Privacy Notice – Website
Version: 7th November 2018
Body and Mind Physiotherapy Limited is a registered company in the England and Wales.
Address: Exchange House, 33 Station Road, Liphook, GU30 7DW, Company No. 07352559.
The Privacy Officer can be contacted [email protected] or 0845 165 0290.
Our Personal Data Protection Policy governs the use and storage of your data.
Body and Mind Physiotherapy Limited (also known as Body and Mind Physiotherapy) is a Controller of the personal data you (data subject) provide us. We collect the following types of personal data from you:
- Email address
- Telephone number
- Browser location information
We process your personal data for the:
- Collection of postal address, email address and telephone number for invoicing purposes (Contractual obligation)
- Collection of email addresses for purpose of emailing special offers (Consent)
- Collection of hosting data as per website requirements (Contractual obligation)
- Data you share with us as part of the contact form (Consent)
- Marketing of services will be carried out on data collected in the public domain (Legitimate interests)
Your personal data is processed in a variety of cloud environments located in the United Kingdom. Website hosting and storage of that data takes place at various ISP’s for continuity purposes, all of which are located in the United Kingdom.
We do not sell your data however data is shared with Google Analytics to review the usage of the website. No third-party providers have access to your data, unless specifically required by law.
No data is transferred to third countries.
Your data will be retained for the following time periods:
- Under UK law, we are required to keep your financial information for 3 years. After this period, your personal data will be irreversibly destroyed.
- Any personal data held by us for marketing and service update notifications will be kept by us until such time that you notify us that you no longer wish to receive this information.
- Data collected as part of access to our website and the platform it resides on – analytics data – will be retained for a period of 26 months from data of collection in line with Google’s updated data retention policies.
- Data on the platform will be retained for one year from the date of collection.
- Data you shared with us as part of the contact form – if it is to be used for processing then your data will be retained for the lifetime of the contract between us plus six years to be able to defend any insurance claims against us.
- If the data you shared with us is used to respond to a query that you have and there is no contractual basis for us processing your data then this will be kept for the lifetime of the request. We will maintain enough data to prove that we have complied with your requirements for one year to demonstrate our response if challenged.
We protect the personal data we hold from theft, accidental loss, corruption and other threats that would have a negative impact on our customers. These protective measures include:
- Not collecting personal data that we don’t really need.
- Destroying or anonymising personal data securely when we don’t need it any more.
- Only allowing our staff and our suppliers to process the personal data they need to carry out their duties.
- Encrypting personal data to render it useless to anyone who is not authorised to access it.
- Making sure that staff are trained on how to handle personal data safely and securely and are fully aware of their personal responsibilities.
- Binding our suppliers to the same standards and duties of care that we hold ourselves to.
- Protecting our websites, networks and IT systems from unauthorised access and from threats such as denial of service attacks, viruses and malware.
- Making periodic checks that all of these measures are working well and making improvements to them when we think we can do better.
- Ensuring backups are completed on a daily basis.
To deliver services to you there may be a requirement to use specialist companies that are based outside of the UK. In this regard, Body and Mind Physiotherapy is relying on the legal derogation that any transfer would be necessary for the performance of a contract between the individual and the organisation or for pre-contractual steps taken at the individual’s request. Body and Mind Physiotherapy will assess these companies and ensure that they meet the same requirement and safeguards as you would expect from Body and Mind Physiotherapy in the UK.
All IT solutions in use by the company are administered and controlled in the UK. All safeguards that are in place for the UK staff such all technical and organisational controls will be fully enforced