Privacy Policy
- Policy author: Ryszard Buk
- Policy adopted: 20th May 2025
- Policy to be reviewed: 19th May 2028
All Physiofit staff, employed and self-employed, temporary, agency and contractors must adhere to all their policies and procedures. The term staff refers to all people “working” at a Physiofit site.
We are committed to respecting your privacy. Individuals connected with the Clinic (patients and practitioners) can be assured that the protection of privacy and confidentiality are given the highest priority, with all personal information being collected, held and used in strict compliance with the Data Protection Act 1998 and the General Data Protection Regulations (GDPR) 2018. The purpose of the privacy policy is to inform you as a user of Physiofit Limited about what information we collect about you, how we use the information, whether the information is disclosed and the ways in which we protect users' privacy. We will provide information about how and why we use your data in a manner which is:
- Concise, transparent, intelligible and easily accessible;
- Written in clear and plain language, particularly if addressed to a child; and
- Free of charge.
This policy will be displayed on our website and is referred to in writing during patient registration on the client form.
Definitions
The term Physiofit Limited or ‘us’ or ‘we’ refers to the owner of Physiofit Limited whose registered office is:
Physiofit Limited
4 Trafford Road, Alderley Edge SK9 7NT
Tel: 01625 590444
Email: info@physiofit.co.uk
Physiofit Limited – Registered in England No. 5968426
The term “You” or “User” refers to any third party that uses the services of Physiofit Limited and is not employed by Physiofit Ltd or are acting in the course of their employment.
Data – means collectively all information that you submit or we hold about you at Physiofit Limited. This includes, but is not limited to, account details and information submitted.
Consent
By providing your personal information to us, you fully understand and clearly consent to the transfer of such personal information to, and the collection and processing of such information by Physiofit in accordance with this privacy policy. If you do not agree to this policy, please do not provide your personal details to us. We will use your information for the purposes set out below.
What information will the Clinic collect about me?
Prior to commencing treatment, we ask you to complete a registration form which asks for information such as your name, email address, postal address, telephone or mobile number, date of birth, next of kin, NHS Number, your insurance company if relevant, and your General Practitioner or Consultant where applicable. If you are the parent or guardian of a child under 16, we will hold limited personal data about you, so you can give consent for the child to have treatment. We will use your contact details to communicate with you about the child's treatment.
On occasion, we may use a clinic camera or tablet to record your posture or a movement pattern/exercise to help you understand how you can improve. These form a record of your current status and will be uploaded to a secure site within your patient notes and temporarily stored on an encrypted tablet. If you would prefer that we do not take pictures or videos of you or have a preference as to whether these are stored, please make this known to your physiotherapist.
How do we use this information?
The information you supply will be entered into our software programme which is used for managing the clinic diary, making charges, creating and sending exercise programmes, invoicing and letter writing to GPs or Consultants. Your email will be used for appointment reminders, communicating with you regarding your treatment, for customer feedback on completion of treatment and for the sending of exercise programmes and information about your treatment. Your telephone number will be used to contact you relating to your treatment or appointments. We periodically send promotional emails about new services, special offers or other information which we think you may find interesting. We will only use the email address which you have provided to send such material if you have actively asked us to do so. If you supply Physiofit with a testimonial following your treatment, with your permission, it may be used on our website or social media but will be anonymised unless advised otherwise.
Controlling your personal information
Before you submit any information, we will notify you as to why we are asking for specific information and it is up to you whether you provide it.
You can decide what personal information you provide to us. You may choose to restrict the collection or use of your personal information. On the registration form, you have the choice to decide what permission you give us to use your information for. Our registration form also gives you a number of opt in options as to how you would like us to communicate with you. If at any time you wish to change your preference, please inform reception. You will have an opportunity to unsubscribe whenever we communicate with you.
Children
If we process children's data, we take extra care to make sure we protect their interests. When relying on consent, we make sure that the child understands what they are consenting to, and we do not exploit any imbalance in power in the relationship between us. We consider the child's competence to understand what they are agreeing to. We explain to children why we require the personal data we have asked for, and what we will do with it, in a way which they can understand. We explain the risks inherent in the processing, and how we intend to safeguard against them, in a child friendly way, so that children (and their parents) understand the implications of sharing their personal data. We tell children what rights they have over their personal data in language they can understand. If we are relying upon parental consent, then we offer two different versions of our privacy notices; one aimed at the holder of parental responsibility and one aimed at the child.
Can I delete my data?
Your data can be deleted at any time when requested in writing. Whilst on treatment it is advisable for your details to be kept on our system.
We will give you access to your information
You are entitled to know whether we hold information about you and, if we do, to have access to that information. If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible, at the above address. We will promptly correct any information found to be incorrect.
Do you share my data with other organisations?
We'll only share your data with third parties to help us provide a better service for you or if required to do so by law. For example, we will include your date of birth, NHS Number (where required) and full name and address when we communicate with your doctor in a letter giving details about your care. If you would prefer that we do not share this information, please make it known to your physiotherapist and unless required by law, we will respect your wishes.
To bill the NHS for your treatment costs, we will be required to use your NHS Number and your age but not your number to notify them of the number of treatments and the outcome of treatment. To bill your insurance company or solicitors for treatment costs we are required to include your full name, address, date of birth and policy or case number on invoices so that they can identify you. If you do not give us permission to do this, we will not be able to facilitate direct payment with your insurance company and you will be required to settle your account directly.
When we are required to complete a report about you for your insurance company or solicitor, we will again have to provide your full name, address and date of birth. This will be an opt in option on our registration form. If you do not want us to provide these details to your insurance company we will not be able to provide the report to them and they may not cover the cost of your treatment, your treatment will then become self-pay.
In order to provide services such as online booking and online exercise provision, we are required to use third-party websites. We currently use Nookal Ltd and Wibbi for these services. The providers of such services may have access to certain personal data. Any Data used by such parties is used only to the extent required by them to perform the services that Physiofit requests. Any use for other purposes is strictly prohibited. Furthermore, any Data that is processed by third parties must be processed within the terms of this Policy and in accordance with current legislation. Physiotec, whose main office is based in Canada satisfy all current European Data Protection laws.
Legal purposes
We may disclose your personal information if required to do so by law or where we believe such action is necessary to protect or defend our interests or the interests of our customers.
Sale and Transfer
In the event of a sale, merger, consolidation, change in control, transfer of substantial assets, reorganisation or liquidation, we may transfer, sell, or assign to third parties information concerning your relationship with us, including without limitation, personally identifiable information that you provide and other information concerning your relationship with us.
How are my treatment records stored?
Since May 2017, the Clinic has started using electronic treatment records which will be kept in accordance with legal retention periods and are backed up automatically to a remote secure server as detailed within our privacy policy. Prior to this date, we kept paper records which are now kept in a locked filing cabinet within a secure, non-clinical area of the clinic. When the treatment records are to be destroyed the Clinic uses a company that securely and safely shreds the records.
How long will the Clinic keep my information?
We will hold your personal information on our system for as long as we need to keep your records.
Different types of data have different legal ‘retention periods’ that we abide to, such as medical records and personnel records retention periods. Personal data will be held for no longer than is necessary and will be destroyed appropriately when the data retention period has expired. We are required to hold your treatment records for a minimum of 8 years or up to the age of 25 if, when you were treated, you were under the age of 16.
How secure is the information you hold?
We take appropriate measures to safeguard the information we hold from unauthorised access or improper use. We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect. Only users authorised by us have access to this data.
Customer feedback and complaints
Everyone working for the Clinic are under a legal duty to keep patients' personal information confidential. Patients who believe their confidence has been breached may make a complaint to the practice and they could take legal action.
We welcome your questions and comments about privacy issues. If you have any complaints or concerns about any aspect of this privacy policy and the ways in which we obtain, store, manage or destroy personal data, then please contact us via info@physiofit.co.uk by telephone 01625 590444 or in writing to our registered address: Physiofit Limited, 4 Trafford Road, Alderley Edge SK9 7NT.
Alternatively, you can raise an issue, if you feel we have in any way handled your personal data unfairly or inappropriately, with the Information Commissioners Office. Further details on GDPR and data protection laws can also be found at the ICO website.
This policy should be read in conjunction with our Physiofit Website Privacy Policy. Physiofit Ltd reserves the right to change this Privacy Policy as we may deem necessary from time to time or as may be required by law. Any changes will be immediately posted on our website. Please check our policy from time to time to ensure you are happy with any changes. This policy is effective from 1st May 2018 and was updated July 2021.