GENERAL DATA PROTECTION REGULATION (2018)
General Data protection REGULATION (2018)
Pro-Physio Health complies with data protection legislation
General Data Protection Regulation (GDPR) 2018
The steps we’re taking in preparation for the General Data Protection Regulation (GDPR), which comes into effect on 25 May 2018, and what it means for you. Please see our six privacy principles on our website for further information.
Our Goal is to safeguard the privacy, confidentiality, integrity, availability and quality of the information we manage. Pro-Physio Health is committed to ensuring that your privacy is protected. Any information that we hold on you will only be used in accordance with this privacy statement.
We may update this policy and you should check this page from time to time to ensure that you are happy with any changes. This policy is effective from 20/05/2018.
Use of your personal information:
We do not store credit card details nor do we share customer details with any 3rd parties without your written consent (See section below on personal data sharing). Pro-Physio Health may use your personal information to contact you from time to time with information or offers that we feel may be of interest to you. Should you not wish to receive this information then please either use the facility provided within the communication to unsubscribe or contact us at firstname.lastname@example.org.
We will not sell, distribute or lease your personal information to third parties unless we have your permission and/or written consent as required by law to do so.
You may request details of personal information which we hold about you, including a copy of any clinical notes which you are entitled to under the Data Protection Act 1998. A fee will be payable for this service. If you would like a copy of the information held on you please write to Pro-Physio Health Ltd, Fairlands Medical Centre, Fairlands Avenue, Guildford, GU3 3NA stating what information you require.
If you believe that any information we are holding on you is incorrect, incomplete and requires amendments please write to or email us as soon as possible at the above address. We will promptly correct any information found to be incorrect.
Who we Share your personal data with:
Pro-Physio Health may share your information (with your written consent) with these organisations or 3rd parties:
• GP’s at your registered practice
• Surgical Consultants
• Insurance Companies – BUPA, AXA-PPP, AVIVA, WPA, VITALITY, NUFFIELD HEALTH
• Medico-legal companies who are dealing with your personal injury claim – 3D Rehabilitation and Physiomed
• Solicitors – Request for medical records. Any request for Physiotherapy notes would have been consented by yourself beforehand with the Solicitors.
• Legal Guardian for infants (under 16’s) –written request for Physiotherapy notes with a release fee of £50.00
We may collect the following information:
• Name, date of birth, address, GP details
• Other contact information including email address
• Demographic information such as postcode, preferences and interests
• Other information relevant to customer surveys and/or offers
• Medical information at your initial assessment / treatments
We require this information to understand your needs and provide you with a better service, and in particular for the following reasons:
• Internal record keeping
• .We may use the information to improve our products and services.
• We may periodically send promotional emails about new products, special offers or other information which we think you may find interesting using the email address which you have provided.
• From time to time, we may also use your information to contact you for market research purposes. We may contact you by email, phone or mail. We may use the information to customise the website according to your interests.
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online. Ensuring complete information security throughout an organisation is a board-level priority in every industry and particularly the health sector. However, this not only includes network defence against cyber-attacks and hacking but also making sure it is protected when shared internally and with third parties and supply chain. All our emails including sensitive personal data will be encrypted using Egress.
Egress provides encryption software to protect and control the data shared within and across multiple industries including private healthcare providers, defence contractors and utility companies. Egress Switch encryption services provide easy-to-use data protection, so staff can focus on delivering the highest standard of care. Egress;
• Enables healthcare professionals to securely share and collaborate on sensitive information
• Can send electronic patient information and files securely by encrypted email
• Complies with information security standards, including the NHS information governance mandate, the Data Protection Act and the upcoming EU GDPR
• Is a simplified and intuitive user experience reducing the burden on staff and the risk posed to sensitive data in both private healthcare
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
GDPR (2018) Can be split into six privacy principles:
1. Lawfulness, fairness and in a transparent manner in relation to individuals
Transparency: Tell the subject what data processing will be done.
Fair: What is processed must match up with how it has been described
Lawful: Processing must meet the tests described in GDPR [article 5, clause 1(a)]
2. Purpose Limitations
Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes. Personal Data can only be used for a specific processing purpose that the subject has been made aware of and no other, without further consent
3. Purpose Limitations
Data collected on a subject should be “adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed”.[article 5, clause 1(c)] i.e. No more than the minimum amount of data should be kept for specific processing.
Data must be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay. Baselining ensures good protection and protection against identity theft. Data holders should build rectification processes into data management / archiving activities for subject data. [article 5, clause 1(d)]
5. Storage Limitations
kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals [article 5, clause 1(e)]
6. Integrity and Confidentiality
Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures. [article 5, clause 1(f)]