Privacy Policy: Project Physio Ltd
This notice explains what personal data (information) we hold about you, how we collect it, and how we use and may share information about you during your relationship with Project Physio Ltd. We are required to notify you of this information under data protection legislation (GDPR).
Please read this Privacy Policy carefully and ensure that you understand it. We would also encourage you to read any third party privacy policy we highlight in relation to data controlling and processing. This privacy notice supplements these policies and does not override them. Project Physio Limited may update this policy to comply with any change in our practice or relevant legislation. You should check back on this page to ensure that you are happy with any changes. This policy is effective from 16/09/2020.
If you have any queries about this Privacy Notice, if you are not sure what something means, or if you wish to contact us about the personal information we hold, please email us at:
For further information around how your data is managed please visit the Information Commissioner's Office (https://ico.org.uk/) website.
Definition of Terms
‘we’, our’, ‘us’, ‘Company’, ‘organisation’ is a direct reference to Project Physio Limited
‘services’ means health care related services provided by us
‘You’ ‘patient’ or ‘patients’ means people who attend our clinic or intend to use our services
Company Information
Company Name : Project Physio Ltd
Place of Registration : Scotland
Companies House No : 672120
Email address: contact@projectphysio.net
ICO Registration Number: ZA788042
Data protection principles
We will comply with the data protection principles when gathering and using personal information, as set out in our Data Protection Policy and where data is collected by third parties that are engaged by ourselves we would direct you to their privacy policies. We do not sell data to any third parties.
Practice Management Software - Cliniko - https://www.cliniko.com/policies/privacy/
Online Payment - Stripe - https://stripe.com/en-gb/privacy
Website - Wix - https://www.wix.com/about/privacy
Exercise Software - Physitrack - https://www.physitrack.com/privacy
Marketing platform - Mailchimp - https://mailchimp.com/legal/privacy/#3._Privacy_for_Contacts
We have verified that all of the above service providers are GDPR compliant.
Who collects the information?
Project Physio Ltd (the ‘Organisation’) is a ‘data controller’ and gathers and uses certain information about you. Where the Organisation is also a ‘data processor’, we will process information received from third parties about you.
We receive, collect and store any information you enter on our website or provide us in any other way such as the Internet protocol (IP) address or through contact forms. We may use software tools such as Cookies (Google Analytics) to measure and collect session information, including page response times, length of visits to certain pages, page interaction information, and methods used to browse away from the page. We also collect personally identifiable information (including name, email, DOB, communications) through our online booking system. Comments, feedback and recommendations left on our social media channels may also be collected and used within our own social media or website to help promote our business.
Our company website (www.projectphysio.net) is hosted on the Wix.com platform. Wix.com provides us with an online platform that allows us to sell our services to you. Your data may be stored through Wix.com’s data storage, databases and the general Wix.com applications. They store your data on secure servers behind a firewall. Wix privacy policy and information around the data they collect can be found here https://www.wix.com/about/privacy
Our online practice management software is run by Cliniko.com. Your personal information is imputed when a healthcare professional (the ‘organisation’) records information about a patient (you) or when you personally complete an online form or booking. The cliniko privacy policy and the information they collect can be found here https://www.cliniko.com/policies/privacy/
Our online payment platform is hosted by Stripe.com. The information that Stripe collects may include payment method information (such as credit or debit card number, or bank account information), the purchase amount, date of purchase, and payment method. Stripes privacy policy and information around the data they collect can be found here https://stripe.com/en-gb/privacy
We use a third-party provider, MailChimp, to deliver our email marketing newsletter. Mailchimp is integrated into our practice management software Cliniko. When booking an appointment through our online booking systems personal information such as your name, email address, address, or telephone number will be transferred securely to a distribution list. We gather statistics around email opening and clicks using industry-standard technologies to help us monitor and improve our e-newsletter. For more information, please see Mailchimp's privacy policy https://mailchimp.com/legal/privacy/#3._Privacy_for_Contacts
Our rehabilitation software is provided by Physitrack who are integrated with cliniko. How Physitrack complies with GDPR and for information around the type of data it collects please read the following https://support.physitrack.com/article/721-what-types-of-data-are-stored-by-physitrack. Physitracks full privacy policy can be found here https://www.physitrack.com/privacy
We have verified that all of the above service providers are GDPR compliant.
About the information we collect and hold
The schedule set out in the following section summarises the information we collect and hold, how and why we do so, how we use it and with whom it may be shared.
We may need to share some of the categories of personal information set out below with other parties, such as your GP, surgeon, other health professionals or clinics including their administrative staff, parent or legal guardian in the case of a minor or legal experts, when required to do so by law. This would require us to have your written consent prior to us releasing any data we hold on you. The recipient of the information will be bound by confidentiality obligations.
We seek to ensure that our information collection and processing is always proportionate. We will notify you of any changes to the information we collect or to the purposes for which we collect and process it. You will be provided with the opportunity to consent to the ‘organisations’ privacy policy when booking online.
You will need to give us permission to email you to provide you with news, special offers and general information about other services we offer that are like those that you have already purchased or enquired about. If you have opted-in to marketing emails then you will continue to receive these, until any such time you click the "unsubscribe" link at the bottom of our marketing messages.
You can also unsubscribe at any time by emailing us on contact@projectphysio.net however please note that some communications (such as service messages, account notifications, billing information) are considered transactional and necessary for account management.
Schedule relating to the information we collect and hold
Where information may be held
Your data may be stored through Wix.com’s data storage, databases and the general Wix.com applications. They store your data on secure servers behind a firewall. More information can be found here https://www.wix.com/about/privacy
Our chosen rehabilitation software Physitrack takes appropriate technical and organizational measures to protect your (personal) data against loss or any form of unlawful use. Because of the medical nature of some of the personal data, Physitrack has incorporated a very high level of security. More information can be found here https://www.physitrack.com/privacy
Information around the data security for our marketing platform Mailchimp can be found here https://mailchimp.com/about/security/
Cliniko Data is encrypted, stored in state-of-the-art facilities, access is restricted to those who have a need to know, and they regularly review their technology to maintain security.
How long we keep your information
By law we have to keep basic information about our customers in order to maintain accurate physiotherapy record. If you are over age 18 we legally have to keep your records for a period of 8 years. If you are under the age of 18, we are required to keep your records until your 25thBirthday (or 26thBirthday if you are aged 17).
In some circumstances, you can ask us to delete your data if beyond the legally required timescales outlined above.
In some circumstances, we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Any personal information that is used for marketing purposes, that has been provided using explicit consent, will be erased in accordance with your rights if requested.
Cookies
A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
All Cookies used by and on our site are used in accordance with current Cookie Law.
Certain features of Our Site depend on Cookies to function. Cookie Law deems these Cookies to be “strictly necessary”. Your consent will not be sought to place these Cookies however you can adjust your internet browsers settings to disable all cookies. This may however affect how certain aspects of our site work.
Our website and online booking system use first-party cookies provided by Google Analytics. All information around these can be found here https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage
Your rights to correct and access your information and to ask for it to be erased
Your data protection rights
Under data protection law, you have rights including:
Your right of access - You have the right to ask us for copies of your personal information.
Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Your right to object to processing - You have the right to object to the processing of your personal information in certain circumstances.
Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
Your right to lawful consent - you have the right to state your consent to our privacy policy
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
For further information around your rights please refer to https://ico.org.uk/global/privacy-notice/your-data-protection-rights/
Please contact us at contact@projectphysio.net or call on 07842 881 349
Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. Each employee has their own personal login and password and where possible 2 factor authentication is used for extra security.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
The ‘organization’ has signed and agreed to a Data Processing Addendum (DPA) which includes Standard Contractual Clauses (also known as "Model Clauses"). These are an approved set of provisions which offer sufficient safeguards and protection for data that's processed outside of the EU/EEA. A copy of the DPA can be provided on request.
How to complain
We hope that we may resolve any query or concern you raise about our use of your information and we can be contacted at contact@projectphysio.net. If not, contact the Information Commissioner at ico.org.uk/concerns/ or telephone: 0303 123 1113 for further information about your rights and how to make a formal complaint.
The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF