We take your privacy very seriously and will only use your personal information to administer your account and to provide the services you have requested from us. Our professionals maintain records about your health, treatment plan and any treatment or care you have received previously that is relevant to your rehabilitation (e.g. NHS Trust, GP surgery, etc.). These records help us to provide you with the best possible care and to facilitate treatment specifically tailored to your individual needs. The records we hold may be electronic, on paper or a mixture of both, and we use a combination of working practices and technology to ensure that your information is kept confidential and secure.

• Details about you, i.e. your date of birth, address, telephone number/s, email, diagnosis, emergency contact etc.
• Any contact we have had with you, i.e. appointments, clinic visits, hydrotherapy, home visits, conversations, classes etc.
• Details about your treatment and care past and present e.g. notes, letters, scans, and rep orts about your health.
• Results from other organisations e.g. orthotics and mobility aids etc.
• Relevant information from other health professionals, legal representatives, case managers, relatives or those who care for you. 
• Information to enable u s to send, receive and process invoices for services you have received such as via third party payers e.g. health insurance companies, case managers.

The information gathered will be used to:

• Provide a legal record of any treatment or advice given. 
• To ensure continuity of care where multiple subcontractors may be involved as part of your treatment. e.g. If neurological and musculoskeletal needs or if being seen by a therapist but also referred into a class.

Some of this information will be used for research, audit, and / or statistical purposes. Where we do this, we take strict measures to ensure that individual patients cannot be identified. Sometimes your information may be requested by us to be used for our own marketing purposes
we will always gain your consent before releasing any information gathered for this purpose (See consent form).

• Collection of postal address, email address and telephone number for invoicing purposes (Contractual obligation)
• Collection of email addresses for purpose of emailing special offers (Consent)
• Collection of hosting data as per website requirements (Contractual obligation)
• Data you share with us as part of the contact form (Consent)
• Marketing of services will be carried out on data collected in the public domain (Legitimate interests)

Every member of staff who works for and on behalf of us has a legal obligation to keep information about you confidential. We will only ever use or pass on information about you if others involved in your treatment have a genuine need for it and we have asked your consent for us to do this (See consent form). We will not disclose your information to any third party without your permission unless there are exceptional circumstances i.e. life or death situations or where the law requires information to be passed on.

We comply with obligations under General Data Protection Regulations (GDPR) by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data. You will be informed if your data needs to be shared and, in most cases, you will be asked for explicit consent for this to happen. Any external companies that we may share your data with are bound by contractual agreements to ensure your information is kept confidential and secure. 

You have a right under the Data Protection Act 1998 / GDPR 2018 to request access to view or to obtain copies of what information we hold about you and to have it amended should it be inaccurate. In order to request this, you need to do the following:
∙

• Your request must be made in writing to us at the practice that is treating you.
• There may be a charge to have a printed copy of the information held about you.
• We are required to res pond to you within 20 working days.
• You will need to give adequate information (for example full name, address, date of birth, and details of your request) so your identity can be verified and your records located.
• We are legally obliged to hold your data for 8 years (for adults) and until children reach the age of 21.

It is important that you tell the person treating you if any of your details such as your name or address have hanged or if any of your details such as date of birth is incorrect in order for this to be amended. You have a responsibility to inform us of any changes so our records are accurate and up to date for you.

Notification GDPR requires organisations to register a notification with the Information Commissioners Office to describe the purposes for which they process personal and sensitive information. This information is publicly available on the Information Commissioners Office website www.ico.org.uk. We are registered with the Information Commissioners Office (ICO). The Data Controller, responsible for keeping your information secure and confidential is Charlotte Salvetti Langton Body and Mind Physiotherapy Limited.

Should you have any concerns about how your information is managed by us please contact Charlotte Salvetti-Langton Co founder Body and Mind Physiotherapy Limited at the following email address: [email protected]. Telephone: 07783 422 033. If you are still unhappy following a review by us you can then complain to the Information Commissioners.