This notice is effective from 8th May 2018.
1. This privacy notice applies to the processing of patient information by Enable Physio and we take your privacy seriously. This notice covers the collection, processing and other use of personal data under the General Data Protection Regulation (GDPR) (EU) 2016/679.
2. For the purpose of the GDPR, Enable Physio is the data controller and any enquiry regarding the collection or processing of your data should be addressed to Catherine Hall at our contact address: 34 Bateman Road, Croxley Green, Rickmansworth, Hertfordshire, WD3 3BL.
3. By using our services you agree to this Privacy Notice. We are registered with the Information Commissioner’s Office for this purpose.
Information we collect
4. We will collect personal data during registration and treatment if it is directly provided to us by you, the patient, e.g. your e-mail address, name, home or work address and telephone number.
5. In addition, due to the nature of the service provided, we will also collect special categories of personal data, such a medical records/information regarding your health.
6. Normally you will only provide such information if you wish to receive treatment from us.
7. Your payment information (e.g. credit card details) provided when you make a purchase from us is not received or stored by us. That information is processed securely and privately by the third party payment processors that we use. Enable Physio will not have access to that information at any time. We may share your personal data with our payment processors, but only for the purpose of completing the relevant payment transaction. Such payment processors are banned from using your personal data, except to provide these necessary payment services to us, and they are required to maintain the confidentiality of your personal data and payment information.
Use of your information
8. We will hold and process personal data that you provide to us in accordance with the GDPR.
9. The information that we collect and store relating to you is primarily used to enable us to provide our services to you, and to meet our contractual commitments to you. In addition, we may use the information for the following purposes:
9.1. To notify you about any changes, such as improvements or service/product changes, that may affect our service;
9.2. Where you have agreed to the use of your contact details for marketing purposes, from time to time to provide that to you.
Disclosure of your information
10. We may disclose your information to regulatory bodies to enable us to comply with the law and to assist fraud protection and minimise credit risk.
11. If you have agreed that Enable Physio can contact your doctor, from time to time to complete such activities.
Controlling the use of your data
12. If you have given us agreement to use your data for a particular purpose you can revoke or vary that agreement at any time. If you do not want us to use your data or want to vary the agreement that you have provided you can write to us at the address detailed in clause 2 or email us at email@example.com at any time.
Where we store and transfer your data
13. As part of the services offered to you, for example through our Website or personal information stored on our patient database, the information you provide to us may be transferred to and stored in countries outside of the European Economic Area (EEA) as we use remote website server hosts to provide the website and some aspects of our service, which may be based outside of the EEA, or use servers based outside of the EEA – this is generally the nature of data stored in “the Cloud”. It may also be processed by staff operating outside the EEA who work for one of our suppliers, e.g. our website server host, or work for us when temporarily outside of the EEA.
15. We may disclose your personal data outside of Enable Physio: (a) in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets; and (b) if Enable Physio’s business is bought by a third party, in which case personal data held by it about its customers will be one of the assets to transfer to the buyer. However any such transfer will only be on terms that the confidentiality of your personal data is protected and that the terms of this privacy notice will continue to be complied with by the recipient.
16. Otherwise, we will process, disclose or share your personal data only if required to do so by law or in the good faith belief that such action is necessary to comply with legal requirements or legal process served on us.
17. Although we will do our best to protect your personal data, the transmission of information via the Internet or email is not completely secure. We cannot therefore guarantee the security of data if you are transmitting it to us via these methods; any such transmission is at your own risk. Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorised access.
18. The GDPR gives you the right to access information held about you by us. Please write to us or contact us by email if you wish to request confirmation of what personal information we hold relating to you. You can write to us at the address detailed in clause 2, above, or by email to firstname.lastname@example.org at any time.
19. There is no charge for requesting that we provide you with details of the personal data that we hold. We will provide this information within one month of your requesting the data.
20. You have the right to change the permissions that you have given us in relation to how we may use your date. You also have the right to request that we cease using your data or that we delete all personal data records that we hold relating to you. You can exercise these rights at any time by writing to us at the address detailed in clause 2, above, or email us at email@example.com.
Changes to this policy
21. We may update this notice to reflect changes to our services and customer feedback. We will always update the publicly available version of this notice held on our website at http://www.enablephysio.co.uk/patient-privacy-notice/. Please regularly review this notice to be informed of how we are protecting your personal data.
We welcome any queries, comments or requests you may have regarding this Privacy Notice. Please do not hesitate to contact us at Enable Physio. 34 Bateman Road, Croxley Green, Rickmansworth, Hertfordshire, WD3 3BL or email us at firstname.lastname@example.org.
Copies of our previous Patient Privacy Notices can be found here.