This notice explains what personal data (information) we hold about you, how we collect it, and how we use and may share information about you during your relationship with Project Physio Ltd. We are required to notify you of this information under data protection legislation (GDPR).
If you have any queries about this Privacy Notice, if you are not sure what something means, or if you wish to contact us about the personal information we hold, please email us at:
For further information around how your data is managed please visit the Information Commissioner's Office (https://ico.org.uk/) website.
Definition of Terms
‘we’, our’, ‘us’, ‘Company’, ‘organisation’ is a direct reference to Project Physio Limited
‘services’ means health care related services provided by us
‘You’ ‘patient’ or ‘patients’ means people who attend our clinic or intend to use our services
Company Name : Project Physio Ltd
Place of Registration : Scotland
Companies House No : 672120
Email address: firstname.lastname@example.org
ICO Registration Number: ZA788042
Data protection principles
We will comply with the data protection principles when gathering and using personal information, as set out in our Data Protection Policy and where data is collected by third parties that are engaged by ourselves we would direct you to their privacy policies. We do not sell data to any third parties.
Practice Management Software - Cliniko - https://www.cliniko.com/policies/privacy/
Online Payment - Stripe - https://stripe.com/en-gb/privacy
Website - Wix - https://www.wix.com/about/privacy
Exercise Software - Physitrack - https://www.physitrack.com/privacy
Marketing platform - Mailchimp - https://mailchimp.com/legal/privacy/#3._Privacy_for_Contacts
We have verified that all of the above service providers are GDPR compliant.
Who collects the information?
Project Physio Ltd (the ‘Organisation’) is a ‘data controller’ and gathers and uses certain information about you. Where the Organisation is also a ‘data processor’, we will process information received from third parties about you.
We receive, collect and store any information you enter on our website or provide us in any other way such as the Internet protocol (IP) address or through contact forms. We may use software tools such as Cookies (Google Analytics) to measure and collect session information, including page response times, length of visits to certain pages, page interaction information, and methods used to browse away from the page. We also collect personally identifiable information (including name, email, DOB, communications) through our online booking system. Comments, feedback and recommendations left on our social media channels may also be collected and used within our own social media or website to help promote our business.
We have verified that all of the above service providers are GDPR compliant.
About the information we collect and hold
The schedule set out in the following section summarises the information we collect and hold, how and why we do so, how we use it and with whom it may be shared.
We may need to share some of the categories of personal information set out below with other parties, such as your GP, surgeon, other health professionals or clinics including their administrative staff, parent or legal guardian in the case of a minor or legal experts, when required to do so by law. This would require us to have your written consent prior to us releasing any data we hold on you. The recipient of the information will be bound by confidentiality obligations.
You will need to give us permission to email you to provide you with news, special offers and general information about other services we offer that are like those that you have already purchased or enquired about. If you have opted-in to marketing emails then you will continue to receive these, until any such time you click the "unsubscribe" link at the bottom of our marketing messages.
You can also unsubscribe at any time by emailing us on email@example.com however please note that some communications (such as service messages, account notifications, billing information) are considered transactional and necessary for account management.
Schedule relating to the information we collect and hold
Where information may be held
Your data may be stored through Wix.com’s data storage, databases and the general Wix.com applications. They store your data on secure servers behind a firewall. More information can be found here https://www.wix.com/about/privacy
Our chosen rehabilitation software Physitrack takes appropriate technical and organizational measures to protect your (personal) data against loss or any form of unlawful use. Because of the medical nature of some of the personal data, Physitrack has incorporated a very high level of security. More information can be found here https://www.physitrack.com/privacy
Information around the data security for our marketing platform Mailchimp can be found here https://mailchimp.com/about/security/
Cliniko Data is encrypted, stored in state-of-the-art facilities, access is restricted to those who have a need to know, and they regularly review their technology to maintain security.
How long we keep your information
By law we have to keep basic information about our customers in order to maintain accurate physiotherapy record. If you are over age 18 we legally have to keep your records for a period of 8 years. If you are under the age of 18, we are required to keep your records until your 25thBirthday (or 26thBirthday if you are aged 17).
In some circumstances, you can ask us to delete your data if beyond the legally required timescales outlined above.
In some circumstances, we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Any personal information that is used for marketing purposes, that has been provided using explicit consent, will be erased in accordance with your rights if requested.
A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
All Cookies used by and on our site are used in accordance with current Cookie Law.
Certain features of Our Site depend on Cookies to function. Cookie Law deems these Cookies to be “strictly necessary”. Your consent will not be sought to place these Cookies however you can adjust your internet browsers settings to disable all cookies. This may however affect how certain aspects of our site work.
Our website and online booking system use first-party cookies provided by Google Analytics. All information around these can be found here https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage
Your rights to correct and access your information and to ask for it to be erased
Your data protection rights
Under data protection law, you have rights including:
Your right of access - You have the right to ask us for copies of your personal information.
Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Your right to object to processing - You have the right to object to the processing of your personal information in certain circumstances.
Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
For further information around your rights please refer to https://ico.org.uk/global/privacy-notice/your-data-protection-rights/
Please contact us at firstname.lastname@example.org or call on 07842 881 349
Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. Each employee has their own personal login and password and where possible 2 factor authentication is used for extra security.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
The ‘organization’ has signed and agreed to a Data Processing Addendum (DPA) which includes Standard Contractual Clauses (also known as "Model Clauses"). These are an approved set of provisions which offer sufficient safeguards and protection for data that's processed outside of the EU/EEA. A copy of the DPA can be provided on request.
How to complain
We hope that we may resolve any query or concern you raise about our use of your information and we can be contacted at email@example.com. If not, contact the Information Commissioner at ico.org.uk/concerns/ or telephone: 0303 123 1113 for further information about your rights and how to make a formal complaint.
The ICO’s address:
Information Commissioner’s Office