This Privacy Policy applies to The Oxford Physiotherapy Service Limited and how we collect, process and store personal data. This policy is written in line with our adherence to General Data Protection Regulations, GDPR. By providing your personal data to us or by using our services, website or other online or digital platform(s) you are accepting or consenting to the practices as described or referred to in this Privacy Policy. The Oxford Physiotherapy Service Limited is required to process personal data relating to staff, healthcare professionals, patients and suppliers as part of its business operations – and takes all reasonable steps to do so in accordance with this policy.
How do we collect personal data
Information may be collected in person, by letter, by email, by phone, by our website or upon completing a new patient registration form. When you disclose personal information verbally, in writing or electronically, you consent to our use of the information for our services.
What data do we collect
Personal identifiable information is collected to enable us to provide our service to you. Personal information may include name, date of birth, address, contact numbers, email address, enquiry source, insurance details, emergency contact and medical information. Where you have named someone as your next of kin and provided us with their personal data, it is your responsibility to ensure that that individual is aware of and accepts the terms of this Privacy Policy. Personal data is collected from our website if provided by yourself, for example, when completing the online enquiry form and/or e-newsletter sign-up form. We use Google Analytics to analyse and monitor our website, including but not limited to traffic data, location data and communication data. This information is used to create reports about our website; this data will not identify you personally.
Who can access the data
Only those who need to have access to your data to fulfill either a required administrative function or to provide a service to you. The personal data that they have access to is limited to that which they need to fulfill their roles. This may include administration staff, physiotherapists, class instructors and other healthcare professionals. We only share information with third parties at your request or where required by law.
Why we process personal data
The personal data we collect, process and store are required for us to provide our services, and as such is required to comply with legal HCPC (Health Care Professional Council) and CSP (Chartered Society of Physiotherapy) regulations for the documentation of medical records. Our reasons for the collecting, processing and storing personal data are:
- To provide and fulfill Services between yourself and The Oxford Physiotherapy Service
- To refer you onto a GP or Consultant, where you have given your consent
- To notify you about changes to our Service and general customer support
- To gather analysis or valuable information so that we can improve our Service
- To monitor the usage of our Service
- To detect, prevent and address technical issues
- To provide you with news, special offers and general information about services we offer that are similar to those that you have already purchased or enquired about, unless you have opted not to receive such information.
Where is your data stored
We store all data on IT systems, backed up securely off-site with appropriate technical and organisational security measures in place. All computers and IT systems are protected by password and anti-virus software. We use two main Software Management Systems; namely TM3 and Mindbody. Personal data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for one of our suppliers. Where we transfer your personal data outside the EEA, we will ensure that there are adequate protections in place for your rights, in accordance with Data Protection Laws. By submitting your personal data, and in providing any personal data to us, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your information is treated securely and in accordance with this Privacy Policy.
We have internal policies and security features in place to protect data and help prevent any unauthorised access. The transmission of information via the internet and email is not completely secure and we cannot guarantee the security of data whilst you are transmitting it via our website or by email, and such transmission is at your own risk.
How long do we store your data for
The standard retention period for medical records is 8 years, as per the CSP guidelines, however we will hold your personal data for as long as is necessary for the purposes set out in this Privacy Policy.
Accessing and updating your personal data
You have the right to stop receiving marketing communication and you have the right to have the personal data we hold about you corrected if it is factually inaccurate. If any of your personal data has changed, especially contact information such as: email address, postal address and phone number please get in touch via info@tops.health or 01865 311686.
This privacy policy is subject to change. Please check regularly for updates to this policy to be informed of how we are protecting your personal data.