PRIVACY POLICY
GDPR: 25 May 2018

Melton Mowbray PhysioPlus is committed to protecting your personal information and will endeavor to comply fully with the Data Protection law in force in the UK and the legislations as set out by the EU General Data Protection Regulation (GDPR).
This privacy policy relates to our use of your personal information collected from either in person, via our online booking system or information you give us by letter, email, SMS or over the telephone and the processing, storage and disclosure of your personal data.

‘Personal information’ means any information that is capable of identifying you.
‘Sensitive data’ or special category data refers to additional information that we collect regarding your health.
‘We” or “us” means Melton Mowbray PhysioPlus.

We collect and process data because we have a legal obligation to do so, to ensure that it is relevant to your care and is limited to what is necessary to provide optimum care.

What information will be used
We collect and process information when you contact the clinic by telephone, SMS, email, via our website or through Social Media as well as when you access the online booking system PRONTO via the website. 
In addition we need to collect and process personal data if you have been referred to us from your Insurance providers or Intermediary company.
The following categories of data will be recorded:
Your name
Gender
Your date of birth
Contact information, which include contact telephone number and Email address
If you use the online booking system Pronto – managed by BlueZinc IT they process additional data that is governed by their data protection policy
https://www.pronto-network.com/terms/#privacy

Only on becoming a patient of the clinic, we require further information to optimise treatment and this will include sensitive data.
Medical information
Work and social life
Demographic information
Assessment and treatment details
This information is currently recorded on paper and securely stored within the clinic.

All financial transactions through debit or credit card are currently managed through PayPal.
https://www.paypal.com/en/webapps/mpp/ua/privacy-full

How will the information be used
To ensure a legal record of any treatment or advice provided
To ensure continuity of care
To contact you in regards to your on-going treatment 
We may use your data for audit purposes
We may use your data for quality feedback
We may use your data to notify you about changes to our service
We may notify you of new products and services that will be of benefit to you.
We do not pass on your information for commercial purposes.
On visiting www.meltonmowbrayphysioplus.co.uk, Google analytics process data on behalf of the clinic to monitor activity and give monthly feedback. 


Who do we share your data with
We only share your personal date with explicit consent with other medical professionals involved in your care or potentially might be involved. This communication is mainly done by letter. If the information is passed on electronically by email, it will be password protected and all reasonable precautions will be done to transmit the information securely.
We need to communicate with Health Providers or Intermediary companies regarding treatment and payment. We only provide the information to which they are entitled and if they are paying in full or towards the treatment.
In the case of a complaint against us, we would need to share your personal data with our Medical regulator; Health Professions Council and the Chartered Society of Physiotherapy.
We need to share data with our data processor (BlueZinc – TM3) if the need occur to rectify any technology problems.
Third party service providers for the confidential destruction of information. Where a third party data processor is used, we ensure that they operate under contractual restrictions with regard to confidentiality and security, in addition to their obligations under the Data Protection Laws.
External service providers and regulatory bodies (unless you object) for the purpose of clinical audit to ensure the highest standard of care and record keeping are maintained.
In some instances we may be asked to make information available on the basis of necessity for the provision of healthcare in an emergency and on the basis of protecting your ‘vital interest’ (i.e. your life or your health.

How we store your data?
The security of your personal information is paramount to us and we will take all reasonable precautions to keep your information safe. All computers, mobile phones are password protected and regular updates are monitored to ensure the latest security measures is in place to prevent unauthorized access or unlawful processing of personal data to prevent data being lost, destroyed or damaged.
Our Patient data is stored within TM3 (Blue Zinc Ltd) based online, hosted system. This is secure and encrypted and governed by their data protection policy
(https://www.tm3practicemanagement.com/information/policy/)
Clinical notes are currently held as a paper record and securely locked away.
At your request, we may occasionally transfer personal information to you via email, or you may choose to transfer information to us. Data transmitted via the internet or email cannot be 100% secure and you therefore do so at your own risk.


The period for which we will keep your information
We have a legal obligation to retain records for 8 years after conclusion of treatment. If the record relates to a child or young person, the records must be kept until the patient’s 25thbirthday.
We will retain your medical notes and contact details for the purpose of any possible litigation or legal claims/complaints and to maintain our financial history and records accurately.

Your choices and rights
Unless subject to an exemption under GDPR, you have the following rights in relation to how we process your personal data:
The right not to receive any communication by SMS or email about general information about the clinic.
The right to contact us to ask that we update, complete or correct your information.
The right to contact us to ask to have your personal data deleted from our records.
The right to request a copy of your personal data and medical notes. This will be dealt with as a Subject Access Request. To enable access to your personal file and any data held by us, a written request needs to be made to Melton Mowbray PhysioPlus, 12A Asfordby Road, Melton Mowbray, LE13 0HR or meltonmowbrayphysioplus@gmail.co.uk

Data breaches
Should your personal data that we hold be lost, stolen or otherwise breached, where this constitutes a high risk to your rights and freedom, we will contact you without delay. 

Should you wish to complain about the way we are processing your data you can contact
the ICO https://ico.org.uk/make-a-complaint/

Melton Mowbray PhysioPlus  reserves the right to change this Privacy Policy as we may deem necessary or as may be required by law. Any changes we make will be notified in the clinic, social media and by email.

Any questions regarding this privacy policy should be addressed to:

Jonette Liebenberg
Melton Mowbray PhysioPlus (Data Controller)
12A Asfordby Road
Melton Mowbray
LE13 0HR