via your browser settings, or with a plugin for your browser, available here.
​
Security
We are committed to ensuring that your information is protected. In order to prevent unauthorised access or disclosure, we have put in place technical and organisational measures to safeguard the information we collect. Our servers are secured in our offices or in highly secure locations within the EEA.
Links to other websites and social media
Our website contains links to other websites we think may be of interest. We do not have any control over other websites. You should read their Privacy Notice or other such statements to understand how they will collect and process your data.
​
Complaints
In the unlikely event that you are unhappy with any element of our data-processing methods, you have the right to lodge a complaint with the ICO. For further details, visit www.ico.org.uk and select ‘Raising a concern’. We regularly review our privacy policy, and any updates will be published on our website, in our newsletter and on posters to reflect the changes.
Contact
To exercise any of your rights or if you have any queries or complaints, please contact us by emailing us at info@smartphysio.co.uk or calling us at +44 (0)20 7435 4910.
If you wish to make a complaint about how we process your data, you can contact the UK Commissioner via the Information Commissioners Office (ICO). Contact details are available on their website at https://ico.org.uk/global/contact-us.