Privacy & Security Policy

Data Protection

We are committed to protecting your privacy. We will only use the information that we collect about you lawfully (in accordance with the data protection act 1998) and according to which web trader code of conduct. We are registered and compliant with ICO (Information Commissioner’s Office).

We are fully compliant with the GDPR guidelines which are being introduced 25th May 2018.

GDPR- Data processing

We collect information (your name and telephone number) at the time of you booking your appointment. This information is stored in paper format, which is locked away in a filing cabinet and only accessed by business admin and relevant clinical staff. Your details are also stored at this stage on our online system Cliniko, which is also fully GDPR compliant. 

At the time of your first appointment you will be asked to complete a registration form which asks for further detailed information such as your DOB, address, GP and further contact numbers. The therapist you see will then undertake a medical history as part of your initial appointment.

All of this information is secured stored in paper format before being transferred to our online system for storage and updates (Cliniko). Any duplicate paper records are then securely destroyed. As therapists we are required by law and our own professional standards to retain these details for at least 8 years (following your last visit to the clinic). All clients details from 2016 onwards are stored on Cliniko. Prior to this all notes and diaries are stored in a locked filing cabinet and only accessed by appropriate admin / clinical staff. The length of time we securely hold information for is different if clients are under 16 years when they first visited us or if they have have come to us with a Women’s Health complaint.

If you have been referred to us by a third party, such as insurance company, employer, solicitor we will be sent additional information about you at the point of referral. Again this information is stored and accessed safely and held appropriately along with your medical records. We may be required to send information back to your referrer. This will only be done with your consent and will be fully compliant with the GDPR guidelines. The referral company will also have their own GDPR privacy policy including the safe transference of information.

Paying by card

If you pay for your treatment we do ask for a 50% deposit at the time of booking. Should you choose to pay by card your details will be immediately put into the card machine and no information is recorded or stored separately. The details will not be repeated or read out loud.

The machine prints off 2 copies of the receipt, one for you and one for us. We keep you copy (again this is stored in a locked drawer) and pass that onto you at your first appointment. We retain our copy (again in a locked drawer). This copy is then held for at least 18 months and is kept securely before being destroyed.

If you pay for a treatment in person by card you will be given your copy of the receipt immediately and again our copy is stored securely as mentioned above.

If you order a gift voucher from us (over the phone) we will ask for full payment in order to process the voucher. If you choose to pay this by card your details will be immediately put into the card machine and no information is recorded or stored separately. The details will not be repeated or read out loud.

The machine prints off 2 copies of the receipt, one for you and one for us. We keep you copy (again this is stored in a locked drawer) and we will ask you what you would like us to do with your copy of the receipt, You can choose to come and collect the receipt in person (with the relevant ID to prove you are the card holder). You have the option for us to securely destroy your copy should you not wish to collect it. We retain our copy (again in a locked drawer). This copy is then held for at least 18 months and is kept securely before being destroyed.

Buying a gift voucher and storing information

We are required to take your name and contact number (for future reference) as well as the recipients name and number where possible. We will hold all these details for up to 1 year (at expiry of gift voucher). Once the recipient attends the clinic we no longer require the buyers details (unless you are a current customer) and they are then securely destroyed.

Paying by Paypal

If you order a gift voucher from us in person your order and payment details are processed securely by the 3rd party PayPal. They have their own GDPR policy and this can be viewed on their website. We will then process the gift voucher and retain only you name/ contact information and the recipients details you provide us up until the point they redeem their voucher or up to 12 months (whichever is sooner). Any duplicate information will then be destroyed securely.

GDPR- Marketing

If you are an existing customer we will have asked you to fill in a registration form. Part of this form contains a tick box with regards to you consenting to receive marketing information, mews and offers from us via email. If you did tick the box and therefore consent, we will have added you to our marketing list, which is held on Mailchimp. Mailchimp is a 3rd party and has its own GDPR privacy policy which can be found here. We also have a ‘sign up to our newsletter’ option on our website, where by you can add your own details to our Mailchimp mail list. We send out occasional emails via Mailchimp to inform clients (that have consented/ signed up) of news and any offers/ discounts. Our newsletters always contain an unsubscribe button should you wish to do this at any point and stop receiving information. You can also unsubscribe here or email us at info@sunderlandphysiotherapyclinic.co.uk. We will remove you from the mailing list at this point but you will remain on our customer list for the allocated amount of time as previously stated above. 

 

We confirm that we will not pass on any of your information to any other company. Any information collected with consent by us will only be used to send further offers or promotional items to you by Sunderland Physiotherapy Clinic solely. Only authorised employees, agents and contractors (who have agreed to keep information secure and confidential) have access to this information.

Further GDPR information coming soon

 

Code of conduct
Our team of Physiotherapists are registered with the Health and Care Professions Council (HCPC), The Chartered Society of Physiotherapy (CSP) and The Acupuncture Association of Chartered Physiotherapists (AACP). We abide by all professional standards of care, code of conduct and data protection. Our associate therapists are all fully registered and insured and abide by their professional regulations, such as the FHT.

 

Cookie/Tracking Technology
The Site may use cookie and tracking technology depending on the features offered. Cookie and tracking technology are useful for gathering information such as browser type and operating system, tracking the number of visitors to the Site, and understanding how visitors use the Site. Cookies can also help customise the Site for visitors. Personal information cannot be collected via cookies and other tracking technology, however, if you previously provided personally identifiable information, cookies may be tied to such information. Aggregate cookie and tracking information may be shared with third parties.

 

Distribution of Information We may share information with governmental agencies or other companies assisting us in fraud prevention or investigation. We may do so when: (1) permitted or required by law; or, (2) trying to protect against or prevent actual or potential fraud or unauthorised transactions; or, (3) investigating fraud which has already taken place. The information is not provided to these companies for marketing purposes.