At DGL Physiotherapy and Pilates I am committed to ensuring the best standards of care and practice. This includes how I manage your personal data. You can be assured that the protection of your privacy and confidentiality is given the highest priority, with all personal information being collected, held and used in strict compliance the General Data Protection Regulations (GDPR) which comes into effect on the 28th May 2018.
As a Physiotherapist I have a legal duty to collect and process information relating to the creation of patient medical records, as well as receiving website and social media enquiries. I will ensure all personal data is collected, held and transferred (where required) in a lawful manner and in line with GDPR ‘good practice guidelines’. No data will be provided to external marketing services.
GDPR regulations allow individual ‘data subjects’ particular rights, the key ones being:
Right to be informed– of how we fairly process your data
Right to access– the data that is held on you
Right to rectification– of any data felt to be inaccurate or incomplete
Right to erasure– of your data (otherwise known as ‘right to be forgotten’)
Right to restrict processing– to ‘block’ or prevent further processing of existing data
Right to data portability– transferring data to another provider/data controller
Right to object– to processing (inc profiling), direct marketing, and certain types of research
Right to question automated decision making(eg for the purpose of profiling)
I will accommodate your wishes in line with your rights under GDPR as long as it is not contravened by any other relevant associated regulations.
Different types of data have different legal ‘retention periods’ that I abide to, such as medical records. Personal data will be held for no longer than is necessary and will be destroyed appropriately when the data retention period has expired. Equally individuals have the right to ask for their data to be destroyed or transferred elsewhere if they wish, at any time (providing no other laws prevent this from happening).
DGL Physiotherapy and Pilates does not collect any personal information from visitors to the website other than information that is knowingly or voluntarily given. Anonymous information is collected, such as the number of visitors to the website in a given period but is purely statistical and cannot be used to identify an individual user. Cookies are not used to collect any other information from visitors to the website. Visitors interested in requesting more information must provide contact details and the reason for their request. Visitors will not be contacted by us, unless such information is given, and contact is specifically requested.
DGL Physiotherapy and Pilates takes appropriate measures to safeguard the information held from unauthorised access or improper use. Data is stored in a secure, protected environment. The patient management system used for online bookings and data storage GDPR compliant.
Alternatively, you can raise an issue, if you feel I have in any way handled your personal data unfairly or inappropriately, with the Information Commissioners Office. Further details on GDPR and data protection laws can also be found at the ICO website.