This privacy policy applies to Fiona O’Leary Physiotherapy & Pilates. We are committed to ensuring that your privacy is protected. This policy covers the collection, processing and other use of personal data under the Data Protection Act 1998 (“DPA”) and the General Data Protection Regulations (“GDPR”).
Name and Address of the controller
Our Data Controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union and other provisions related to data protection is:
Fiona O’Leary
Winstanley House, 4 Market Hill, Saffron Walden, Essex, CB10 1HQ
Phone: 07757609091
Email: [email protected]
Website: www.fionaolearyphysio.co.uk
What information do we collect?
We collect ‘personally identifiable’ data via our website, such as your e-mail address, name, home or work address and telephone number, only if you, the user, directly provide it to us; all such data has therefore been provided voluntarily, with your consent. Normally you will only provide such details if you raise an enquiry or book an appointment/class.
During treatment sessions and/or classes, we will collect additional personal data necessary to provide our services to you and to ensure legal compliance with CSP (Chartered Society of Physiotherapists) notekeeping standards. This may include details of your medical history and current medical complaints; notes will be kept throughout any treatment sessions detailing your progress.
Our website uses Cookies for basic functionality, and for collecting ‘non-personally identifiable’ data for analytics and for advertising purposes. When you first visit our web site, you will be prompted to give consent to allow cookies to be stored on your computer.
Use of your information
We may hold and process personal data that you provide to us through our online contact forms and during treatment sessions in accordance with the DPA and GDPR. The information that we collect and store relating to you is primarily used to enable us to provide our services to you, and to meet our contractual commitments to you. We also have a professional and legal obligation to keep accurate notes of all our interactions with you.
Where you have consented on the registration form, you will from time to time receive updates/promotions via email; you can opt out of these at any time by contacting [email protected]
Where you have consented on the registration form you will receive appointment reminders via email. You can opt out at any time by contacting [email protected]
Cookies on our website are used for the primary purpose of making the site function correctly. Cookies can be disabled entirely in your browser settings (doing so may mean the site doesn’t function correctly).
We monitor anonymised data collected by our web host, Weebly’s, servers and Google Analytics/Flurry cookies stored on your computer/mobile device to track trends related to our website, eg. Google search terms referrals, location of users and users’ devices. Such data is used strictly for the purpose of optimising our website experience and improving our online presence. We do not cross-compare this data with any other data holdings; we do not share it with third parties; we are not able to analyse it to identify individual users or their personal data. Nevertheless, you can opt-out of Google Analytics and Flurry Mobile Analytics at the following links:
https://developer.yahoo.com/flurry/end-user-opt-out/
https://tools.google.com/dlpage/gaoptout
Advertising Cookies are used by our Web Host, Weebly, and a third-party associate, Quantcast, to track users’ interests across websites to deliver targetted, interest-based advertising. The data Quantcast collects is non-personally identifiable, so cannot be used to identify indivual users (see Quantcast’s privacy policy: https://www.quantcast.com/privacy/ ). Our website does not host advertising of any kind; however, you can disable Quantcast’s, alongside many other, advertising cookies at the following address (this will not affect our site’s functionality):
http://www.youronlinechoices.com/uk/your-ad-choices
Disclosure of your information
Where you have consented for us to do so, we may provide your personal data to selected third parties, such as insurance companies and other medical professionals. We do not use or disclose any personal data without your explicit consent. Otherwise, we will process, disclose or share your personal data only if required to do so by law or in the good faith belief that such action is necessary to comply with legal requirements or legal process served on us or the website.
Where you have consented to Cookies being stored on your computer, non-personally identifiable data concerning your web browsing activity will be disclosed to the companies listed above.
Data Storage and Transfer:
Data such as client notes and contact information is stored via Practice Pal on UK-based servers with Rackspace. All data sent to and from Practice Pal’s servers is encrypted. Further information is available on Practice Pal’s website: www.practicepal.co.uk
Online Bookings through our website also utilise the secured services of PracticePal; clicking on our ‘Online Booking’ link, you will be re-directed to a secured site, which will encrypt any personal data provided. See link above for more details.
All sensitive information sent via email is password-protected and encrypted using Swiss-based ProtonMail. All data transfers between ProtonMail’s Swiss based servers and our workstations are encrypted. More information regarding ProtonMail’s security features can be found on their website: https://protonmail.com
Information sent to us via our website’s Contact Form or Mummy MOT Pre-Screening Form is held on the EU-based servers of JotForm; information sent to us is encrypted and the relevant forms are SSL secured. More information regarding JotForm is available on their website: https://www.jotform.com/
We hold other data, such as GP letters and referral letters, on a local, password-protected and encrypted hard drive.
Your rights:
As a data processor we understand that we have an obligation under the GDPR to comply with the following:
Subject Access Requests
The GDPR gives individuals the right to access personal data that is held by organisations by a ‘subject access request’ (SAR). We will endeavour to respond quickly to any such requests, which legally require us to respond within one month of receiving the request and necessary information.
Right to Rectification
Individuals have the right to request that we amend or change personal information that is inaccurate or incorrect. As Data Controller, we will act on any request without delay, as instructed by you.
Right to erasure
In certain circumstances, individuals have the right to ask us to delete personal information from our systems; such requests can be made without giving any reason and at any time.However we are legally required to store notes for eight years from the date of last treatment for adult records, and for children eight years after their 18 birthday or until 25 years of age.
Right to restrict processing
Individuals have the right to restrict the processing of their personal data where they have a particular reason for wanting the restriction.As Data Controller, we will act on any request without delay, as instructed by you.
Right to data portability
Individuals have the right to obtain and transfer their data to different service providers. As Data Controller, we will act on any request without delay, as instructed by you.
Right to object
Individuals have the right to object to the processing of data at any time based on their particular situation. This includes objecting to profiling, unless it is in the ‘public interest’ or exercised lawfully by an official authority. We will only process data where we can demonstrate lawful grounds for doing so. As Data Controller, we will act on any request without delay as instructed by you.
Right not to be subject to decisions based on automated processing
We do not use any automated processing that results in any automated decision based on a data subject’s personal information.
Breach in data protection
Any breach in data protection will be reported to the ICO within 72 hours.
Changes to this policy
We may update these policies to reflect changes to the website and customer feedback. Please regularly review these policies to be informed of how we are protecting your personal data.
Name and Address of the controller
Our Data Controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union and other provisions related to data protection is:
Fiona O’Leary
Winstanley House, 4 Market Hill, Saffron Walden, Essex, CB10 1HQ
Phone: 07757609091
Email: [email protected]
Website: www.fionaolearyphysio.co.uk
What information do we collect?
We collect ‘personally identifiable’ data via our website, such as your e-mail address, name, home or work address and telephone number, only if you, the user, directly provide it to us; all such data has therefore been provided voluntarily, with your consent. Normally you will only provide such details if you raise an enquiry or book an appointment/class.
During treatment sessions and/or classes, we will collect additional personal data necessary to provide our services to you and to ensure legal compliance with CSP (Chartered Society of Physiotherapists) notekeeping standards. This may include details of your medical history and current medical complaints; notes will be kept throughout any treatment sessions detailing your progress.
Our website uses Cookies for basic functionality, and for collecting ‘non-personally identifiable’ data for analytics and for advertising purposes. When you first visit our web site, you will be prompted to give consent to allow cookies to be stored on your computer.
Use of your information
We may hold and process personal data that you provide to us through our online contact forms and during treatment sessions in accordance with the DPA and GDPR. The information that we collect and store relating to you is primarily used to enable us to provide our services to you, and to meet our contractual commitments to you. We also have a professional and legal obligation to keep accurate notes of all our interactions with you.
Where you have consented on the registration form, you will from time to time receive updates/promotions via email; you can opt out of these at any time by contacting [email protected]
Where you have consented on the registration form you will receive appointment reminders via email. You can opt out at any time by contacting [email protected]
Cookies on our website are used for the primary purpose of making the site function correctly. Cookies can be disabled entirely in your browser settings (doing so may mean the site doesn’t function correctly).
We monitor anonymised data collected by our web host, Weebly’s, servers and Google Analytics/Flurry cookies stored on your computer/mobile device to track trends related to our website, eg. Google search terms referrals, location of users and users’ devices. Such data is used strictly for the purpose of optimising our website experience and improving our online presence. We do not cross-compare this data with any other data holdings; we do not share it with third parties; we are not able to analyse it to identify individual users or their personal data. Nevertheless, you can opt-out of Google Analytics and Flurry Mobile Analytics at the following links:
https://developer.yahoo.com/flurry/end-user-opt-out/
https://tools.google.com/dlpage/gaoptout
Advertising Cookies are used by our Web Host, Weebly, and a third-party associate, Quantcast, to track users’ interests across websites to deliver targetted, interest-based advertising. The data Quantcast collects is non-personally identifiable, so cannot be used to identify indivual users (see Quantcast’s privacy policy: https://www.quantcast.com/privacy/ ). Our website does not host advertising of any kind; however, you can disable Quantcast’s, alongside many other, advertising cookies at the following address (this will not affect our site’s functionality):
http://www.youronlinechoices.com/uk/your-ad-choices
Disclosure of your information
Where you have consented for us to do so, we may provide your personal data to selected third parties, such as insurance companies and other medical professionals. We do not use or disclose any personal data without your explicit consent. Otherwise, we will process, disclose or share your personal data only if required to do so by law or in the good faith belief that such action is necessary to comply with legal requirements or legal process served on us or the website.
Where you have consented to Cookies being stored on your computer, non-personally identifiable data concerning your web browsing activity will be disclosed to the companies listed above.
Data Storage and Transfer:
Data such as client notes and contact information is stored via Practice Pal on UK-based servers with Rackspace. All data sent to and from Practice Pal’s servers is encrypted. Further information is available on Practice Pal’s website: www.practicepal.co.uk
Online Bookings through our website also utilise the secured services of PracticePal; clicking on our ‘Online Booking’ link, you will be re-directed to a secured site, which will encrypt any personal data provided. See link above for more details.
All sensitive information sent via email is password-protected and encrypted using Swiss-based ProtonMail. All data transfers between ProtonMail’s Swiss based servers and our workstations are encrypted. More information regarding ProtonMail’s security features can be found on their website: https://protonmail.com
Information sent to us via our website’s Contact Form or Mummy MOT Pre-Screening Form is held on the EU-based servers of JotForm; information sent to us is encrypted and the relevant forms are SSL secured. More information regarding JotForm is available on their website: https://www.jotform.com/
We hold other data, such as GP letters and referral letters, on a local, password-protected and encrypted hard drive.
Your rights:
As a data processor we understand that we have an obligation under the GDPR to comply with the following:
Subject Access Requests
The GDPR gives individuals the right to access personal data that is held by organisations by a ‘subject access request’ (SAR). We will endeavour to respond quickly to any such requests, which legally require us to respond within one month of receiving the request and necessary information.
Right to Rectification
Individuals have the right to request that we amend or change personal information that is inaccurate or incorrect. As Data Controller, we will act on any request without delay, as instructed by you.
Right to erasure
In certain circumstances, individuals have the right to ask us to delete personal information from our systems; such requests can be made without giving any reason and at any time.However we are legally required to store notes for eight years from the date of last treatment for adult records, and for children eight years after their 18 birthday or until 25 years of age.
Right to restrict processing
Individuals have the right to restrict the processing of their personal data where they have a particular reason for wanting the restriction.As Data Controller, we will act on any request without delay, as instructed by you.
Right to data portability
Individuals have the right to obtain and transfer their data to different service providers. As Data Controller, we will act on any request without delay, as instructed by you.
Right to object
Individuals have the right to object to the processing of data at any time based on their particular situation. This includes objecting to profiling, unless it is in the ‘public interest’ or exercised lawfully by an official authority. We will only process data where we can demonstrate lawful grounds for doing so. As Data Controller, we will act on any request without delay as instructed by you.
Right not to be subject to decisions based on automated processing
We do not use any automated processing that results in any automated decision based on a data subject’s personal information.
Breach in data protection
Any breach in data protection will be reported to the ICO within 72 hours.
Changes to this policy
We may update these policies to reflect changes to the website and customer feedback. Please regularly review these policies to be informed of how we are protecting your personal data.