Privacy & Security Policy
We are committed to protecting your privacy. We will only use the information that we collect about you lawfully (in accordance with the data protection act 1998) and according to which web trader code of conduct. We are registered and compliant with ICO (Information Commissioner’s Office).
We are fully compliant with the GDPR guidelines which are being introduced 25th May 2018.
GDPR- Data processing
We collect information (your name and telephone number) at the time of you booking your appointment. This information is stored in paper format, which is locked away in a filing cabinet and only accessed by business admin and relevant clinical staff. Your details are also stored at this stage on our online system Cliniko, which is also fully GDPR compliant.
At the time of your first appointment you will be asked to complete a registration form which asks for further detailed information such as your DOB, address, GP and further contact numbers. The therapist you see will then undertake a medical history as part of your initial appointment.
All of this information is secured stored in paper format before being transferred to our online system for storage and updates (Cliniko). Any duplicate paper records are then securely destroyed. As therapists we are required by law and our own professional standards to retain these details for at least 8 years (following your last visit to the clinic). All clients details from 2016 onwards are stored on Cliniko. Prior to this all notes and diaries are stored in a locked filing cabinet and only accessed by appropriate admin / clinical staff. The length of time we securely hold information for is different if clients are under 16 years when they first visited us or if they have have come to us with a Women’s Health complaint.
Paying by card
If you pay for your treatment we do ask for a 50% deposit at the time of booking. Should you choose to pay by card your details will be immediately put into the card machine and no information is recorded or stored separately. The details will not be repeated or read out loud.
The machine prints off 2 copies of the receipt, one for you and one for us. We keep you copy (again this is stored in a locked drawer) and pass that onto you at your first appointment. We retain our copy (again in a locked drawer). This copy is then held for at least 18 months and is kept securely before being destroyed.
If you pay for a treatment in person by card you will be given your copy of the receipt immediately and again our copy is stored securely as mentioned above.
If you order a gift voucher from us (over the phone) we will ask for full payment in order to process the voucher. If you choose to pay this by card your details will be immediately put into the card machine and no information is recorded or stored separately. The details will not be repeated or read out loud.
The machine prints off 2 copies of the receipt, one for you and one for us. We keep you copy (again this is stored in a locked drawer) and we will ask you what you would like us to do with your copy of the receipt, You can choose to come and collect the receipt in person (with the relevant ID to prove you are the card holder). You have the option for us to securely destroy your copy should you not wish to collect it. We retain our copy (again in a locked drawer). This copy is then held for at least 18 months and is kept securely before being destroyed.
Buying a gift voucher and storing information
We are required to take your name and contact number (for future reference) as well as the recipients name and number where possible. We will hold all these details for up to 1 year (at expiry of gift voucher). Once the recipient attends the clinic we no longer require the buyers details (unless you are a current customer) and they are then securely destroyed.
Paying by Paypal
If you order a gift voucher from us in person your order and payment details are processed securely by the 3rd party PayPal. They have their own GDPR policy and this can be viewed on their website. We will then process the gift voucher and retain only you name/ contact information and the recipients details you provide us up until the point they redeem their voucher or up to 12 months (whichever is sooner). Any duplicate information will then be destroyed securely.
We confirm that we will not pass on any of your information to any other company. Any information collected with consent by us will only be used to send further offers or promotional items to you by Sunderland Physiotherapy Clinic solely. Only authorised employees, agents and contractors (who have agreed to keep information secure and confidential) have access to this information.
Further GDPR information coming soon
Code of conduct
Our team of Physiotherapists are registered with the Health and Care Professions Council (HCPC), The Chartered Society of Physiotherapy (CSP) and The Acupuncture Association of Chartered Physiotherapists (AACP). We abide by all professional standards of care, code of conduct and data protection. Our associate therapists are all fully registered and insured and abide by their professional regulations, such as the FHT.
The Site may use cookie and tracking technology depending on the features offered. Cookie and tracking technology are useful for gathering information such as browser type and operating system, tracking the number of visitors to the Site, and understanding how visitors use the Site. Cookies can also help customise the Site for visitors. Personal information cannot be collected via cookies and other tracking technology, however, if you previously provided personally identifiable information, cookies may be tied to such information. Aggregate cookie and tracking information may be shared with third parties.
Distribution of Information We may share information with governmental agencies or other companies assisting us in fraud prevention or investigation. We may do so when: (1) permitted or required by law; or, (2) trying to protect against or prevent actual or potential fraud or unauthorised transactions; or, (3) investigating fraud which has already taken place. The information is not provided to these companies for marketing purposes.