Offline Website BuilderThis privacy notice tells you what to expect us to do with your personal information.
________________________________________
Contact details
Data controller: Gemma Bigg Physiotherapy
Telephone: 07725 880556
Email: physiotherapy@bigg.me.uk
________________________________________
What information we collect, use, and why
We collect or use the following information to provide services and goods:
• Names and contact details
• Addresses
• Date of birth
• Health information (including medical history, conditions, injuries, and treatment notes)
• Account information
• Records of meetings and decisions (clinical notes and treatment records)
• Information relating to compliments or complaints
We also collect and use special category (sensitive) personal data:
• Health information
________________________________________
We collect or use the following information for the operation of customer accounts:
• Names and contact details
• Addresses
• Payment details
• Purchase history
• Account information, including registration details
________________________________________
We collect or use the following information to comply with legal requirements:
• Name and contact details
• Financial transaction information
• Safeguarding information (where applicable)
We also process special category data where required:
• Health information
________________________________________
We collect or use the following information for dealing with queries, complaints or claims:
• Names and contact details
• Address
• Payment details
• Purchase or service history
• Customer records
• Financial transaction information
• Correspondence
We also process special category data for this purpose:
• Health information
________________________________________
Lawful bases and data protection rights
Under UK data protection law, we must have a lawful basis for collecting and using your personal information.
We rely on the following lawful bases:
To provide services and goods
• Contract – we need the information to provide physiotherapy services to you
• Legal obligation – we must comply with legal and professional record-keeping requirements
For customer accounts
• Contract – required to manage bookings, records, and payments
To comply with legal requirements
• Legal obligation – required to meet tax, regulatory, and legal duties
For queries, complaints or claims
• Legal obligation – where required by law or regulation
• Legitimate interests – to respond to enquiries, manage complaints, maintain records, and defend legal claims
Our legitimate interests are:
To respond to enquiries and complaints, maintain accurate records of treatment and communication, protect patients and the business, and establish, exercise, or defend legal claims where necessary.
Some rights may be restricted where legal obligations apply.
________________________________________
Your data protection rights
Under UK data protection law, you have rights including:
• Right of access
• Right to rectification
• Right to erasure
• Right to restrict processing
• Right to object to processing
• Right to data portability
• Right to withdraw consent (where consent is used)
We will respond to requests without undue delay and within one month.
To exercise your rights, contact us using the details above.
________________________________________
Where we get personal information from
We obtain personal information directly from:
• You
• Healthcare providers (e.g. GP referrals or medical reports)
• Insurance companies (where applicable)
________________________________________
How long we keep information
We keep personal data only for as long as necessary.
• Adult clinical records: 8 years after treatment ends
• Children’s records: until age 25, or age 26 if the patient was 17 at the end of treatment
• Financial records: 6 years in line with tax requirements
When data is no longer required, it is securely deleted or anonymised.
________________________________________
Who we share information with
We may share personal information with:
Data processors
• Cliniko – provides practice management software for clinical records, appointments, invoicing, and secure data storage
Other organisations we may share with
• Insurance companies
• Healthcare providers
• Organisations involved in safeguarding
• Professional or legal advisers
• Regulatory authorities (e.g. HM Revenue & Customs, Information Commissioner’s Office)
• Organisations we are legally required to share information with
• Emergency services
________________________________________
Sharing information outside the UK
Where necessary, personal data may be transferred outside the UK.
Example transfer:
Organisation: Cliniko
Category: Cloud-based healthcare practice management and data storage provider
Country: Australia
Safeguard: Standard Contractual Clauses with UK Addendum (UK GDPR compliant transfer mechanism)
International transfers are only made where appropriate safeguards are in place.
________________________________________
How to complain
If you have concerns about our use of your personal information, please contact:
Email: physiotherapy@bigg.me.uk
If you remain unhappy, you can complain to the UK data protection authority:
Information Commissioner’s Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Helpline: 0303 123 1113
Website: https://www.ico.org.uk/make-a-complaint
________________________________________
Offline Website Builder