The Healthlands (“We”) are committed to protecting and respecting your privacy. This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.

Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

For the purpose of the Data Protection Act 1998 and the General Data Protection Regulations (GDPR) 2018 the data controller and address for any correspondence is Physio Action, David Lloyd Leisure Club, Tongue Lane, Moortown, Leeds, LS6 4QW.

The Information we collect:

As a Physiotherapy & Osteopathy clinic we have a legal duty to collect and process information relating to the creation of medical records (patients) and personnel records (staff), as well as receiving enquiries (website and email) and conducting surveys. As such we will ensure all personal data is collected, held and transferred (where required) in a lawful manner and in line with GDPR ‘good practice guidelines’.

Personal information we collect may include: name; sex; date of birth; marital status; home address; contact numbers; source of referral; GP; Consultant; insurance company details; and details of your condition requiring Physiotherapy and Osteopathy.

If you make a card payment your card information is not held by us, it is collected by our third party payment processors, who specialise in the secure online capture and processing of credit / debit card transactions.

How we collect the information:

If you are a patient (or potential patient) the ways in which we collect information will be:

• Directly from you in person or over the phone;
• From a member of your family, parent, guardian or next of kin – over the phone or in person;
• From a third party acting on your behalf – for example GP or Consultant;
• From a Medical Insurance Company or Intermediary, with whom you have a relationship;
• By email or through our website enquiry form.

How your information is used:

• To provide and fulfil Physiotherapy and Osteopathy Services between you and The Healthlands, and that of your insurance provider.
• To refer you onto a Consultant or GP, where you have given your consent.
• To notify you about changes to our Physiotherapy and Osteopathy Clinics or services, including updates on any new services being offered or change of clinic details.
• To provide customer support.
• To gather analysis or valuable information so that we can improve our Health services.
• To provide you with news, special offers and general information about Services unless you have opted not to receive such information.
• We collect email addresses to support out automated appointment reminder system.

How long will the data be kept for?

Different types of data have different legal ‘retention periods’ that we abide to. Such as medical records and personnel records retention periods.

Personal data will be held for no longer than is necessary and will be destroyed appropriately when the data retention period has expired.

Equally individuals have the right to ask for their data to be destroyed or transferred elsewhere is they wish, at any time (providing no other laws prevent this from happening).

Who has access to your information?

We will not sell or rent your information to third parties.

We will not share your information with third parties for marketing purposes.

It is important that you know

When an individual discloses personal information about themselves verbally, or in writing, they consent to our use of the information for Physiotherapy purposes.

Personal information is not disclosed to any third party without obtaining your prior consent, unless we are required to do so by the referral source (as agreed between the referral source and individual being referred), or by law.

The accuracy of the information is important to us and it is your responsibility to provide us with accurate and up to date information. If you provide information for another person, you will need to tell them about our Privacy Policy and make sure they agree to us using their information for the purposes set out in it.

The rights of the individuals whose data we process (Data Subjects)

The key rights under the GDPR regulations (2018) are:

• Right to access the data that is held on you;
• Right to rectify the data if it is felt to be inaccurate or incomplete;
• Right to ask for erasure of your personal data (except against the law);
• Right to restrict processing for which the data can be used;
• Right to ask for data to be transferred to another provider;
• Right to object to the processing of personal data and direct marketing;
• Right not to be evaluated on the basis of automated processing – for the purpose of profiling.

We will accommodate your wishes in line with your rights under GDPR as long as it is not contravened by any other relevant associated regulations.

Information collected through our website

We do not collect any personal information from visitors to our website other than information this is knowingly or voluntarily given.

Anonymous information is collected, such as the number of visitors to the website in a given period but is purely statistical and cannot be used to identify an individual user.

Cookies are not used to collect any other information from visitors to the website. Visitors interested in requesting more information must provide contact details and the reason for their request. Visitors will not be contacted by us, unless such information is given, and contact is specifically requested.

Third Party Disclosure

We will never pass any personal information to any third party outside of Physio Action without your consent, (unless they are commissioned for data processing activities where we remain the ‘data controller’).

Data Security

We take appropriate measures to safeguard the information we hold from unauthorised access or improper use. Our data is stored in a secure, protected environment. Only users authorised by us have access to this data.