Using Your Personal Data
As part of undertaking normal business activities, we (Revive Online Physio) collect and process personal data relating to prospective clients, clients and former clients. As a data controller of this information, the organisation is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.
The address and contact details of the data controller (Carla Sutherland at Revive Online Physio) are set out at the end of this privacy notice.
What information do we collect?
Revive Online Physio collect a range of information about you in the course of undertaking their normal business activities. This may include:
Your contact details including:
next of kin,
email address and
Some biometric data including:
your date of birth,
your history of your presenting complaint,
your medical history and
Health questionnaires for yoga or pilates classes.
Payment method details.
Revive Online Physio may collect this information in a variety of ways. For example, data may be collected in our enquiry forms or over the phone, facebook and via email. The majority of your personal data will be collected from you booking online (or by the reception team during booking) and during consultation with your health care practitioner.
We may also collect data about you from 3rd parties, such as referrers like medical health care companies (BUPA, AXAPPP, etc) or insurance companies (Digby Brown, Rehabilitation network for example). We will seek information from these 3rd parties as part of your treatment should you be associated with the 3rd parties with whom we partner.
Why does Revive Online Physio process your personal data?
We need to process your data to respond to any enquiries and to provide clinical care to you. Or, for the purpose of our classes- yoga/pilates.
We will need to process your personal data during the duration of the treatment of your clinical problem, or class attendance, or to respond to your enquiry. Our lawful basis for doing such is for the purpose of legitimate interest but also we satisfy the conditions for processing special category data. As a healthcare provider, processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional and subject to the conditions and safeguards.
In some cases, we need to process data to ensure that we are complying with legal obligations. For example, it is mandatory for us to hold invoice information for 7 years, from the date of invoice, in order to fulfil any potential obligations with HMRC or other government bodies. This processing will be applicable to both current and former clients.
Likewise we are duty bound to store your medical records for 7 years too.
Revive Online Physio has a legitimate interest in processing your personal data from the time you make your booking enquiry through to the end of your treatment or class block. As already mentioned we also have a special category interest in processing your health related data, this enables us to assess and treat your clinical problem.
Where does Revive Online Physio store your data?
We store all your personal data you give us when you book your initial appointment on the IT systems provided by Blue Zinc, including database and email systems. This is stored securely in off-site ISO27001 certified data centres with appropriate technical and organisational security measures in place, including redundancy and back up.
Health related data is stored on paper format in your personal file, in a locked filing cabinet. Health questionnaires are kept in a folder in locked storage.
Payment details are kept in a file in locked storage.
Any handwritten messages with personal details on are shredded if they are not to be filed and stored securely.
Emails are kept on our email system and the password to the email system is changed every 6 months.
Access to our computer system is protected by password and this is changed every 6 months.
Who has access to data?
Your information will be shared internally across various teams in order to complete the enquiry process and/or to fulfil your booking. This includes members of our admin team, our health care professionals, and/or the class instructors. Special category data (sensitive medical information) may only be handled by the therapists directly involved in your care and the medical secretary if required.
We will only share information with 3rd parties at your request or where required by law. For example, if you wish to work with any of our partners, at your request, we will share your basic information with them to enable this.
How do we protect your data?
We take the security of your data seriously. We have internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the proper performance of their duties.
Under the obligations of data protection, we have policies and procedures in place to keep your data safe during the processing activity.
For how long does Revive Online Physio keep data?
The organisation will hold personal data throughout the duration of your treatment and this will be kept within a secure database. For future identification purposes, your contact details will be stored for when you next use the clinic, unless you ask us to remove them from our database. With regards to invoices and treatment records, we will hold them for 7 years from the invoice date due to legal obligations. We will delete all records and invoice data when the 7 year retention period has elapsed.
As a data subject, you have a number of rights. You can:
Access and obtain a copy of your data on request;
Require the organisation to change incorrect or incomplete data;
Require the organisation to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing;
Object to processing Revive Online Physio is relying on its legitimate interests as the legal ground for processing;
Withdraw your consent to us processing your data.
If you would like to exercise any of these rights, please contact Revive Online Physio
If you believe that the organisation has not complied with your data protection rights, you can complain to the Information Commissioners Office.
What if you do not provide personal data?
You are under no statutory obligation to provide data to Revive Online Physio, however if you do not provide the required information we may be unable to complete the enquiries process or assess and treat your health complaint.
Address and contact details of the data controller
(Revive Online Physio);
1 High Street
Address of Blue Zinc (clinical software IT company);
Unit 4C Dill House
Castlereagh Business Park
478 Castlereagh Road
Telephone: 02890 998696