Data Privacy Notice

Here at Saltergate Physiotherapy Ltd we take our responsibility to keep your personal information secure very seriously.

The information you give us will only be used by us in order to provide our service to you.

Saltergate Physiotherapy Ltd, 98 Saltergate, Chesterfield S40 1LG is a Data Controller and as such decides on what data is collected and how it is used.

We will require basic personal information from you such as your name, date of birth and contact information.

We will also require specific information from you regarding the health matter you are consulting us about.

If you do not provide us with this information then we will not be able to provide our service to you

The processing of your personal data is governed by the General Data Protection Regulation 2016/679 (GDPR).

Saltergate Physiotherapy Ltd complies with its obligations under GDPR by:

• (a) keeping your personal data up to date
• (b) storing and destroying it securely
• (c) not collecting or retaining excessive amounts of data
• (d) not keeping the data for longer than necessary
• (e) protecting personal data from loss, misuse, unauthorised access or disclosure
• (f) by ensuring that appropriate physical and technical measures are in place to protect it

We will only use your personal information for the purposes of:

• (i) Providing healthcare services to you
• (ii) Maintaining our own business accounts and records
• (iii) Communicating with 3rd party data controllers as necessary
• (iv) The use of CCTV systems for crime prevention and safety

We hold your personal information in a combination of both paper and electronic formats.

As some of your personal information is classified as Special Category Data under GDPR we note our duty under Article 9(2) (h) and this is reflected in the lengths and measures we undertake in order to protect it.

Under Article 6 of GDPR our lawful basis is deemed to be that of Legal Obligation.

We have a professional and legal obligation to process your data in order to keep an accurate record of our interaction with you in accordance with our membership of the Chartered Society of Physiotherapy.

We also have a legal obligation to maintain accounting information under UK Law in accordance with our status as a Limited Company.

Your personal information will be treated as strictly confidential and will only be shared with

• (a) the 3rd party data controller who may have referred you to us
• (b) the company with whom you have a healthcare insurance policy
• (c) if necessary, with another healthcare professional in relation to the healthcare matter you have consulted us about.

In order to comply with our professional and legal obligations as members of the Chartered Society of Physiotherapy any health related information will be kept for a period of 8 years from the date of last entry.

Special conditions exist for information held about children (i.e. under the age of 18), this data will be held until their 25th birthday.

In order to comply with our status as a Limited Company any non-health related information will be held for a period of 8 years after the end of the company’s financial year to which it relates.

Unless the matter is subject to an exemption under GDPR, you have the following rights with respect to your personal information:

• To request a copy of the personal information that we hold about you.
• That we correct any personal information if it is inaccurate or out of date.
• To have it erased where it is no longer necessary for us to retain it.
• Where there is a dispute in relation to the accuracy or processing of your personal information, to request a restriction is placed on further processing until such a time as the dispute is resolved.
• To lodge a complaint with the Information Commissioners Office.

We do not transfer any data outside of the EEA.

We do not use any form of Automated Decision Making.

If we wish to use your personal data for a new purpose, not covered by this Data Privacy Notice, then we will provide you with a new notice explaining this prior to commencing the processing and we will set out the relevant purposes and processing conditions.

For any queries, complaints or to exercise all relevant rights please, in the first instance, contact the Data Controller in writing at the address stated at the start of this notice.

A copy of our full Data Privacy Policy is available on request.