PhysioFunction Ltd Privacy Notice For Business Clients
We take seriously our obligations to protect your privacy. The General Data Protection Regulation, incorporated in the UK by The Data Protection Act 2018 (the Act), requires us to provide you with important information on how we collect and use your personal data.
Your data is processed by PhysioFunction Ltd, whose principal business address is 50 High Street, Long Buckby, Northamptonshire, NN6 7RD. For the purpose of the Act, PhysioFunction Ltd is defined as a data controller. The Data Protection Officer is Helen Logan and they can be contacted via firstname.lastname@example.org
We can only process your data if there is a legal basis for doing so. We rely on three legal bases for processing your data. These are: your consent, which you can withdraw at any time; our legitimate business interests; and the proper management of a contract to which you are a party.
We must also specify the purposes for processing your data. The purpose of processing your data is because you have asked for something to be done so that you can enter into a contract or it is in relation to a contract which you or your client have entered into.
We need to inform you of other parties who we may share your data with. Internally we need to share your data with Physiotherapists, Occupational Therapists, Sports Therapists, Finance, Administration and Client Services. [We may need to share your data externally with Case Managers, Solicitors, GP’s, Physiotherapists, Consultants, Technology Providers and any other Healthcare Professionals in order to keep them updated of your treatment with us. Additionally, we use the contractors/individuals/external cloud-based systems listed below to process your data. Any contractors with whom we share data about you, or who generate data as a result of our request, will be required to delete your data as soon as they have concluded the service provided to us.
1. PPS – this is a cloud based system that we use to hold your data and treatment notes
2. Mindmaze – A neurological computing platform – Not for all customers
3. Tyro Solution – Neurological computer based hand therapy – Not for all customers
4. FES Devices – Functional Electrical Stimulation – Not for all customers
5. Balance Tutor – Balance and unexpected perturbation system – Not for all customers
We do not transfer any of your data outside of the EEA unless you are an international customer. If you are an international customer personal data shall not be transferred to a country or territory outside the EEA unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
Importantly, you have a number of rights with regard to the data that we hold about you. For example, you can request access to your data, and can require that we rectify or erase it. Your requests will be properly considered. However, this does not automatically mean that we will agree to your request, as we may have other obligations that outweigh your rights. For example, we may be required to legally defend our activities.
We retain your data for a number of reasons and will only keep it for as long as is necessary. Some of the time limits imposed on us are as a result of our statutory obligations.
1. Financial Data must be kept for 6 years
2. Client Records Adults – 8 years after conclusion of treatment or death
3. Client Records Children – Until the customer’s 25th birthday or 26th if the young person was 17 at conclusion of treatment, or 8 years after death.
4. Client records – Med Legal – external documentation is destroyed upon completion of case.
The legislation covering data protection is quite complex. We have tried to keep this document brief and clear to help you understand your rights in respect of the personal data that we process. Should you require further information or in the event that you are not content with how we are managing your personal data, please contact [the individual named above] using the contact details supplied.
You should also be aware that you have the right to lodge a complaint with the UK’s independent data regulator, the ICO, see details below.
ICO helpline 0303 123 1113