Privacy Policy

Commitment to Data Security

Neuro Physio by Claire and Associates (the Company) is committed to conducting its business in accordance with all applicable Data Protection laws, regulations and best practice guidance. Data privacy and protection is of considerable importance to us and we take it seriously. For further details, please request a copy of our full Data Privacy Policy.

Policy Overview

Our Data Privacy Policy details the practices we follow to look after personal data. It sets out the basis on which any personal data and sensitive personal data we collect from you, or that you provide to us, will be processed by us. It also sets out your rights in respect of your personal information. This Data Privacy Statement contains a summary of that information.

The confidentiality of your medical information is important to us. We make every effort to prevent unauthorised access to and use of information relating to your current or former physical and mental health. Neuro Physio by Claire and Associates will never sell, trade, rent, exchange or otherwise share your personal information with any other person, company or organisation for marketing purposes.

Our policies and practices apply where, in a business context, a Data Subject’s personal data is processed. We endeavour to make sure that we comply with UK data protection law, including the Data Protection Act 2018, and all applicable medical confidentiality guidelines issued by professional bodies including, but not limited to, the General Medical Council, Health and Care Professions Council and Chartered Society of Physiotherapy.

EU General Data Protection Regulation (GDPR) states that we must provide you with the detailed reasons as to what information we hold about you, why we hold it and how we use it. Please refer to our full Data Privacy Policy for further details.

How to contact us

The Data Protection Officer (“DPO”) helps ensure that Neuro Physio by Claire and Associates complies with data protection law. Our DPO has responsibility for data protection compliance for the Company. The DPO is Claire Ingham, Director and Physiotherapist. Contact can be made with the DPO at the business address on this document (below).

Terms of Reference

In our Data Privacy Policy and Data Privacy Statement, we use “we” or “us” or “our”, “the Company” or “Neuro Physio by Claire and Associates” to refer to who is using your personal information, and the clinicians who provide your treatment. Please refer to our full Data Privacy Policy for further key terminology references.

What personal information do we collect and use from patients?

The Company will obtain and process personal data only by lawful and fair means and for legitimate business reasons with the knowledge and consent of the individual concerned.

The personal information that we collect will depend on your relationship with us, including our use of “special categories of personal information” relating to your physical and mental health. For example, if you are a patient, we need to use information about your health to treat you.

If you provide personal information to us about other individuals (including medical or financial information), for example where you are the carer or guardian of the individual, you should inform the individual about the contents of our Data Privacy Policy.

Children’s Data

Children are unable to consent to the processing of Personal Data and therefore consent must be sought from the person who holds parental responsibility over the child. Children have the same rights as adults over their personal data.

Personal Data

As a patient the personal information we hold about you may include your name, contact details, financial information (e.g., credit card or billing information), occupation, emergency contact and carer details, referral information.

Special Categories Personal Information

The special categories of personal information we hold about you may include the following:

Details of your current or former physical or mental health. This may include information about your medical records or information, and/or any healthcare you have received or need from Neuro Physio by Claire and Associates directly and other healthcare providers such as GPs, dentists or hospitals (private and/or NHS), other medically qualified providers and organisations, clinicians, including about clinic and hospital visits and medicines administered.
Photography and/or video used to assess posture and movement patterns.
Details of services you have received from us.
Details of any genetic data or biometric data relating to you.

Information in this category may also include, where necessary and relevant to our service:

Racial or ethnic origin; political beliefs; religious or philosophical beliefs; trade union membership; sex life or sexual orientation.

Information may be collected directly from you when:

You commence, engage, or enquire about our healthcare services
You take part in our marketing activities

We may also collect information about you from third parties when:

You are referred to us for the provision of services including healthcare services;
We liaise with your current or former employer, health professional or other treatment or benefit provider; your family / carers; your insurance policy provider;
We deal with experts (including medical experts), NHS health service bodies and/or other service providers about services you have received or are receiving from us

How will we communicate with you?

In order to communicate with you, we are likely to do this by telephone, SMS, email, and/or post.

Please note that, although providing your mobile number and email address and stating a preference to be communicated by a particular method will be taken as an affirmative confirmation that you are happy for us to contact you in that manner, we are not relying on your consent to process your personal data to correspond with you about your treatment. Processing your personal data for those purposes is justified on the basis that it is necessary to provide you with healthcare services.

What are the purposes for which your information is used?

We may ‘process’ your information for several different purposes. Each time we use your data we must have a legal justification to do so. The particular justification will depend on the purpose of the proposed use of your data. When the information that we process is classed as “special category of personal information”, we must have a specific additional legal justification to use it as proposed.

The full legal justifications, or ‘grounds’ on which we will process your data relate to the purposes of providing you with healthcare and related services, and for supporting your medical treatment, including to review and audit the services provided to you and communicate with other healthcare professionals about your care are detailed in our full Data Privacy Policy.

We also use your information to conduct our business operations with you, i.e., in respect of contractual and legal obligations and responsibilities, as well as communicating with you and/or your carers, for instance about other services which may be offered.

Note that failure to provide your information further to a contractual requirement with us or a clinician may mean that we are unable to set you up as a patient or facilitate the provision of your healthcare.

No decision will be made about you solely on the basis of automated decision making.

Appropriate business needs

Where we refer to use for our appropriate business needs, we do this in pursuit of legitimate interests however those interests are not overridden by your privacy rights.

Who do we share your information with?

From time to time, we may share your personal information within our group or with third parties, including (but not necessarily limited to) other healthcare professionals and/or organisations / providers; anyone that you ask us to communicate with or provide as an emergency contact, for example your next of kin or carer; third parties who assist in the administration of your healthcare, such as insurance companies; the Private Healthcare Information Network; governmental bodies and our regulators; the Police and other third parties where reasonably necessary for the prevention or detection of crime; courts, tribunals and law enforcement agencies where we are required to do so; our insurers; our carefully selected third-party service providers; other suppliers and partners, and other people working on behalf of the Company and/or selected third parties in connection with any sale, transfer or disposal of our business. Personal Data will not be transferred outside the European Economic Area (EEA), unless that country or territory also ensures an adequate level of protection.

For full details, please refer to our Data Privacy Policy.

In certain circumstances, for example in the event of prevention or detection of crime, or where the safety or wellbeing of a child or vulnerable adult might be compromised, the Data Protection Act allows personal data to be disclosed to law enforcement agencies without the consent of the data subject. Under these circumstances, the Company will disclose necessary or requested data. For more information, please refer to our Safeguarding Policy.

Data Storage & Retention

We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with our Data Privacy Policy, legislation, and best practice guidance. Each individual that handles personal data on behalf of the Company must ensure that it is handled and processed in line with our Data Privacy Policy and data protection principles.

We will only keep your personal information for as long as reasonably necessary to fulfil the relevant purposes set out in the Policy, including for the duration of our service relationship with you, and to comply with our legal and regulatory obligations.

If you would like further information regarding the periods for which your personal information will be stored, please contact our DPO for further details, or refer to our full Data Privacy Policy.

Data Accuracy

We will take reasonable steps to ensure data is kept accurate and up to date.

Individual Rights

You have a range of rights in respect of your personal data. The Company aims to ensure that individuals are aware that their data is being processed, and that they understand how the data is being used and how to exercise their rights, which are set out in detail in our Data Privacy Policy but are summarised briefly below, and which the Company will, where appropriate, enable and facilitate the Data Subject’s rights under GDPR.

In summary, you have the right to: object to other uses of your personal data; be informed; access your personal information; rectification; data erasure; restriction of processing; data portability; object to marketing; withdraw consent; complain to the Information Commissioner’s Office.

If you are unhappy with the way that we have dealt with a request from you to exercise any of these rights, or if you think we have not complied with our legal obligations, details for the Information Commissioner’s Office are under Further Information below.

Subject Access Requests

You can contact the Company requesting information relating to personal data held about you, known as a Subject Access Request, or ‘SAR’. SARs from individuals should be made in writing or by email, addressed to the DPO. We aim to provide the relevant data within 30 days.

The Company will always verify the identity of anyone making a SAR (required to be the Data Subject or their authorised legal representative) before handing over any information.

An administration fee will not usually be charged for considering and/or complying with a SAR however, the Company reserve the right to charge a reasonable fee where the request is deemed to be unnecessary, unfounded, or excessive in nature.

Please refer to the Data Privacy Policy for details of our processes if the Company cannot respond fully to the request within 30 days.

In some situations, we may not be able to fully comply with your request, for example if your request involves the personal data of another person and it would not be fair to that person to provide it to you, or disclose personal data about another individual. In such cases, information must be redacted or withheld as may be necessary or appropriate to protect that person’s rights.

National Data Opt-Out Programme

All health and care organisations are required to uphold patient choices from March 2020.

Policy Changes & Updates

The Company reserves the right to update or amend this Data Privacy Statement and the related Data Privacy Policy from time to time and where there are changes or updates to legislation and/or best practice guidance. The latest version of this Statement will be stored on our website. Please contact the Data Protection Officer in relation to any queries.

Further Information

For more information relating to GDPR and the rights of individuals, contact the Information Commissioner’s Office (via phone on 0303 123 1113 or at Wycliffe House, Water Lane, Wilmslow, SK9 5AF) or visit their website: www.ico.org.uk.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.