Data Privacy Notice
Who Are We?
Here at Saltergate Physiotherapy Ltd we take our responsibility to keep your personal information secure very
seriously.
The information you give us will only be used by us in order to provide our service to you.
Saltergate Physiotherapy Ltd, 98 Saltergate, Chesterfield S40 1LG is a Data Controller and as such decides on
what data is collected and how it is used.
What Information Do We Need From You?
We will require basic personal information from you such as your name, date of birth and contact
information.
We will also require specific information from you regarding the health matter you are consulting us about.
If you do not provide us with this information then we will not be able to provide our service to you
The processing of your personal data is governed by the General Data Protection Regulation 2016/679 (GDPR).
How Do We Process Your Personal Information?
Saltergate Physiotherapy Ltd complies with its obligations under GDPR by:
- (a) keeping your personal data up to date
- (b) storing and destroying it securely
- (c) not collecting or retaining excessive amounts of data
- (d) not keeping the data for longer than necessary
- (e) protecting personal data from loss, misuse, unauthorised access or disclosure
- (f) by ensuring that appropriate physical and technical measures are in place to protect it
We will only use your personal information for the purposes of:
- (i) Providing healthcare services to you
- (ii) Maintaining our own business accounts and records
- (iii) Communicating with 3rd party data controllers as necessary
- (iv) The use of CCTV systems for crime prevention and safety
We hold your personal information in a combination of both paper and electronic formats.
As some of your personal information is classified as Special Category Data under GDPR we note our duty under
Article 9(2) (h) and this is reflected in the lengths and measures we undertake in order to protect it.
What is our Lawful Basis for Processing Your Data?
Under Article 6 of GDPR our lawful basis is deemed to be that of Legal Obligation.
We have a professional and legal obligation to process your data in order to keep an accurate record of our
interaction with you in accordance with our membership of the Chartered Society of Physiotherapy.
We also have a legal obligation to maintain accounting information under UK Law in accordance with our status
as a Limited Company.
Sharing Your Personal Information
Your personal information will be treated as strictly confidential and will only be shared with
- (a) the 3rd party data controller who may have referred you to us
- (b) the company with whom you have a healthcare insurance policy
- (c) if necessary, with another healthcare professional in relation to the healthcare matter you have consulted us about.
How Long Do We Keep Your Personal Information For?
In order to comply with our professional and legal obligations as members of the Chartered Society of
Physiotherapy any health related information will be kept for a period of 8 years from the date of last
entry.
Special conditions exist for information held about children (i.e. under the age of 18), this data will be
held
until their 25th birthday.
In order to comply with our status as a Limited Company any non-health related information will be held for a
period of 8 years after the end of the company’s financial year to which it relates.
Your Rights Under GDPR
Unless the matter is subject to an exemption under GDPR, you have the following rights with respect to your personal information:
- To request a copy of the personal information that we hold about you.
- That we correct any personal information if it is inaccurate or out of date.
- To have it erased where it is no longer necessary for us to retain it.
- Where there is a dispute in relation to the accuracy or processing of your personal information, to request a restriction is placed on further processing until such a time as the dispute is resolved.
- To lodge a complaint with the Information Commissioners Office.
Transfer of Data Abroad
We do not transfer any data outside of the EEA.
Automated Decision Making
We do not use any form of Automated Decision Making.
Further Processing
If we wish to use your personal data for a new purpose, not covered by this Data Privacy Notice, then we will provide you with a new notice explaining this prior to commencing the processing and we will set out the relevant purposes and processing conditions.
Contact Details
For any queries, complaints or to exercise all relevant rights please, in the first instance, contact the Data
Controller in writing at the address stated at the start of this notice.
A copy of our full Data Privacy Policy is available on request.