Data Protection & Privacy Policy
Our contact details
Name: Matthew Dennies
Phone Number: 07442 197799
E-mail: contact@progresshomephysiotherapy.co.uk
Privacy Policy created 31st March 2024
Review 19th April 2025.
The Purpose of this Policy
Progress Home Physiotherapy is committed to ensuring the privacy of those who use our website and service, and complying with the legal requirements relating to your personal information, including the UK General Data Protection Regulation (GDPR) and Data Protection Act (2018). We are registered with Information Commissioner’s Office (ICO).
This policy outlines how we collect, process, share and store your personal information, and the reasons for doing so. It also explains your rights in relation to the personal information we hold about you.
By using our services, including our website, you are consenting to us processing your personal information, as outlined in this Data Protection and Privacy Policy. By entering into contract, you agree to collection and processing of your personal information as outlined in this policy. Please read this policy carefully and contact us if you have any queries.
For the purpose of GDPR and data protection regulations, Progress Home Physiotherapy is acting as the ‘data controller’ of your personal information.
When we refer to ‘us’, ‘our’ and ‘we’, we mean Progress Home Physiotherapy.
The type of personal information we collect
We currently collect and process the following information:
-
Personal identifiers, contact information and characteristics (for example your name and contact details) that are submitted via our website.
-
Your internet protocol (IP) address. We may also for marketing reasons use software to collect technical information that tracks, measures and collects information such as where you have geographically accessed our website, how long you have spent on specific pages of the website, how you have interacted with the website, or how you accessed the website.
-
Relevant information relating to your medical history, condition, assessments and treatments. Information relating to your health is classed as ‘special category data’ and therefore processed in accordance with UKGDPR Article 9, paragraph 2(h) and schedule 1, part 1, paragraph 2 of the Data Protection Act (2018). Your personal information may also be processed in accordance with paragraphs 18 &19, part 2, schedule 1 of the Data Protection Act (2018) in relation to safeguarding.
-
Financial information to process payments. Card payments are processed by a third party company “Squareup” and financial information, location and technical (such as what device was used to pay) data is stored by them to process payments.
How we get the personal information, why we have it and the lawful basis for processing it
Most of the personal information we process is provided to us directly by you for one of the following reasons:
-
We collect information provided to use through contact forms or via phone or email to contact you regarding a query or to book an appointment
-
Information regarding your health and condition will be collected in person or over the phone to enable the safe and effective clinical management of your condition
-
In some cases, information may be collected from, or shared with, friends or family with your consent to enable safe and effective clinical care. If a client is unable to consent to information being gained or shared, then information may be gained or shared if it is deemed to be in their best interest.
-
If we need to process (collect, store or share) personal information about you for a reason that is not outlined in this policy, we will explain the reason for processing the personal information, the type of data we are processing and the lawful basis for doing so in order to gain your consent.
​
​
​
​
​
​
​
​
​
​
​
​
​
​
How we store your personal information and for how long
Your information is securely stored on password protected and encrypted devices or in third party cloud-based services that are GDPR compliant. Your information is only accessed by authorised people and the most minimal amount of information that is required is accessed.
We keep the following types of information for the time periods outlined below. Once the maximum time periods below have passed your personal information will be deleted appropriately if it has not already been. You have the right to erasure of certain personal information, please contact us to request this.
-
Cookies and website data – 14 months maximum
-
Health information – Minimum of 8 years from ceasing to be a client (this mirrors NHS England standards). Health information may be held for longer if required for complaints and litigation.
-
Information provided for appointment enquiries – 1 year maximum
-
Personal information held by third parties we share information with is retained as outlined in their privacy policies.
Sharing your personal information with third parties
To enable the effective running of our business, some personal information is shared with GDPR and ISO 27001 compliant third-party companies as outlined below.
We may need to share your personal information with third parties in relation to your treatment, in these instances we will inform you we are sharing your personal information and ask for your consent if required.
Personal information shared with third parties will be encrypted if sent via email. We cannot guarantee the security of information once received by a third party.
Up to date privacy policies for third-party businesses we share your personal information with are available on their websites.
We do not share or sell your personal information to third parties for marketing purposes.
​
​
​
​
​
​
​
​
​
How we ensure your personal information is accurate
-
Contact information is provided by clients and checked upon entering a contract with our business. Clients are advised to inform us if their contact information changes and it is their responsibility to do this to ensure the accuracy of their contact information.
-
Medical records are required to be accurate for legal and regulatory reasons. Due to the requirement to retain medical records, any inaccuracies will be corrected through an addendum rather than deletion, this applies if a request is made for your personal information to be rectified. Clients are advised to update us if there is any new information or changes relating to their medical records.
-
The digital system we use for clinical documentation clearly identifies who has created the document, thus any assessments or opinions included those documents can be sourced to an individual.
-
Opinion forms an important part of the clinical management of our clients. Opinion will only be documented when it is informed and necessary. You have the right to challenge opinion and this will be recorded, but this does not mean that opinion will not be documented.
-
If you think your personal information is incorrect or you would like to request rectification of the personal information we hold about you, please contact us using the contact information within this policy.
Your data protection rights
Under data protection law, you have rights including:
​
Your right of access - You have the right to ask us for copies of your personal information.
Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances. Where we hold special category health information about you, we are unable to erase this as it is legally required to be held for a minimum time period.
Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Your right to object to processing - You have the the right to object to the processing of your personal information in certain circumstances.
Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
​
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Please contact us at contact@progresshomephysiotherapy.co.uk or 07442 197799 if you wish to make a request.
​
How to complain
If you have any concerns about our use of your personal information, you can make a complaint to us at contact@progresshomephysiotherapy.co.uk or 07442 197799.
​
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk​​
Purpose/Activity
​
​
To answer appointment enquiries or book an appointment
​
To process transactions in relation to goods and services we provide
​
To use data collected from our website to allow improved marketing, business development, website development and improve customer experience
​
​
Collect information to provide safe and effective healthcare. This could include: personal identifiers, contact information, assessment and treatment records, medical history, information/ correspondence about you from other healthcare providers, test or scan results
​
Share information in the case of a medical emergency where you are unable to consent to your information being shared
​
Share information with relevant authorities in relation to safeguarding, crime or other legal obligation
​
To audit and analyse the effectiveness of our service
​
​
​
To contact customers regarding changes to our service or policies, provide marketing information, provide appointment reminders, or to ask customers to provide feedback/reviews of our service
Type of Data
​
​
Identity, Contact
​
​
Identity, Financial, Technical, Location
​
​
Identity, Contact, Technical, Usage, Location, Marketing and Communications
​
​
​
Identity, Contact, Health
​
​
​
​
​
​
​
Identity, Contact, Health
​
​
​
​
Identity, Contact, Health
​
​
​
Identity, Health
​
​
​
​
Identity, Contact, Marketing and Communications
​
​
​
​
Lawful basis for processing data
​
Performance of contract
​
​
Performance of contract
​
​
Necessary for our legitimate interests as business. Data collected can be minimised or prevented through declining cookies when using our website
​
Legal obligation (Health and Social Care Act 2015) and to comply with Health and Care Professions Council regulations our clinicians are require to follow
​
Performance of contract
​
​
Vital interest
​
​
​
​
Public Task
Legal Obligation
​
​
Necessary for our legitimate interests as a health care provider to use outcome measures and health data to analyse the clinical effectiveness of our service
​
Necessary for our legitimate interests as a business to keep customers updated on our business activity and share marketing information with them
​
Consent for marketing emails
Third Party
​
Rehab Guru Ltd
​
​
​
Wix.com (UK) Limited
​
​
​
​
​
​
​
​
​
​
​
Squareup International Ltd.
​
Family, Friends, Next of Kin
​
​
​
​
Health and Social Care Professionals
​
​
​
​
​
​
Insurers
​
​
​
​
​​​
​
Microsoft
Type of Data
​
Identity, Contact, Health
​
​
​
Identity, Contact, Technical, Marketing, Usage, Location
​
​
​
Identity, Contact, Technical, Marketing, Usage, Location
​
​
​
​
​
​
Identity, Financial, Location, Technical
​
Identity, Contact, Health
​
​
​
​
Identity, Contact, Health
​
​
​
​
​
​
Identity, Health, Financial
​
​
​
​​
​​
​
​Identity, Contact, Health
​​
Purpose
Securely store client contact information, health records and appointment information.
​
Provide data on website analytics via cookies
Store information provided through contact/enquiry forms
Provide data on website analytics
Store non-health information or anonymised health data in cloud-based storage services
Store information provided by email
Provide data on website analytics via cookies
​
Process card payments
​
Share information relating to your treatment with your consent, unless we have a valid reason to act in your best interests
​
Share contact information and information relating to your treatment to deliver safe and collaborative care, or to refer to other services. The sharing of health records is required under the Health and Social Care Act 2015
​
If required by your insurer, we will share relevant information about assessments we have conducted and the treatment you have received. We may also share information about the cost of your treatment.
​
Store personal information and health dare provided by email.
Store non-health information or anonymised health data in cloud-based storage services.