The Physio Company takes your privacy seriously and we will only collect data that we need to provide the best treatment for you and in order to communicate with you, your doctor and other medical specialists if appropriate.
The Physio Company Lion House, 111 Hare Lane Claygate KT10 0QY are a data controller of your personal data.
We have a dedicated data protection officer (DPO). You can contact the DPO by writing to the above address, marking it for the attention of the DPO.
We collect the following information
- Contact details
- Date of birth
- Medical insurance details
- Email addresses
- GP name and address
- Medical consultant if appropriate
- General medical history and medications taken
- Letters from medical professionals and radiology reports relating to your presenting condition
- Clinical notes relating to treatment
What is the source of your personal information?
We’ll collect personal information from you directly.
What do we use your personal data for?
We use this information to understand your medical background and factors that might relate to your symptoms.
To contact your GP or a specialist.
To communicate with your private medical insurer.
We ask for your occupation to assist us in understanding your daily tasks to treat you effectively and in our corporate clinics we ask for your occupation to spot trends that can be used in prevention measures (your name will not be linked to your occupation).
To communicate with you regarding appointments and to send exercise programmes by email.
Who might we share your data with?
A specialist such as an orthopaedic consultant
Your private medical insurer
How do we store your information?
We store your information on our patient management system TM2
Any paper documents with patient data are kept securely.
How long do we keep your data for?
We keep your data for 7 years after your last appointment. This is in line with the Chartered Society of Physiotherapy regulations.
How can I obtain access to the information that you hold about me?
This information can be obtained by contacting our Data Protection Officer Maria McGlone.
Procedures are in place to detect, report and investigate any data breaches.
Requests for Record Access
Subject Access Request (SAR) can be made by or on behalf of an individual. A SAR can be made in any form (as per the Data Protection Act 1998), the response will be made within 40 days from receipt of all information and fees required to complete the request.
A SAR from a third party agent acting for the patient must be accompanied by documentation of authority to the Clinical Director with the patient’s written consent.
Requests for record correction, rectification or erasure
The General Data Protection Regulation (GDPR) includes the right for individuals to have personal data erased, inaccurate personal data rectified, or incomplete data completed. The individual can make this request verbally or in writing and the response will be made within one month from this request. In certain circumstances, a request can be refused according to the GDPR (5)(1)(d).
When a rectification or erasure of personal data is made following a request it should be clear that it has been at the patient’s request.
When information has been shared with a third party prior to being rectified or erased, this party should be informed of the changes to the information.
Sharing of personal data electronically
All emails and letters with patient details on them are encrypted.
Do you have to provide your personal information to us?
We’re unable to provide you with our services if you do not provide certain information to us. In cases where providing some personal information is optional, we’ll make this clear.