Privacy Notice
Redrock Physio 52-56 London Road, St Albans, AL1 1NG is a Private Physiotherapy Practice and in its capacity as a data Controller is committed to protecting your personal information. By signing this Privacy Notice Data Consent Form you will be giving your explicit consent to our obtaining, using and disclosing your personal information as described in this form.
​
INFORMATION WE COLLECT AND HOW WE USE THIS INFORMATION
By attending Redrock Physio for Physiotherapy and related services we have a contractual and legal requirement to process and hold your data. The information we obtain about you will be used by Redrock Physio for the following purposes:
-
to plan, implement and monitor your rehabilitation
-
to facilitate your recovery
-
for internal administration purposes
We may also use the information to improve our services. We may periodically contact you about new services, special offers or other information which we think you may find interesting, using the information which you have provided.
From time to time, we may also use your information to contact you for market research purposes. We may contact you by email, phone, or mail. We may use the information to customise the website according to your interests.
Sensitive data may be collected to help us with the services we provide you. Sensitive data includes information about your health.
​
HOW WE OBTAIN AND DISCLOSE YOUR INFORMATION
We may obtain your information from, or disclose it to, your medical practitioner, and any other relevant health/professional, your employer/school (where appropriate), the job centre/DEA officer, the insurance company or other funding source, legal representatives or any other third party involved with your rehabilitation. Your information will be used for the purpose of assisting with your rehabilitation, helping you get back to your normal activities/work and promoting your well-being.
We may also collect personal data from our Website, we use analytical and statistical tools that monitor details of your visits to our website and the resources that you access, including, but not limited to, traffic data, location data, weblogs and other communication data (but this data will not identify you personally).
For Marketing purposes, we may pass your details to a 3rd party for marketing purposes, we respect your privacy. This will only relate to basic information (Full name, email address), so that you can receive further information about the services we provide at Redrock Physio. You will not be automatically opted in to any marketing campaigns that we run, consent will be obtained in the first instance. If you have opted in to receive our newsletters, you do have the option to unsubscribe at any time.
We may disclose your information to:
-
Regulatory bodies to enable us to comply with the law and to assist fraud protection.
-
Suppliers and sub-contractors for the performance of any contract we enter into with them or you.
-
Professional advisers including auditors, accountants, lawyers and insurers.
-
Our service providers and agents or third parties which process information on our behalf (e.g. Analytics and search engine providers that assist us in the improvement and optimisation of our site).
-
Third party platform advertising – Where you respond to communications we post on third-party platforms (such as Facebook and Google), we may also share your information with those third parties in order to serve targeted advertising/content to you via the relevant third party platform based on your profile/interests. Your information is used by the third-party platform provider to identify your account and serve advertisements to you. You can control what advertisements you receive via the privacy settings on the relevant provider’s platform and you should consult the third party’s help/support centre for more information.
-
Should we decide to sell any business assets, in which case we may disclose your personal data to the prospective buyers of such business or assets.
USE OF COOKIES
Your Internet Browser has the in-built facility for storing small text files – “cookies”, which hold information which allows a website to recognise your account.
Our website using cookies to enhance your experience by helping us to provide you with a personalised service, and to help make our websites, applications and services better for you.
Cookies help provide you with a better website by enabling us to monitor the pages you find useful and which you do not.
If you choose you may be able to configure your browser or our website, application or service to restrict cookies or block all cookies, however if you disable cookies you may find this affects your ability to use certain parts of the website.
YOUR RIGHT AS AN INDIVIDUAL
You are able to exercise certain rights in relation to your personal data that we process. These are set out in detail at https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
You have the right to request access to any personal information relating to you that is held by us. To do this you will need to put your request for access in writing and send us proof of your identity (e.g copy of your driving licence or passport and a recent utility bill).
You have the right to have all your personal data erased from our system. However, we have a legal obligation to retain your information for 8 years, or until you are 25 years old if you were under 16 years of age when you received treatment. We require a signed letter of instruction to action a full data erasure.
All Clients assessed from May 2010 will have their information stored indefinitely in case of need to access this information in potential future legal cases.
PROTECTING YOUR INFORMATION
We will take all reasonable technical and organisational security measures to safeguard your personal information whilst it is in our possession or control so that it is not, for example, lost, stolen or tampered with. If you have concerns about the accuracy of the information obtained or released by The Orchard Clinic please discuss this with your physiotherapist who will assist you to resolve this. If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by contacting us on 07951645390.
Any employee processing your personal data will be acting on our instructions, and all data will remain confidential.
All information provided to us is stored on ‘cloud based servers’ such as Google Drive and Dropbox. We trust these companies to have robust security measures in place and to be GDPR compliant.
Where necessary encrypted communications may be used for additional security, and password protections will be applied.
Anyone under the age of 16 must have the written consent of a parent or legal