GDPR Privacy Notice
Core Physio Ltd
New Douglas Park
Core Physio Ltd is committed to protecting your personal information and this privacy notice relates to our use of your personal information collected from you either in person, by letter, e-mail or over the telephone. It also relates to information about you that is shared with us from someone else e.g. your doctor, solicitor, insurance company, employer or case management company.
‘Personal data’ means any information that is identifiable about you.
‘Special categories personal data’ means ‘sensitive data’ such as health data.
‘We’ means Core Physio Ltd.
We collect and process data because we have a legal or contractual obligation to do so and we ensure that it is adequate, relevant and limited to what is necessary to provide a physiotherapy and health service to you.
What information we collect
We collect and process information when you telephone the clinic to make an enquiry or appointment, when you email us, when we receive a referral about you, or if you visit the clinic in person.
At the point of enquiry or booking we will ask you for personal data:
date of birth
telephone number, either landline or mobile or both
Health condition outline
Our lawful basis for processing your general personal data is contractual in order to be able to offer you a physiotherapy/health service, appointments and billing.
At your appointment at the clinic, we may ask for information regarding:
information regarding the condition you are seeking advice about
activities you undertake
medication you take
We will also record the findings of a physical examination and continue to keep a record of your treatments each time you attend the clinic.
We may access information about medical investigations (scans and X-ray) via your GP or medical advisor
Our lawful basis for processing your special categories of personal data is a legal obligation as we have to fulfil documentation criteria to meet professional standards.
How we use this information.
We use an electronic diary and accounts package that is accessible for maintenance and support at our request by TM3.
We write and store paper notes occasionally at the discretion of your referring party.
We use the information;
1. To provide a legal record of any treatment or advice we provide.
2. To ensure continuity of care.
3. For accounts purposes.
4. To contact you about your ongoing treatment including sending exercises by e-mail.
We do not pass on your information for commercial purposes.
Daily back-ups are cloud-based and managed by TM3.
We take all reasonable steps to ensure that our information is kept up to date and rectified if necessary. It is your responsibility to inform us if any personal information changes, in order that our records are accurate.
How long do we keep personal information?
We keep your personal data for no longer than reasonably necessary.
We have a legal obligation to retain records for 8 years after the conclusion of treatment.
If the record relates to a child or young person, the records must be kept until the patient’s 25th birthday or 8 years after death.
We may retain electronic records indefinitely for use if you return for another episode of care within 8 years and for analytical purposes.
How do we protect your information?
We are committed to ensuring that your information is secure. In-order-to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect.
Sharing your personal data.
We may pass information, with your permission, to other medical professionals or insurance companies who are involved in your care; this may include GPs, Consultants, Occupational Health Departments or other Health and Care Professionals.
This information may be passed on in the form of a written letter which is given to you – if this is the case, the letter becomes your responsibility and the protection of its contents is your responsibility.
If the information is passed electronically by email, it will be password protected or sent via the secure email system and we will take all reasonable precautions to transmit the information securely.
Providing us with your personal data.
You are under no statutory or contractual requirement or obligation to provide us with your personal data but failure to do so may mean we are unable to offer services at our clinics.
Controlling your personal information
You are entitled, to request a copy of the personal information we hold about you and to have any discrepancies rectified if appropriate. If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us and we will promptly correct any information where legally possible.
You are entitled to request that we transfer your data directly to another controller and to request that your personal data is erased where it is no longer necessary to retain it.
We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so.
We confirm that we do not transfer data abroad or use any form of automated decision making in our business.
All changes will be notified on our website
Any questions or complaints regarding this privacy notice should be addressed to:
Dayna Dale, Data Protection Officer
Core Physio Ltd
New Douglas Park, Hamilton, ML3 0FT
If you wish to take a matter further, you have the right to lodge a complaint with the Information Commissioners Office on 0303 1231113 or via email at ioc.org.ukor at the Information Commissioner’s Office, Wycliffe House, Water Lane, Cheshire SK9 5AF.