Privacy notice
- Home
- Privacy notice
WILLOW HOUSE PHYSIOTHERAPY AND PERSONAL TRAINING LTD
Willow House Physiotherapy and Personal Training Ltd (the “Company” or “Willow House Physiotherapy and Personal Training Ltd”) is committed to maintaining robust privacy protections for its users. This policy outlines how Willow House collect, use, share and safeguard information we receive from our other organisations and clients. Where possible, we will take the necessary steps to ensure that users information is safeguarded and kept in accordance with applicable laws and regulations.
If you use our services, you confirm that you have the relevant authority to enter into a legal Agreement with us whether as an individual or other legal entity.
If you do not wish to be bound by this Privacy Policy and our Terms of Use, you are advised not to use the Website.
THERAPIST’S RIGHTS
Please note:
if you don’t agree to your therapist keeping records of information about you and your treatments, or if you don’t allow them to use the information in the way they need to for treatments, the therapist may not be able to treat you.
Your therapist has to keep your records of treatment for a certain period as described above, which may mean that even if you ask them to erase any details about you, they might have to keep these details until after that period has passed
Your therapist can move their records between their computers and IT systems, as long as your details are protected from being seen by others without your permission.
About Us
The Website, www.willowhousept.com (the “Website”), is the property of Richard and Mary Simpson and by using the Website, you are agreeing to the terms contained in this policy and our Terms of Use.
Our address for services and communications is Willow House Physiotherapy and Personal Training Limited, Willow House, Tattershall Road, Billinghay, Lincolnshire LN4 4BW.
We can be contacted by email to [email protected], or telephone 01526 860740.
What information do we collect?
Your information will be used by us to enable us to provide our services to you. We act as a Data Controller (unless only processing data under a separate agreement) and undertake to protect personal and sensitive data in a manner that is consistent with the requirements of the UK data legislation and the GDPR. We will take reasonable measures to ensure the secure storage of your data. In order to give professional care, we will need to gather and retain potentially sensitive information about your health. We will only use this information for informing physiotherapy treatments and associated recommendations concerning aspects of health and wellbeing which will offer to you. As members of Professional bodies, we abide by their Codes of Practice and Ethics. The lawful basis under which we hold and use your information is our legitimate interests i.e. our requirement to retain the information in order to provide you with the best possible treatment options and advice. As we hold special category data (i.e. health-related information), the Additional Condition under which we hold and use this information is: for us to fulfil our role as health care practitioners bound under the Health and Care Professions Council standards. In order to give professional care, we will need to ask for and keep information about your health. we will only use this for informing our treatments and any advice we give as a result of your treatment. The information to be held is:
Your contact details:
Medical history and other health-related information (which we will take from you at first consultation)
Treatment details and related notes (which we will take after each consultation)
We will NOT share your information with anyone else (other than within our practice, or as required for legal process) without explaining why it is necessary, and getting your explicit consent.
We will keep your information for the following periods:
‘Claims occurring’ insurance: (records to be kept for 7 years after last treatment); The law regarding children’s records (records to be kept until the child is 25 or if 17 when treated, then 26). We will contact you using the contact preferences you give us in relation to appointment times, treatment information or information related to your health and special offers and promotions (you may unsubscribe from this at any time).
Information provided to us:
From a Data Controller: From clients https://www.worldpay.com/uk/privacy-policy
All supplied sensitive/credit card information is transmitted via Secure Socket Layer (SSL) technology and then encrypted into our payment gateway providers’ database only to be accessible by those authorised with special access rights to such systems, and are required to keep the information confidential. Individual payment details are not given to us and we do not store such data on our servers or in our systems.
Social media:
We publish our Facebook page on our website which is available for general viewing. Personal information is not collated from using social media interactions although third parties may track you. You should refer to the Privacy Policy of the social media channel concerned.
If you send us a direct message via social media, the details may be retained by us only as relevant to any ongoing contract or to further our legitimate business interests or as required for legal purposes. The third party provider (i.e. Facebook/Twitter) may also retain details in accordance with their Privacy Policy.
Phone calls:
Any data relating to phone calls, to and from us, may be recorded and retained by us. The data will be held on the basis of being for our legitimate business needs or in order to fulfil our contractual obligations if you are a client of ours.
Emails:
We retain copies of emails sent to us on our servers in the Cloud.
We may contact you by email to send you:
General (non-marketing) communications on the basis on a contractual relationship with us or where we have a legitimate business interest; email notifications where you have specifically consented to receive such; marketing communications, where specific consent has been given by you. We only act under the documented instructions of the Data Controller.
To ensure confidentiality, assist with legal compliance of the Data Controller, and respond to requests from data subjects (as instructed by the Data Controller) Make available all information necessary to demonstrate compliance
To take measures to assist the Data Controller with ensuring security of processing
To treat personal data after processing as directed by the Data Controller.
We do not give them access to any of your personal data.
We may disclose personal information if we are required to do so by law, in connection with any legal proceedings, and to establish, exercise or defend our legal rights.
Marketing:
We will only send you emails about our products and services, i.e. direct marketing, with your express consent. You have the option not to give consent and to withdraw consent at any time. You may withdraw your consent for us to contact you by contacting us at [email protected].
External links:
Users of the Willow House Physiotherapy and Personal Training Limited’s website are advised to adopt a policy of caution before clicking on any external web links. [External links are clickable text / banner / image links to other websites.] Clicking an external link will take the user away from our website. Once you leave our website or are redirected to a third-party website or application, you are no longer governed by this Privacy Policy or our website’s Terms of Use.
We cannot guarantee or verify the contents of any externally linked website and users click on external links at their own risk. Willow House and its owners cannot be held liable for any damages or implications caused by visiting any external links mentioned.
Data Retention:
We keep all personal information in accordance with our Data Retention Policy which reflects our needs to provide our services to you as contracted and also to meet legal, statutory and regulatory obligations. We will only retain data that is necessary and this will include data relating to the physiotherapy or personal training that we have provided to clients. The need to hold information is regularly reviewed and information/data will be disposed of when no longer required.
All disposal is carried out securely and records will be destroyed so that they are not retrievable.
Data Storage:
We use Blue Zinc TM3 to store records such as client notes and diary appointments. All data is password protected and encrypted. Payments are taken by using the World Pay card reader and processed via their gateway. You should refer to their privacy policy at https://www.worldpay.com/uk/privacy-policy.
We regularly carry out tests to ensure our compliance with keeping data secure.
In addition, we regularly review our procedures for secure data storage to ensure that all appropriate measures are adopted. In accordance with data protection legislation, data records are stored in a locked cabinet and electronic storage is protected by a user’s password that is individual to the user.
Any information that you supply to us may be stored and processed by servers hosting our website. Data will only be transferred outside EEA countries in accordance with the relevant data protection laws.
Data Subject Rights:
As a data processor we understand that we have an obligation under the GDPR to comply with our obligations to the following:
Subject Access Requests:
The General Data Protection Regulation (GDPR) gives individuals (‘data subjects’), the right to access personal data that is held by organisations by a subject access request (SAR). We will endeavour to respond quickly to any such requests, which legally require us to respond within one month of receiving the request and necessary information.
Right to Rectification:
Data subjects have the right to request that we amend or change personal information that we, that is inaccurate or incorrect. We will act on any request without delay as instructed by you as Data Controller.
Right to erasure:
Data subjects have the right to ask us to delete personal information from our systems without giving any reason and at any time. We will act on any request without delay as instructed by you as Data Controller.
Right to restrict processing:
Data subjects have the right to rectification or erasure of personal data certain circumstances. We will act on any request without delay as instructed by you as Data Controller
Right to data portability:
Data subjects have the right to obtain and transfer their data to different service providers. We will act on any request without delay as instructed by you as Data Controller.
Right to object:
Data subjects have the right to object to the processing of data at any time based on their particular situation. This includes objecting to profiling unless it is in the ‘public interest’ or exercised lawfully by an official authority. We will only process data where we can demonstrate lawful grounds for doing so. We will act on any request without delay as instructed by you as Data Controller.
Right not to be subject to decisions based on automated processing:
We do not use any automated processing that results in any automated decision based on a data subject’s personal information.
Data Breaches:
We will report any unlawful breach of data as required by the GDPR within 72 hours of the breach occurring, if it is considered that there is an actual, or possibility, that data within our control including the control of our data processors, has been compromised. If the breach is classified as ‘high risk’ we will notify all data subjects concerned using an appropriate means of communication. We will report any relevant breaches of date to the Information Commissioner’s Office (ICO).
Cookies Policy:
This policy explains how we will use Cookies on the Website.
About Cookies:
Cookies are small files saved to the user’s computer hard drive that track, save and store information about the user’s interactions and usage of the website. This allows the website, through its server, to provide the user with a tailored experience when navigating the website. Session Cookies may be used to validate your access to different parts of the website.
How we use Cookies:
Willow House Physiotherapy and Personal Training Ltd uses Cookies to help the Company identify and track visitors, their usage of the website, and their website access preferences. Where applicable this website uses a cookie control system allowing the user on their first visit to the website to allow or disallow the use of Cookies on their computer or device. This complies with UK legislation which requires that explicit consent is given before reading files are left, or applied, on a user’s computer or device. We do not use Cookies to collect any information that identifies you personally.
Third Party Cookies:
Cookies may be placed on your computer or device by third parties, which are outside of the control of Willow House. You should refer to the Privacy and Cookie Policies of any social media and/or channel used to link to our Website.
Consent:
If you accept the use of Cookies on this website, you consent to the processing of data about you by us and any third parties as identified above in accordance with this policy and our Privacy Policy. You have the right to withdraw your consent at any time by emailing the Data Controller at [email protected]
Disabling Cookies:
If you are uncomfortable with the use of Cookies, you can disable Cookies on your device by changing the settings in the preferences or options menu in your browser. You can set your browser to reject or block Cookies or to tell you when a website tries to put a cookie on your device. You can also delete any Cookies that are already stored on your device. However, please be aware that if you do delete and block all Cookies from our website, parts of the site my not fully function.
Further information:
Guidelines for the processing and handling of data is available from the Information Commissioner’s Office, the UK supervisory authority on data protection, see ico.org.uk.
Information is also available at www.ec.europa.eu/ipg/basics/legal/Cookies/index_en.html.
Important Information:
Questions and queries:
If you have any concerns about how we handle data, you can contact the Data Controller by writing to us at Willow House Physiotherapy and Personal Training Limited, Willow House, Tattershall Road, Billinghay, Lincolnshire LN4 4BW or by email to [email protected].
Changes to this policy:
We reserve the right to amend this Statement at any time to meet the requirements of the GDPR and our role as a data processor. Any significant changes will be mutually agreed.
Complaints:
If you have a complaint about the use of data by us, you can email us at [email protected]. Alternatively, you can formally report an issue of concern to the Information Commissioner’s Office, the UK body that governs Data Protection. See https://ico.org.uk
No Waiver:
No failure or delay by us in exercising any of our rights in accordance with this Privacy Policy or our Terms of Use shall be deemed to be a waiver of that right, and no waiver of a breach of any provision shall be deemed to be a waiver of any subsequent breach of the same or any other provision.
Severance:
If one or more of the provisions of this Privacy Policy or our Terms of Use is found to be unlawful, invalid or otherwise unenforceable, those provision(s) shall be deemed severed, and the remainder of these shall remain enforceable.
Third Party Rights:
The terms of this Privacy Policy shall not confer rights on any third parties and accordingly the Contracts (Rights of Third Parties) Act shall not apply.
Jurisdiction and Governing Law:
The terms of this Privacy Policy and all disputes, whether contractual or otherwise, arising out of or in connection with the policy are governed by and shall be construed in accordance with the laws of England and Wales and each party submits to the exclusive jurisdiction of the English courts.
Willow House ICO Registration Reference: ZA057871