PRIVACY POLICY

Last updated 29th August 2024

INTRODUCTION

Thank you for visiting rebeccabakerphysio.co.uk. Rebecca is a Chartered and State Registered Physiotherapist, clinic address Performance Centre, Sunningdale Heath Golf Club, Cross Road, Sunningdale, SL5 9RX. I or my secretary will collect and process your personal information in-line with this privacy policy and relevant data protection regulations and laws. Please contact me if you require further help.

We need to collect personal information about your health in order to provide you with the best possible treatment. Your requesting treatment and my agreement to provide that care constitutes a contract. You can, of course, refuse to provide the information, but if you were to do that I would not be able to provide treatment.

We have a legitimate interest in collecting that information, because without it I couldn’t do my job effectively and safely. We also think that it is important that we can contact you in order to confirm your appointments with myself or to update you on matters related to your medical care. This again constitutes legitimate interest, but this time it is your legitimate interest.

PERSONAL INFORMATION THAT WE COLLECT

The personal information that we collect may include your name, address, date of birth, email, telephone number and any other personal information you ask us to hold on your behalf. We collect personal information through phone calls, form enquiries, emails, reservations, meetings, bookings and contracts.

HOW WE USE YOUR PERSONAL INFORMATION

We use your personal information to provide services, carry out contracts, complete/send out orders, and to meet our legal, accounting and tax obligations. At the point we determine there is no longer a requirement to hold your personal information, it will be either destroyed or securely isolated and protected from any further processing. Unless required to do so by law we will not disclose, sell or share your personal information without your consent.

YOUR RIGHTS

You have the right to request any personal information that we process or hold about you, together with the reasons for processing, how long we intend to hold it, and to whom we disclose it to. You also have the right to ask us to correct any incorrect personal information that we hold about you, or to erase it, unless there is a valid or legal reason for not doing so. In certain circumstances you have the right to data portability of your personal information and to be informed of our automated decision-making.

SHARING YOUR PERSONAL INFORMATION

We use the following services and business functions. Website Hosting – We use Squarespace as our domain and website hosting provider. You can see their Privacy Policy here: Squarespace Google Analytics – We use Google Analytics on our website and follow Google guidelines to implement anonymous reporting of site usage. Our current data retention setting is 2 months. Read a technical explanation of how Analytics anonymizes IP addresses here. If you would like to opt-out of Google Analytics monitoring your behavior on my website please use Google Analytics Opt-out. Other Google Services – Information submitted through forms on our website, as well as other email communications and contact information are hosted by Google. This data is only kept for customer service purposes and is never used for marketing purposes. We use various other Google services to promote, secure, monitor and carry out our own services, including Search Console, My Business, ReCaptcha, Fonts, Maps, Drive and Adwords. Google adheres to the EU/US Privacy Shield policy and you can see their Privacy Policy here: Google Privacy Policy.

THIRD PARTY WEBSITES

Links to third-party websites from this website are not screened for privacy or security compliance by us, and we cannot be held responsible for any information collected or used by advertisers or third-party websites. This privacy policy does not create rights enforceable by third-parties, and you release us from any liability for the conduct of third-party websites. All social media sharing links, either displayed as text links or icons do not connect you to the associated third parties unless you click on them. We recommend you review the privacy policy and any terms of service for each website you visit through third party links.

SECURITY MEASURES

We take appropriate technical and organisational measures to protect and secure your personal information, including need-to-know access control, encryption, firewalls, anti-virus, two-factor authentication where appropriate, and SSL/HTTPS protocol.

LODGING A COMPLAINT

If you wish to raise a complaint regarding our processing of your personal information, you can do so at the ICO (Information Commissioner’s Office) – https://ico.org.uk/concerns/.

COOKIES

This website uses cookies, small text files that are placed on your machine to help the website provide a better user experience. In general, cookies are used to retain user preferences, store information for things like shopping carts, and provide anonymised tracking data to third party applications such as Google Analytics. Cookies generally exist to make your browsing experience better. However, you may prefer to disable cookies on this website and on others. The most effective way to do this is to disable cookies in your browser.

HOW DO I CHANGE MY COOKIE SETTINGS?

Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set, visit www.aboutcookies.org or www.allaboutcookies.org.

Find out how to manage cookies on popular browsers:

• Google Chrome

• Microsoft Edge

• Mozilla Firefox

• Microsoft Internet Explorer

• Opera

• Apple Safari

To find information relating to other browsers, visit the browser developer’s website.

IZettle – We use iZettle as a credit/debit card payment system. You can see their privacy policy here: IZettle Privacy Policy.

Google Analytics – I use Google Analytics on my website and follow Google guidelines to implement anonymous reporting of site usage. My current data retention setting is 26 months. Read a technical explanation of how Analytics anonymizes IP addresses here. If you would like to opt-out of Google Analytics monitoring your behavior on my website please use Google Analytics Opt-out.

Other Google Services – Information submitted through forms on my website, as well as other email communications and contact information are hosted by Google. This data is only kept for customer service purposes and is never used for marketing purposes. I use various other Google services to promote, secure, monitor and carry out my own services, including Search Console, My Business, ReCaptcha, Fonts, Maps, Drive and Adwords. Google adheres to the EU/US Privacy Shield policy and you can see their Privacy Policy here: Google Privacy Policy.

Powerdiary - I use Powerdiary for appointments, clinic and booking service and medical notes. Your notes may get transferred to “the cloud” using Powerdiary. They are required to give me their assurances that they are fully compliant with the General Data Protection Regulations. Access to this data will be password protected, and the passwords will be changed regularly. You can see their privacy policy here - Power Diary

Squarespace - Squarespace is the website design company I use - Squarespace

Stripe - We may use Stripe for payment processing - Strip

Private Medical Companies - We may share information about you with the Private Medical company I work with on your behalf. We share some details (mostly clerical and the most basic medical data e.g. which body part is being treated, how much progress has been made) with your private medical insurance company where applicable. They already have your data as you have a contract with them, and any exchange is required for contractual reasons to allow your healthcare to continue to be funded by them.

Social Media Sharing - I may on occasions ask patients if they are willing to allow me to use their case on social media sites (Twitter, Instagram and LinkedIn) Permission will be requested and agreed in advance, verbally or in writing.

Professional Bodies - I follow my governing body guidelines; CSP and HCPC.

I have a legal obligation to retain your records for 8 years after your most recent appointment (or until you reach age 25, if this is longer), but after this period you can ask us to delete your records if you wish. Otherwise, we will retain your records indefinitely in order that we can provide you with the best possible care should you need to see us at some future date.

You have the right to see what personal data of yours I hold, and you can also ask me to correct any factual errors. Provided the legal minimum period has elapsed, you can also ask me to erase your records. I have to keep a record of your name and date of birth, so I know you’ve asked to “be forgotten” as it will prevent me from contacting you again.

When making an enquiry or booking you are agreeing with this Privacy Policy