Updated from May 2018, this policy covers the collection, processing and other use of personal data under the Data Protection Act 1998 (“DPA”) and the General Data Protection Regulations (“GDPR”). We are registered with the Information Commissioner’s Office.
By using our service, you consent to this policy
Any enquiry regarding the collection or processing of your data should be emailed to info@actionharpendenphysio.co.uk or addressed to Mrs Tambu Masaya-Harkema, of 5 Lyndhurst Close, Harpenden, AL5 5RL.
This statement covers the services provided by the Action Harpenden Physiotherapy.
The purpose of this statement is to inform users of the Action Harpenden Physiotherapy about what information is collected about them when they visit this site, how this information is used, if it is disclosed and the ways in which we protect users’ privacy.
Information we collect
· In clinic, we collect and retain your medical records, and your contact details so that your records are identifiable. We use TM2 software to store our data. Point 10 in the TM2 Software License link refers to data protection TM2 Terms
· On our website, we also use analytical and statistical tools that monitor details of your visits to our website and the resources that you access, including, but not limited to, traffic data, location data, weblogs and other communication data (but this data will not identify you personally).
· Your payment information (e.g. credit card details) provided when you make a purchase from us is not received or stored by us. That information is processed securely and privately by the third party payment processors that we use. The Action Harpenden Physiotherapy Clinic will not have access to that information at any time. We may share your personal data with our payment processors, but only for the purpose of completing the relevant payment transaction. Such payment processors are banned from using your personal data, except to provide these necessary payment services to us, and they are required to maintain the confidentiality of your personal data and payment information.
What we do with the information we gather
We require this information to understand your needs and provide you with a better service, and in particular for the following reasons:
- We are required to keep your medical records (and retain them) in accordance with the Chartered Society of Physiotherapy guidelines, which can be found here: http://www.csp.org.uk/publications/record-keeping-guidance-0
- Internal record keeping.
- We may use the information to improve our products and services.
- We may periodically send promotional emails about new products, special offers or other information which we think you may find interesting using the email address which you have provided.
- From time to time, we may also use your information to contact you for market research purposes. We may contact you by email, phone, fax or mail. We may use the information to customise the website according to your interests.
Confidentiality and security
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
The transmission of information via the Internet or email is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of data while you are transmitting it to our site; any such transmission is at your own risk. Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorised access.
Cookies
Google Analytics
Google Analytics sets cookies to help us accurately estimate the number of visitors to the website and what content is most popular. This helps to ensure that our website is responding to your needs in the best way possible.
WordPress
This website is built using WordPress, and may contain cookies.
Email newsletter
From time to time, we may send emails which we think may be of interest to you. Each email communication you receive from us will have the option to remove your e-mail address from our list.
We use a third-party provider, MailChimp, to deliver our email newsletter. We gather statistics around email opening and clicks using industry standard technologies to help us monitor and improve our e-newsletter. For more information, please see MailChimp’s privacy notice.
Links to other websites
Our website contains links to other third party sites. Action Harpenden Physiotherapy is not responsible for the privacy practices within any of these other sites. You should be aware of this when you leave the Action Harpenden Physiotherapy website and we encourage you to read the privacy statements on other websites you visit.
Controlling your personal information
You may request details of personal information which we hold about you under the Data Protection Act 1998. A small fee will be payable. If you would like a copy of the information held on you please write to: Email: info@actionharpendenphysio.co.uk
If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible at the above address. We will promptly correct any information found to be incorrect.
You have the right to change the permissions that you have given us in relation to how we may use your data.
Where we store and transfer your data
As part of the services offered to you, the information you provide to us may be transferred to and stored in countries outside of the European Economic Area (EEA) as we use remote website server hosts to provide the website and some aspects of our service, which may be based outside of the EEA, or use servers based outside of the EEA – this is generally the nature of data stored in “the Cloud”. It may also be processed by staff operating outside the EEA who work for one of our suppliers, e.g. our website server host, or work for us when temporarily outside of the EEA.
A transfer of your personal data may happen if any of our servers are located in a country outside of the EEA or one of our service providers is located in a country outside of the EEA. If we transfer or store your personal data outside the EEA in this way, we will take steps with the aim of ensuring that your privacy rights continue to be protected, as outlined in this privacy policy and in accordance with the DPA and GDPR. If you use our service while you are outside the EEA, your personal data may be transferred outside the EEA in order to provide you with these services.
We may disclose your personal data outside of our group: (a) in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets; and (b) if the Action Harpenden Physiotherapy business is bought by a third party, in which case personal data held by it about its customers will be one of the assets to transfer to the buyer. However, any such transfer will only be on terms that the confidentiality of your personal data is protected and that the terms of this privacy policy will continue to be complied with by the recipient or you are notified of the any changes to the policy.
Otherwise, we will process, disclose or share your personal data only if required to do so by law or in the good faith belief that such action is necessary to comply with legal requirements or legal process served on us or the website.
You have the right to opt out of our processing your personal data for marketing purposes by contacting us at info@actionharpendenphysio.co.uk
Changes to this privacy policy
If this privacy policy changes in any way, we will place an updated version on this page. Regularly reviewing this page ensures that you are always aware of what information we collect, how we use it and under what circumstances, if any, we will share it with other parties.