Ed Gilding Physiotherapy is committed to protecting and respecting your privacy.
We understand that your personal data is entrusted to us and appreciate the importance of protecting and respecting your privacy. To this end we comply with GDPR 2018 law.
Please read the following carefully to understand how we process your personal data. By providing your personal data to us or by using our services, you are consenting to the practices as described or referred to in this Privacy Notice.
For the purpose of GDPR, the data controller is Ed Gilding Physiotherapy.
What personal data may we collect from you?
When we refer to personal data in this policy, we mean information that can or has the potential to identify you as an individual. Accordingly, we may hold and use personal data about you as a customer, a patient or in any other capacity, for example when you complete a form, access our services or speak to us. Depending on what services you receive from us this may include sensitive personal data such as information relating to your health. We have a legal duty to process your clinical data to help us provide safe and effective treatment and to protect both parties in the event of legal action. We also process data for legitimate purposes e.g. to send text appointment confirmation, billing etc.
Personal data we collect from you may include the following:
• information that you give us when you become a customer or patient of ours such as name, address, contact details (including email address and phone number).
• details of referrals, quotes and other contact and correspondence we may have had with you
• details of services and/or treatment you have received from us or which have been received from a third party and referred on to us.
• information obtained from customer surveys.
• notes and reports about your health and any treatment and care you have received and/or need, including about clinic and hospital visits and medicines administered.
• patient feedback and treatment outcome information you provide.
• information about complaints and incidents.
• information you give us when you make a payment to us, such as financial or credit card information.
The data that we request from you may include sensitive personal data. This includes information that relates to the mental or physical health or racial or ethnic origin (which may include children’s data).
By providing us with sensitive personal data, you give us your explicit consent to process this sensitive personal data for the purposes set out in this Privacy Notice.
When do we collect personal data about you?
We may collect personal data about you if you:
• visit one of our websites.
• register to be a customer or patient with us or book to receive any of our services or treatments.
• fill in a form or survey for us.
• contact us, for example by email, telephone or social media.
What personal data we may receive from third parties and other sources?
We may collect personal data about you from third parties:
• When we carry out work on behalf of the NHS, for the continuity of your care, we may be passed medical information usually in the form of a referral for the purposes of your treatment.
• Insurance providers will pass us personal data of patients who have commenced a claim and require medical treatment. This will normally be in the form of a referral and may consist of basic details e.g. full name, date of birth, address, contact number and email address and the type of treatment they require.
How do we use your personal data?
Sensitive personal data related to your health will only be disclosed to those involved with your treatment or care, or in accordance with UK laws and guidelines of professional bodies, or for clinical audits. Further details on how we use health related personal data are given below. We will only use your sensitive personal data for the purposes for which you have given us your explicit consent to use it. Please note that, although we have set out the purposes for which we may use your personal data below, we will not use your sensitive personal data for those purposes unless you have given us your explicit consent to do so.
We may use your personal data to:
• enable us to carry out our obligations to you arising from any contract entered into between you and us including relating to the provision by us of services or treatments to you and related matter such as, billing, accounting and audit, credit or other payment card verification and anti-fraud screening
• provide you with information, products or services that you request from us.
• provide you with information about products or services we offer that we feel may interest you. Unless you have consented to receive marketing communications by electronic means from us, by ticking the relevant box on the form on which we collect your data, we will only contact you by electronic means (e-mail or SMS) with information about products and services similar to those which you previously purchased or enquired about from us.
• notify you about changes to our products or services.
• check the accuracy of information about you and the quality of your treatment or care, including auditing medical and billing information for insurance claims as well as part of any claims or litigation process.
• support your doctor, nurse or other healthcare professional.
• assess the quality and/or type of care you have received (including giving you the opportunity to complete customer satisfaction surveys) and any concerns or complaints you may raise, so that these can be properly investigated.
• to conduct and analyse market research.
No automated decisions are made regarding your data.
The security of your personal data.
We protect all personal data we hold about you by ensuring that we have appropriate organisational and technical security measures in place to prevent unauthorized access or unlawful processing of personal data and to prevent personal data being lost, destroyed or damaged.
Any personal data you provide will be held for as long as is necessary having regard to the purpose for which it was collected and in accordance with all applicable UK laws. We have a legal duty to keep clinical records.
All information you provide to us is stored securely.
We may occasionally transfer personal information to you via email, or you may choose to transfer information to us via email. Email is not a secure method of information transmission; if you choose to send or receive such information via email, you do so at your own risk.
Where applicable, it may be disclosed to any person or organisation who may be responsible for meeting your treatment expenses or their agents. It may also be provided to external service providers and regulatory bodies (unless you object) for the purpose of clinical audit to ensure the highest standards of care and record keeping are maintained.
External practitioners: If we refer you externally for treatment, we will share with the person or organisation that we refer you to, the clinical and administrative information we consider necessary for that referral. It will always be clear when we do this.
Your GP: If the practitioners treating you believe it to be clinically advisable, we may also share information about your treatment with your GP. You can ask us not to do this, in which case we will respect that request if we are legally permitted to do so, but you should be aware that it can be potentially very dangerous and/or detrimental to your health to deny your GP full information about your medical history, and we strongly advise against it.
Your insurer: We share with your medical insurer information about your treatment, its clinical necessity and its cost, only if they are paying for all or part of your treatment with us. We provide only the information to which they are entitled. If you raise a complaint or a claim we may be required to share personal data with your medical insurer for the purposes of investigating any complaint/claim.
The NHS: If you are referred to us for treatment by the NHS, we may share the details of your treatment with the part of the NHS that referred you to us, as necessary to perform, process and report back on that treatment.
Medical regulators: We may be requested – and in some cases can be required – to share certain information (including personal data and sensitive personal data) about you and your care with medical regulators such as the Health Care Professions Council, for example if you make a complaint, or the conduct of a medical professional involved in your treatment is alleged to have fallen below the appropriate standards and the regulator wishes to investigate. We will ensure that we do so within the framework of the law and with due respect for your privacy.
In an emergency and if you are incapacitated, we may also process your personal data (including sensitive personal data) or make personal data available to third parties on the basis of protecting your ‘vital interest’ (i.e. your life or your health).
We will use your personal data in order to monitor the outcome of your treatment by us and any treatment associated with your care, including any NHS treatment.
You have the right to ask us not to process your information in this way at any time. If you no longer wish to receive marketing information please e-mail firstname.lastname@example.org
Your data protection rights.
Under data protection law, you have rights including:
Your right of access - You have the right to ask us for copies of your personal information.
Your right to rectification - You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing - You have the right to ask us to restrict the processing of your information in certain circumstances.
Your right to object to processing - You have the the right to object to the processing of your personal data in certain circumstances.
Your right to data portability - You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Please contact us at email@example.com, 07789 766478, 24 Bloomfield Park Road, Timsbury, Bath, BA2 0LR. if you wish to make a request.
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Helpline number: 0303 123 1113
Date last reviewed: