Using Your Personal Data
As part of undertaking normal business activities, we (Pimlico Physiotherapy) collect and process personal data relating to prospective clients, clients and former clients. As a data controller of this information, the organisation is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.
The address and contact details of the data controller (Pimlico Physiotherapy) are set out at the end of this privacy notice.
What information do we collect?
Pimlico Physiotherapy collects a range of information about you in the course of undertaking their normal business activities. This may include:
Your name, address and contact details, including email address and phone number;
Payee details – from medical insurers such as BUPA, or other 3rd party;
Consultation details – including existing and pre-existing medical conditions, relevant medical, social and family history;
Any support calls/texts/emails or complaints made to us during your treatment
Any relevant qualifications and insurance details from allied health professionals using or renting clinic space
Pimlico Physiotherapy may collect this information in a variety of ways. For example data may be collected in paper registration forms or over the phone during enquiries and appointment making, support calls and calls with our admin (Blue Zinc) team or via email. The majority of your personal data will be collected during the enquiries and appointment processes by our partner admin team.
We may also collect data about you from 3rd parties, such as insurers or medical referrers (GPs, Drs, Consultants or other Allied Health Professionals) that you may engage with.
Our premises are monitored by CCTV for insurance purposes of certain high value items which are kept within the clinic.
Why does Pimlico Physiotherapy process personal data?
We need to process your data to respond to any enquiries and to fulfil any contracts we have with you.
We will need to process your personal data during the duration of the enquiry and sales process on a contractual legal basis, as at these stages it is deemed that you are considering entering into a contract with us. As a client, we will process your personal data in order to fulfil contractual terms and agreements.
In some cases, we need to process data to ensure that we are complying with legal obligations. For example, it is mandatory for us to hold invoice information for 7 years, from the date of invoice, in order to fulfil any potential obligations with HMRC or other government bodies. This processing will be applicable to both current and former clients.
Blue Zinc has a legitimate interest in processing your personal data throughout the duration of your contract. Processing data from our clients is in our commercial interests as it allows us to continuously evaluate the product and make various improvements to improve the client experience. It will also enable us to ensure we are constantly providing the level of support expected by our clients. We may also need to process data from clients to respond to or defend against a legal claim.
If you choose to end any contractual agreement you may have with us, we may continue to process your information for analytical purposes and legitimate interests for future identification purposes.
Where does Pimlico Physiotherapy store your data?
We store the majority of your personal data and other information on IT systems, including database and email systems. This is stored securely in off-site certified data centres with appropriate technical and organisational security measures in place, including redundancy and back up. Historical paper data is kept securely in locked cabinets in a secure clinic.
Who has access to data?
Your medical information will only be shared internally between members of our physiotherapy team, if access to the data is necessary for the performance of their roles and with patient permission. Data relevant to billing only may be shared with members of the admin team who will not have access to sensitive medical data through limited access to our database (TM3 Private Practice Software).
We will only share information with 3rd parties at your request or where required by law. For example, if you wish to provide information as part of a medical claim or to provide relevant medical details to an allied health practitioner such as your GP.
How does Pimlico Physiotherapy protect your data?
We take the security of your data seriously. We have internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the proper performance of their duties.
For how long does Pimlico Physiotherapy keep data?
If a prospective client does not enter into a contractual agreement with Pimlico Physiotherapy, we will hold your personal data for 1 year after the last contact from you. These details will be kept in order to facilitate future appointment making should a prospective client wish to engage services in the future.
The organisation will hold medical data permanently in case of a future medical claim or case query. With regards to your invoices, we will hold them for 7 years from the invoice date due to legal obligations. We will delete all invoice data when the 7-year retention period has elapsed.
If you choose to end an arrangement with Pimlico Physiotherapy, e.g. room rental, we will delete or anonymise all unnecessary personal data. We will however continue to hold all invoice data for invoices issued less than 6 years ago. After all invoices have elapsed the 7-year retention period we will delete all invoice data.
As a data subject, you have a number of rights. You can:
Access and obtain a copy of your data on request;
Require the organisation to change incorrect or incomplete data;
Require the organisation to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing;
Object to processing of your data where Pimlico Physiotherapy is relying on its legitimate interests as the legal ground for processing;
Withdraw your consent to us processing your data.
If you would like to exercise any of these rights, please contact Pimlico Physiotherapy.
If you believe that the organisation has not complied with your data protection rights, you can complain to the Information Commissioners Office.
What if you do not provide personal data?
You are under no statutory obligation to provide data to Pimlico Physiotherapy. However, if you do not provide the required information we may be unable to complete the enquiries process or fulfil the contract with yourselves.
Address and contact details of the data controller (Pimlico Physiotherapy)
52 Lupus Street
Telephone: 0203 621 2261