Who are we
Physit Limited is a limited company registered in England and Wales whose registered office is 71-75 Shelton Street, London, WC2H 9JQ.
We operate as Data Controller for the information you provide to us.
We act as Controllers in common with organisations listed below when we work in conjunction with them to treat you medically:
- 1. Your nominated Insurance Company
- 2. NHS
- 3. Your nominated health professional
If you have any questions about the protection of your data, please email us on: firstname.lastname@example.org
Taking your Data Protection seriously
We have reviewed and updated our policies, processes and procedures to comply with the General Data Protection Regulation (EU) 2016 / 679 (“GDPR”) and have updated this Privacy Notice accordingly.
Purpose for processing
We are legally bound by the guidelines of the Chartered Society of Physiotherapy and collect the following data from you in order to provide physiotherapy services:
- Personal contact data – name, address, email, phone
- Sensitive personal data – such as medical details including medical history
- Photography – on some occasions and with your consent, we may take photographs or short videos to demonstrate the correct exercise techniques
You may have consented to us sending you Newsletters from time to time as part of the registration process or through our website. If you no longer wish to receive these, please either unsubscribe from the Newsletter or email us at email@example.com. We will action your request immediately.
Source of your data
We receive information about you from YOU.
Where you have been referred from other Health Professionals you will have consented to your information being sent to us in order to provide Physiotherapy services.
We do not receive or buy-in lists of personal data from other sources.
Recipients of your data
Your information is provided to GPs, Consultants, Insurance Companies, hospitals and other health professionals directly linked to your treatment with your consent.
During your medical treatment you will be asked to consent to the transmission of this information. In some instances you will be able to withdraw your consent and the implications of this will be made clear to you during the consultation (as this may not be in your best interests).
We do not pass on your information to any other parties.
Automated decision making
We do not undertake any automated decision making using your data, nor do we use your data for profiling or any other investigative purposes.
Security of your data
We have taken all reasonable steps to ensure that we and our Data Processors adapt Industry standard security protection systems to ensure the security of your data.
In some instances your email address is stored in locations other than the EEA (USA) and in this instance, we have assured ourselves that the Data Processor is aware of their responsibilities for the privacy and security of your data under GDPR.
All other data is stored in the EEA.
Your rights under GDPR
The GDPR provides the following rights for individuals: (https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/)
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling
If you would like to exercise any of your rights please email us firstname.lastname@example.org.
We will make every effort to respond to your queries promptly and to your satisfaction.
However, if you are still not satisfied, you have the right to complain to the Information Commissioners Office (ICO). Follow the link below to report a concern to the ICO.