Dundee 01382 227227 | St Andrews 01334 845481

Privacy Policy

Heal Physiotherapy is committed to protecting and respecting your privacy.

Heal Physiotherapy understands that your personal data is entrusted to us and appreciates the importance of protecting and respecting your privacy. To this end, we comply fully with the data protection law in force in the UK and General Data Protection Regulations (GDPR) and with all applicable clinical confidentiality guidelines.

This Privacy Policy sets out the basis on which we collect and process personal data about you including our practices regarding the collection, use, storage, and disclosure of personal data that we collect from you and/or hold about you, and your rights in relation to that data. 

Please read the following carefully to understand how we process your personal data. By providing your personal data to us or by using our services, website or other online or digital platform(s) you are accepting or consenting to the practices as described or referred to in this Privacy Policy.

The rules on the processing of personal data are set out in the General Data Protection Regulation (the “GDPR”).

Definitions

Data controller - A controller determines the purposes and means of processing personal data.

Data processor - A processor is responsible for processing personal data on behalf of a controller.

Data subject - Natural person

Categories of data: Personal data and special categories of personal data

Personal data - The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier (as explained in Article 6 of GDPR). For example, name, passport number, home address, or private email address. Online identifiers include IP addresses and cookies.

Special categories of personal data - The GDPR refers to sensitive personal data as ‘special categories of personal data (as explained in Article 9 of GDPR). The special categories specifically include genetic data, and biometric data where processed to uniquely identify an individual. Other examples include racial and ethnic origin, sexual orientation, health data, trade union membership, political opinions, and religious or philosophical beliefs.

Processing - means any operation or set of operations that are performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Third-party - means a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

1. Who are we?

The data controller is Heal Physiotherapy. This means we decide how your personal data is processed and for what purposes.  Our registered address is: 40/42 Brantwood Avenue, Dundee, Tayside, DD3 6EW, Limited Company number SC424910.  When we refer to ‘we’, ‘us’, and ‘our’, we mean Heal Physiotherapy. For all data, matters contact our Clinic Manager on 01382 227227 or enquiries@healphysiotherapy.co.uk

2. The purpose(s) and legal reasons for processing your personal data

We may use your personal data for the following purposes:

  • Enable us to carry out our obligations to you arising from any contract entered into between you and us including relating to the provision by us of services or treatments to you and related matters such as, billing, accounting, and audit.  This may also include taking steps at the request of the Data Subject (you, the patient) with a view to entering into a contract.
  • To send you appointment reminders
  • Provide you with information, products, or services that you request from us
  • To comply with legal obligations in regard to record-keeping. We may hold your records longer to maintain our financial records accurately.
  • Provide you with information about products or services we offer that we feel may interest you. If you have consented to receive marketing communications by electronic means from us, by ticking the relevant box on the form on which we collect your data, we will only contact you by electronic means (e-mail or SMS) with information about products and services similar to those which you previously purchased or enquired about from us
  • Notify you about changes to our products or services by means of legitimate interest
  • Respond to requests where we have a legal or regulatory obligation to do so
  • Check the accuracy of information about you and the quality of your treatment or care, including auditing medical and billing information for insurance claims as well as part of any claims or litigation process
  • Assess the quality and/or type of care you have received (including giving you the opportunity to complete customer satisfaction surveys) and any concerns or complaints you may raise, so that these can be properly investigated
  • Support continuing professional development within our team.  We may present your medical case history for case review or peer support, but we will omit details including name, address, and others so that you are unidentifiable.
  • To conduct and analyse market research
  • To ensure that content from any of our websites is presented in the most effective manner for you and for your computer. 

3. What categories of personal data we may collect from you?

Accordingly, we may hold and use personal data about you as a customer, a patient, or in any other capacity, for example, when you visit one of our websites, complete a form, access our services, or speak to us.  Depending on what services you receive from us this may include sensitive personal data such as information relating to your health. With reference to the categories of personal data described in the definitions section we process the following categories of your data:

  • Information that you give us when you enquire or become a customer or patient of us or apply for a job with us including name, address, contact details (including email address and phone number)
  • The name and contact details (including phone number) of your next of kin or emergency contact details
  • Details of referrals, quotes, and other contact and correspondence we may have had with you
  • Details of services and/or treatment you have received from us or which have been received from a third party and referred to us
  • Information obtained from customer surveys, promotions, and competitions that you have entered or taken part in
  • Notes and reports about your health and any treatment and care you have received and/or need, including clinic and hospital visits and medicines administered
  • Patient feedback and treatment outcome information you provide
  • Information about complaints and incidents
  • Information you give us when you make a payment to us. We do not store any payment card details.
  • Other information received from other sources, including from your use of websites and other digital platforms we operate or the other services we provide, information from business partners, advertising networks, analytics providers, or information provided by other companies or health care providers who have obtained your permission to share information about you.
  • Where you have named someone as your next of kin or emergency contact details and provided us with personal data about that individual, it is your responsibility to ensure that that individual is aware of and accepts the terms of this Privacy Policy.

The data that we request from you may include sensitive personal data. This includes information that relates to medical conditions (which may include children’s data). By providing us with sensitive personal data, you give us your explicit consent to process this sensitive personal data for the purposes set out in this Privacy Policy.

When do we collect personal data about you?

We may collect personal data about you if you:

  • Visit one of our websites
  • Enquire about any of our services or treatments
  • Register to be a customer or patient with us or book to receive any of our services or treatments
  • Fill in a form or survey for us
  • Fill in the contact us form on our website
  • Participate in a competition or promotion or other marketing activity
  • Contact us, for example by email, telephone, or social media
  • Attend for assessment or treatment for one of our services including, sports massage, physiotherapy, sports medicine, psychology, podiatry, pilates classes, or other classes

What personal data we may receive from third parties and other sources?

 We may collect personal data about you from third parties such as:

  • If you are an employee of one of our corporate clients who has taken up one of our services, we may be passed your name, contact number, email address, and medical information in order to get in touch with you to arrange an appointment or collect further information from you;
  • We work closely with the NHS and other private hospitals and health professionals and for the continuity of your care we may request or be passed medical information possibly in the form of a referral for the purposes of your treatment; medical history including medicine history; investigation results
  • Heal Physiotherapy use the services of independent health and fitness professionals and they may need to share your personal data and medical records with Heal Physiotherapy
  • Insurance providers and Intermediary companies will pass Heal Physiotherapy personal data of patients who have commenced a claim and require medical/Physiotherapy treatment with Heal Physiotherapy. This will normally be in the form of a referral and may consist of basic details e.g. full name, date of birth, address, contact number and email address and area of pain or problems, and the type of treatment they require.

How do we use your personal data?

Your personal data will be kept confidential and secure and will, unless you agree otherwise, only be used for the purpose(s) for which it was collected and in accordance with this Privacy Policy, applicable GDPR Laws, clinical records retention periods and clinical confidentiality guidelines.

Sensitive personal data related to your health will only be disclosed to those involved with your treatment or care, or in accordance with UK laws and guidelines of our professional bodies or for the purpose of clinical audits (unless you object). Further details on how we use health related personal data are given below.  We will only use your sensitive personal data for the purposes for which you have given us your explicit consent to use it.  Please note that, although we have set out the purposes for which we may use your personal data below, we will not use your sensitive personal data for those purposes unless you have given us your explicit consent to do so.

4. Sharing your personal data

In the usual course of our business, we may disclose your personal data (to the extent necessary) to certain third-party organisations that we use to support the delivery of our services. Sensitive personal data (including information relating to your health) will only be disclosed to third parties in accordance with this Privacy Policy. That includes third parties involved with your treatment or care, or in accordance with UK laws and guidelines of appropriate professional bodies.

This may include the following:

  • Associated health and fitness professionals, NHS, for the performance of any contract we enter into with you. We will also discuss this with you prior to liaising with other health professionals. Discus
  • Organisations providing IT systems support and hosting in relation to the IT systems on which your information is stored,
  • Any person or organisation who may be responsible for meeting your treatment expenses or their agents.
  • External service providers and regulatory bodies (unless you object) for the purpose of clinical audit to ensure the highest standards of care and record keeping are maintained.
  • Third-party debt collectors for the purposes of debt collection,
  • Third-party service providers for the purposes of the storage of information and confidential destruction, third-party marketing companies for the purpose of sending marketing emails, subject to obtaining appropriate consent.

Where a third party data processor is used, we ensure that they operate under contractual restrictions with regard to confidentiality and security, in addition to their obligations under Data Protection Laws.

We may also disclose your personal data to third parties in the event that we sell or buy any business or assets or where we are required by law to do so.

Medical professionals working with us:  We share clinical information about you with our medical professionals as we think necessary for your treatment.  Medical professionals working with us might be our employees, or they might be independent consultants in private practice or NHS health professionals.  In the case of independent consultants, the consultant is the data controller of your personal data, either alone or jointly with us and will be required to maintain their own records in accordance with Data Protection and GDPR Laws and applicable clinical confidential guidelines and retention periods.  Where that is the case, we may refer you to that consultant to exercise your rights over your data.  Our contracts with consultants require them to cooperate with those requests.  In all circumstances, those individual consultants will only process your personal data for the purposes set out in this Privacy Policy or as otherwise notified to you.

External practitioners: If we refer you externally for treatment, we will share with the person or organisation that we refer you to, the clinical and administrative information we consider necessary for that referral.  It will always be clear when we do this and you will be asked for verbal consent in those circumstances.

Your GP:  If the practitioners treating you believe it to be clinically advisable, we may also share information about your treatment with your GP.  You can ask us not to do this, in which case we will respect that request if we are legally permitted to do so, but you should be aware that it can be potentially very dangerous and/or detrimental to your health to deny your GP full information about your medical history.

Your insurer:  We share with your medical insurer information about your treatment, its clinical necessity, and its cost, only if they are paying for all or part of your treatment with us.  We provide only the information to which they are entitled. If you raise a complaint or a claim we may be required to share personal data with your medical insurer for the purposes of investigating any complaint/claim.  In some circumstances, you may be asked to complete consent forms for this purpose.

The NHS:  If you are referred to us for treatment by the NHS, we will share the details of your treatment with the part of the NHS that referred you to us, as necessary to perform, process, and report back on that treatment.

Medical regulators:  We may be requested – and in some cases can be required - to share certain information (including personal data and sensitive personal data) about you and your care with medical regulators such as the Chartered Society of Physiotherapists, for example, if you make a complaint, or the conduct of a medical professional involved in your treatment is alleged to have fallen below the appropriate standards and the regulator wishes to investigate.  We will ensure that we do so within the framework of the law and with due respect for your privacy. 

From time to time we may also make information available on the basis of necessity for the provision of healthcare but subject always to patient confidentiality. 

In an emergency and if you are incapacitated, we may also process your personal data (including sensitive personal data) or make personal data available to third parties on the basis of protecting your ‘vital interest’ (i.e. your life or your health).

We will use your personal data in order to monitor the outcome of your treatment by us and any treatment associated with your care, including any NHS treatment.

We sometimes participate in national audits and initiatives to help ensure that patients are getting the best possible outcomes from their treatment and care.  The highest standards of confidentiality will be applied to your personal data in accordance with Data Protection Laws and confidentiality. Any publishing of this data will be in anonymised, statistical form. Anonymous or aggregated data may be used by us, or disclosed to others, for research or statistical purposes.

We are also asked by Insurers or Intermediary companies to provide them with statistics for example, about the average number of treatments or outcome measures or patient satisfaction survey data.  This information has no identifying subject data attached to it and all information is anonymised.

5. How long do we keep your personal data?

Any personal data you provide will be held for as long as is necessary having regard to the purpose for which it was collected and in accordance with all applicable UK laws. We will retain your medical notes and contact details indefinitely for the purposes of any possible litigation or legal claims/complaints and to maintain our financial history and records accurately.

The security of your personal data

We protect all personal data we hold about you by ensuring that we have appropriate organisational and technical security measures in place to prevent unauthorised access or unlawful processing of personal data and to prevent personal data from being lost, destroyed, or damaged. We conduct assessments to ensure the ongoing security of our information systems. 

All information you provide to us is stored securely.

The transmission of information via the internet cannot be guaranteed as completely secure.  However, we ensure that any information transferred via our websites is via an encrypted connection. Once we have received your information, we will use strict procedures and security features for prevention of unauthorised access. 

At your request, we may occasionally transfer personal information to you via email, or you may choose to transfer information to us via email.  Email is not a secure method of information transmission; if you choose to send or receive such information via email, you do so at your own risk.

6. Providing us with your personal data

You are under no statutory or contractual requirement or obligation to provide us with your personal data. But failure to do so will mean that we are unable to enter a contract with you as we are not able to comply with Chartered Society of Physiotherapy guidelines.  Other health professionals will likewise be unable to get an accurate history and therefore will be unable to provide their services with your health and safety in mind.

7. Your rights and your personal data

Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:

  • The right to request a copy of the personal data which we hold about you;
  • The right to request that we correct any personal data if it is found to be inaccurate or out of date;
  • The right to request your personal data is erased where it is no longer necessary to retain such data;
  • The right to withdraw your consent to the processing at any time, where consent was your lawful basis for processing the data;
  • The right to request that we provide you with your personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), (where applicable i.e. where the processing is based on consent or is necessary for the performance of a contract with the data subject and where the data controller processes the data by automated means);
  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
  • The right to object to the processing of personal data, (where applicable i.e. where processing is based on legitimate interests (or the performance of a task in the public interest/exercise of official authority); direct marketing and processing for the purposes of scientific/historical research and statistics).

8. Transfer of Data Abroad

Personal data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA"). For example, we do work with Inspire IT Services Ltd as a data processor and they have part of their team outside the EEA but as per ICO GDPR guidelines they have a model clause in place to give strict guidance on how the data is used. similar marketing provider.  It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Where we transfer your personal data outside the EEA, we will ensure that there are adequate protections in place for your rights, in accordance with Data Protection Laws. By submitting your personal data, and in providing any personal data to us, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your information is treated securely and in accordance with this Privacy Policy.

9. Automated Decision Making

WE DO NOT USE ANY FORM OF AUTOMATED DECISION MAKING IN OUR BUSINESS.

10. Further processing

If we wish to use your personal data for a new purpose, not covered by this Data Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions.

11. Changes to our privacy policy

Any changes we may make to our privacy policy in the future will be posted on our website and will be available within the clinic and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy policy.

12. How to make a complaint

To exercise all relevant rights, queries or complaints please in the first instance contact our Clinic Manager, by emailing us at accounts@healphysiotherapy.co.uk or write to the Data Protection Officer at: Practice Manager, Heal, 14 Dudhope Street, Dundee DD1 1JU.

Please access our complaints policy on our website www.healphysiotherapy.co.uk or you can contact our clinic manager on the above details for a copy of our complaints policy and procedure.

If this does not resolve your complaint to your satisfaction, you have the right to lodge a complaint with the Information Commissioners Office on 03031231113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, England.

Cookies

What are Cookies? Cookies are text files containing small amounts of information, often including a unique identifier, which are downloaded to your computer when you visit a website - if your browser preferences allow it.  Cookies are then accessed by the originating website on each subsequent visit.  Cookies are useful because they allow a website to recognise a user’s computer.

How are cookies used on our website? The cookies we use are there to allow you to perform the services you require and to assist us in providing a better website for our users.  We do not use cookies to store information that identifies you as an individual.  Details on cookies used are provided below.  We encourage you to accept the cookies we serve.  However, if you wish to restrict or block the cookies which are set by our or any other website, you can do this through your browser settings.  Please see the ‘How to control and delete cookies’ section for more information.

Google Analytics  We use Google Analytics cookies to hold information about your visit to our site.  This helps us better identify the use and popularity of our services and how successfully the website is functioning. If you do not wish us to do this, you can opt out of the Analytics service by installing an add-on for your browser.  This can be found at http://tools.google.com/dlpage/gaoptout.  Alternatively, you can delete/restrict the cookies as for any other cookie - see ‘How to control and delete cookies’ for more information.

Types of cookies  Session cookies are created temporarily when a user visits a website.  Once the user leaves the site/closes the browser, the session cookie is deleted.  A persistent cookie file remains on the user’s computer and is re-activated when the user visits the website that created that particular cookie. These cookies expire after a certain period (set in the file) or can be removed manually.

Classification of cookies  The cookies on this website have additionally been categorised based on the categories found in the International Chamber of Commerce (ICC) UK Cookie Guide: 

Strictly necessary cookies

These cookies are essential in order to enable you to move around the website and use its features, such as accessing secure areas of the website.

Performance cookies

These cookies collect information about how visitors use a website, for instance which pages visitors go to most often, and if they get error messages from web pages. These cookies don’t collect information that identify a visitor. All information these cookies collect is aggregated and therefore anonymous.

Functionality cookies

These cookies allow the website to remember choices you make [such as your username, language or the region you are in] and provide enhanced, more personal features. For instance, a website may be able to provide you with local weather reports or traffic news by storing in a cookie the region in which you are currently located. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages you can customise. They may also be used to provide services you have asked for such as watching videos or commenting on a blog. The information these cookies collect may be anonymised and they cannot track your browsing activity on other websites.

Targeting/advertising cookies

These cookies are used to deliver adverts more relevant to you and your interests. They are also used to limit the number of time you see an advertisement as well as help measure the effectiveness of the advertising campaign.

Cookies used on our website

PHPSESSID:  This cookie is part of the scripting language that runs our site and allows information to be passed between pages as you navigate through the site. For instance, should you use the online booking enquiry form, if you need to go back and correct any information on the form, this cookie helps by ensuring you don't have to type in all the information again. This cookie does not store any personally identifiable information and is deleted when you close your browser.
Cookie Classification: Strictly necessary cookie
Cookie Behaviour: Session cookie - disappears when the user closes the browser.

_gid:  Used to distinguish users in Google Analytics.
Cookie Classification: Performance cookie
Cookie Behaviour: 24 hours    

_ga:  Used to distinguish users in Google Analytics.
Cookie Classification: Performance cookie
Cookie Behaviour: 2 years

_atuvs:  This is a 3rd party cookie persistent cookie that is created and read by the Add This social sharing site in order to make sure you see the updated count if you share a page and return to it before our share count cache is updated.
Cookie Classification: Performance cookie
Cookie Behaviour: 2 years

_atuvc:  This is a 3rd party cookie persistent cookie that is created and read by the Add This social sharing site in order to make sure you see the updated count if you share a page and return to it before our share count cache is updated.
Cookie Classification: Performance cookie
Cookie Behaviour: 2 years

HPCookieConfirmed:  We ask a question about if you’re happy for us to use cookies on our site.  This cookie stores your answer to that question so that we don’t have to keep asking you it every time you visit.
Cookie Classification: Strictly necessary cookie
Cookie Behaviour: Persistent, lasts for 90 days.

How to control and delete cookies

You can manage cookie usage through your browser settings. The help function in your preferred browser should provide you with the correct information. Some browsers provide helpful cookie guides:

Alternatively, http://www.allaboutcookies.org provides advice on how to do this, and further information on cookies and how to manage them.

N.B. In the case of some mobile devices, it may be necessary to consult the device’s instruction manual to manage cookies effectively.

Request a call back