Prestons Health CLINIC PRIVACY & UK GDPR POLICY, OCTOBER 2021
Prestons Health at Thorpe Wood, Oundle School, and, www.prestonshealth.co.uk is brought to you by Prestons Health whose address is Prestons Health, within David Lloyd, Thorpe Wood Business Park, Longthorpe, Peterborough, PE3 6SR. Registered in England No. 4664144
This Privacy & GDPR Policy 2021 describes Prestons Health Clinic practices regarding the collection, use and disclosure of the information we collect from and about you when you use Prestons Health Clinic’s website, mobile applications, social media, products and services.
By accessing or using the services, you agree to this policy.
This Policy contains the following sections:
The Information We Collect
How We Use Your Information
Cookies and Similar Technologies
Online Analytics and Advertising
How We Share and Disclose Your Information
Third Party Links and Services
International Transfer of Data
How Long We Store Your Information
Changes to Our Policy
How We Protect Your Information
Prestons Health Clinic Contact Information
The information we collect
Prestons Health Clinic collects a variety of information that you provide directly to us. We process your information, when necessary, to provide you with the services that you have requested when accepting our Terms of Service, or where we have obtained your prior consent, or where we have a legitimate interest to do so. For example, we may have a legitimate interest to process your information to be able to provide treatment, invoice & billing, and enhancement purposes of the services we provide to you, or for analytics, research, and reporting purposes. Without your information, we cannot provide you with the services you have requested or you may be limited in your use of the services.
1. Information that you provide
Prestons Health Clinic collects information from you through:
Patient Enquiries and Registration.
Prestons Health Clinic services that you use.
Requests or questions you submit to us via forms or email (e.g., website enquiries, Website chat enquiry, direct email, Facebook messenger).
Your communications and dealings with us.
Your participation in Prestons Health Clinic sweepstakes, contests, or research studies.
Uploads or posts to social media, website & use of service.
Requests for information through 3rd parties or 3rd party referrals assistance.
Information from and about you:
The types of information we collect will depend upon the services you use, how you use them, and what you choose to provide.
The types of data we collect directly from you may include:
Name, address, D.O.B, telephone numbers and email address.
Optional information may include photographs, patient relationships, referral sources etc.
Log-in details and password, if you create an Prestons Health Clinic account.
Any email requests or questions you submit to us.
Demographic information such as your gender, age, etc.
User-generated content you post in public online platforms.
Information to/from Third Parties
Occasionally we may receive information about you from other sources such as Insurance Companies, Injury Management Companies, GP, Consultant, Solicitors and Case Managers which will be added to the information already held about you in order for us to help supply or services to you.
We will usually respond to these third parties with reports or letters of findings, progress or recommendations for treatments which we do not provide i.e. MRI Scans, X-Rays, Blood Test etc. These reports or letters will contain your information including name address and date of birth and about your treatment so that the receiving party can locate you on their files and update their information. These reports or letters will only be sent to the intended recipient.
We are required to generate records of all treatment provided. The HCPC – Health and Care Professions Council mandate that all data must be kept for a period no shorter than seven years.
This does not impede your right to be forgotten. We are able to archive your content upon your request but your patient records and notes must be kept in line with HCPC guidelines.
Your records are stored either:
On paper (for patients before 2017), in a locked filing box stored securely within my home office.
Electronically (“in the cloud”), using a specialist medical records service (Cliniko). This provider has given me their assurances that they are fully compliant with the General Data Protection Regulations. Access to this data is password protected, and the passwords are changed regularly.
Information about others:
If you choose to recommend our services online, via social media, on use our online referral service we will use that person’s contact information, which may include their email address or their social network identity, to send an invitation. Prestons Health stores the information you provide to send the invitation & to register that person.
2. Information We Automatically Collect
When you use our services that connect to the Internet, including, but not limited to, when you access the services via our website, your mobile devices, any Prestons Health Clinic software/applications, we automatically collect certain information as described in this Section.
As discussed further below, we and our service providers (which are third party companies that work on our behalf to provide and enhance the services) use a variety of technologies, including cookies and similar tools, to assist in collecting this information.
When you use the services, our servers automatically record certain information in server logs. These server logs may include information such as your web request, Internet Protocol (“IP”) address, browser type and settings, referring / exit pages and URLs, number of clicks and how you interact with links on the services, metadata associated with uploaded Content, domain names, landing pages, pages viewed, mobile carrier, date and time stamp information and other such information.
When you access the services using a mobile device, we collect specific device information, including your MAC address and other unique device identifiers. We also collect information such as the type of device you are using, its operating system, and mobile network information, which may include your mobile phone number. We may associate this device identifier with your account and will use data associated with your device identifier to customize our services to your device and to analyse any device-related issues.
We collect and process general information about the location of the device from which you are accessing the Service (e.g., approximate geographic location inferred from an IP address).
3. Information We Collect From Third-Party Integrations
Prestons Health Clinic may receive additional information about you, such as demographic information, from third parties, such as business partners, marketers, researchers, analysts, and other parties (e.g Facebook) that we may use to supplement the information that we collect directly from you.
COOKIES AND SIMILAR TECHNOLOGIES
To collect the information in the “Information We Automatically Collect” section above, we and our service providers use Internet server logs, cookies, tags, SDKs, tracking pixels, and other similar tracking technologies. A web server log is a file where website activity is stored. An SDK is a section of code that we embed in our applications and software to allow third parties to collect information about how users interact with the services. A cookie is a small text file that is placed on your computer or mobile device when you visit a site, that enables us to: (i) recognize your computer and login session; (ii) store your preferences and settings; (iii) understand which web pages of the services you have visited; (iv), enhance your user experience by delivering and measuring the effectiveness of content and advertising tailored to your interests; (v) perform analytics; and (vi) assist with security and administrative functions. Tracking pixels (sometimes referred to as web beacons or clear GIFs) are tiny electronic tags with a unique identifier embedded in websites, online ads and/or email, and that are designed to provide usage information like ad impressions or clicks, email open rates, measure popularity of the services and associated advertising, and to access user cookies. As we adopt additional technologies, we may also gather information through other methods.
Please note that you can change your settings to notify you when a cookie is being set or updated, or to block cookies altogether. Please consult the “Help” section of your browser for more information (e.g., Internet Explorer; Google Chrome; Mozilla Firefox; or Apple Safari).
HOW WE USE YOUR INFORMATION
We use your information (including any information that we collect, as described in this Policy) for various purposes depending on the types of information we have collected from and about you and the specific Prestons Health Clinic services you use, including to:
Provide the services you have requested.
Respond to your request for information and provide you with more effective and efficient customer service.
Provide you with product updates and information about products & services you have purchased from us.
Provide you with service notifications via email and SMS.
Contact you by email, postal mail, or phone regarding Prestons Health Clinic and third-party products, services, surveys, research studies, promotions, special events and other subjects that we think may be of interest to you.
Customize the advertising and content you see.
Help us better understand your interests and needs and improve our services.
Synthesize and derive insights from your use of different Prestons Health Clinic products and services.
Engage in analysis, research, and reports regarding use of our services.
Provide, manage, and improve the services.
In its administration of its CCTV system, Prestons Health Clinic complies with the
General Data Protection Regulation (GDPR) and the Data Protection Act 2018.
Due regard is given to the data protection principles embodied in GDPR. These
principles require that personal data shall be:
a) processed lawfully, fairly and in a transparent manner;
b) collected for specified, explicit and legitimate purposes and not further
processed in a manner that is incompatible with those purposes;
c) adequate, relevant and limited to what is necessary in relation to the purposes
for which they are processed;
d) accurate and, where necessary, kept up to date;
e) kept in a form which permits identification of the data subjects for no longer
than is necessary for the purposes for which the personal data are processed;
f) processed in a manner that ensures appropriate security of the personal data,
including protection against unauthorized or unlawful processing and against
accidental loss, destruction or damage, using appropriate technical or
Prestons Health Clinic ensures it is responsible for, and able to demonstrate compliance with GDPR.
ONLINE ANALYTICS AND ADVERTISING
We use third-party web analytics services (e.g., Google Analytics) on our services to collect and analyse the information discussed above, and to engage in auditing, research and reporting. The information (including your IP address) collected by various analytics technologies described in the “Cookies and Similar Technologies” section will be disclosed to or collected directly by these service providers.
2. Online Advertising
Third parties or affiliates may administer Prestons Health Clinic banner advertising programs and other online marketing on non-Prestons Health Clinic websites and services. To do so, these parties may set and access first-party cookies delivered from the Prestons Health Clinic domain, or they may use third-party cookies or other tracking mechanisms. For example, a third-party provider may use the fact that you visited Prestons Health Clinic website to target online ads for Prestons Health Clinic services to you on non Prestons Health Clinic websites. Or a third-party ad network might collect information on the services and other websites to develop a profile of your interests and target advertisements to you based on your online behaviour. These parties that use these technologies may offer you a way to opt out of ad targeting as described below. You may receive tailored advertising on your computer through a web browser.
HOW WE SHARE YOUR INFORMATION
Prestons Health Clinic will share your information in the following ways:
We may provide access to or share your information with select third parties who perform services on our behalf. These third parties provide a variety of services to us, including without limitation product manufacture, billing, sales, marketing, provision of content and features, advertising, analytics, research, customer service, shipping and fulfilment, data storage, security, fraud prevention, payment processing, and legal services.
When you initiate a connection with a third-party integration through the services (e.g., Drift, Facebook Messenger, Slack, Asana etc), we will share information about you that is required to enable your use of the third-party integration through the services.
If the ownership of all or substantially all of our business changes, we may transfer your information to the new owner so that the services can continue to operate. In such case, your information would remain subject to the promises and commitments contained in this Policy until such time as this Policy is updated or amended by the acquiring party upon notice to you. If such transfer is subject to additional mandatory restrictions under applicable laws, Prestons Health Clinic will comply with such restrictions.
The services make it possible for you to upload and share comments or feedback publicly (i.e., outside of Prestons Health Clinic mobile and web app) with other users, such as on Prestons Health Clinic social media, blogs etc. Any information that you submit through such public features is not confidential, and Prestons Health Clinic may use it for any purpose (including in testimonials or other Prestons Health Clinic marketing materials). Any information you post openly in these ways will be available to the public at large and potentially accessible through third-party search engines. Such information can be read, collected and/or used by other users, and it could be used to send you unsolicited messages. Accordingly, please take care when using these features of the services.
From time to time, Prestons Health Clinic may share Aggregate/De-Identified Information about use of the services, such as by publishing a report on usage trends. As stated above, this Policy places no limitations on our use or sharing of Aggregate/De-Identified Information.
We may also disclose your information to third parties with your consent to do so. For example, we will write to your GP to update them on your treatment but only with your consent.
We provide you with a number of choices with respect to the information we collect and use as discussed throughout this policy. For example: – You may instruct us not to use your contact information to contact you by email, postal mail or phone regarding products, services, promotions and special events that might appeal to your interests by contacting us at any time.
In commercial email messages, you can also opt out by following the instructions located at the bottom of such emails.
Please note that, regardless of your request, we may still use and share certain information as permitted by this policy or as required by applicable law. For example, you may opt out of certain operational or service-related emails, such as those reflecting our relationship or transactions with you, but we have to retain your medical records for a period of at least seven years.
Third Party Links and Services
The services contain links to third-party websites such as social media sites, and also contain third-party integrations. If you choose to use these sites or integrations, you may disclose your information not just to those third-parties, but also to their users and the public more generally depending on how their services function. Because these third-party websites and services are not operated by Prestons Health Clinic, Prestons Health Clinic is not responsible for the content or practices of those websites or services. The collection, use, and disclosure of your personal and other information will be subject to the privacy policies of the third party websites or services, and not this Policy. We urge you to read the privacy and security policies of these third-parties.
Our services are available to all ages. For children under 16, we may need to get consent from someone with parental responsibility. This could be: − the child’s mother or father; − the child’s legally appointed guardian; − a person with a residence order for the child; − a local authority designated to care for the child; or − a local authority or person with an emergency protection order for the child. However, some children under 16 can give consent if they can fully understand the information given to them. This is known as ‘Gillick competence’.
INTERNATIONAL TRANSFER OF DATA
Prestons Health Clinic complies fully with the Data Protection Act 2018 (DPA 2018), and the UK General Data Protection Regulation (UK GDPR).
The Data Protection Act 2018 (DPA 2018), and the UK General Data Protection Regulation (UK GDPR) imposes restrictions on the transfer of personal data outside the UK, to third countries or international organisations, in order to ensure that the level of protection of individuals afforded by (UK GDPR) is not undermined.
Prestons Health Clinic may transfer information that we collect about you to third party processors across international borders outside the UK. These third parties may have access to your information for the limited purpose of providing the service we have contracted with them to provide.
For example our Practice Management Software is cloud based and servers are located in Australia. However the relevant safeguards & documentation is in place so our patient data is secure and we are comfortable meeting the standards of UK GDPR.
If you want to learn more about the information collected through the services, or if you would like to access or rectify your information and/or request deletion of information we collect about you or restrict or object to the processing of your information, please contact us using the contact information below. You may have to make a ‘Subject Access Request’ This is covered in the JOIC’s Subject Access Request Policy which is available on request. Where you have provided consent, you may withdraw your consent at any time, without affecting the lawfulness of the processing that was carried out prior to withdrawing your consent. If you are dissatisfied with the way we process your information, you may lodge a complaint with the Jersey Office of Information Commissioner, Jersey’s independent body set up to uphold information rights.
HOW LONG WE STORE YOUR INFORMATION
We will retain your information for the period necessary to fulfil the purposes outlined in this Policy unless a longer retention period is required or permitted by law.
We reserve the right to amend this Policy at any time to reflect changes in the law, our data collection and use practices, the features of our services, or advances in technology. We will make the revised Policy accessible through the services, so you should review the Policy periodically. If we make a material change to the Policy, you will be provided with appropriate notice and we will seek your consent to the updated Policy in accordance with legal requirements.
HOW WE PROTECT YOUR INFORMATION
Prestons Health Clinic takes technical and organisational measures to protect your personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access. However, no method of transmission over the Internet, and no means of electronic or physical storage, is absolutely secure, and thus we cannot ensure or warrant the security of that information. If you have any questions about security on our services, you can contact us at firstname.lastname@example.org or 01733 515633.
TERMS AND CONDITIONS
1. DEFINITIONS AND INTERPRETATION
1.1 In this agreement the following words have the following meanings:
- “You” or “Your” means the Client, or if the client is under 16 years of age the Client’s Parent or Guardian, “Services” means Physiotherapy, Podiatry, Acupuncture or Sports Massage services.
- The “Practice” means Prestons Physiotherapy Ltd, its officers, employees, agents or contractors.
- “Practitioner” means a Chartered Physiotherapist, Acupuncturist, Podiatrist or Sports Massage Therapist “Appointment Fee” means the standard cost of the Initial Assessment, Consultation/Treatment, or Massage booked as detailed in our published price list, without any applicable discounts considered.
1.2 Any reference to a statutory provision includes all re-enactments and modifications of it and any regulations made under it.
1.3 The headings in this agreement have been inserted for convenience only. They do not form part of this agreement and do not affect its interpretation.
2. CANCELLATION OF AN APPOINTMENT, CHANGES TO AN APPOINTMENT BY THE CLIENT, OR FAILURE TO ATTEND.
2.1 In making an appointment at the Practice, the Client agrees to give the Practice a minimum of twenty four (24) hours notice to cancel or change the appointment.
2.2 Where sufficient notice, as in clause 2.1, of change or cancellation of an appointment is not received by the practice the Client will be liable in full for the Appointment fee.
2.3 If the Client fails to attend an appointment without sufficient notice, as in clause 2.1, the Client will be liable in full for the Appointment fee.
2.4 Where a third person/party makes an appointment for the Client, it is that persons responsibility to make the Client aware of our cancellation terms.
2.5 Where an email, answer phone message, or any other notification to inform the Practice that an appointment is to be cancelled has been left, or instructed to be left, it is the Clients responsibility to confirm that the Practice has received this information.
2.6 If the Client fails to attend an appointment that has not been cancelled the Client will be deemed to have breached clause 2.1
2.7 If the Client arrives late for an appointment the Practitioner is at liberty to decide to either treat the client for the remainder of the appointment time booked, or to decide that treatment within the remaining appointment time booked in not appropriate. In either event the full Appointment Fee will be payable by the Client (less any discount for payment on the day of treatment).
3. CANCELLATION OF APPOINTMENT BY THE PRACTICE.
3.1 Should the Practice be required to cancel a Clients appointment, the Practice is not subject to a minimum notice of cancelation.
3.2 The Practice will not be liable for any charges or for any costs incurred by the Client as a result of or relating to cancelling the Clients appointment.
4. PRIVATE HEALTHCARE.
4.1 It is the Clients responsibility to ensure that the Client insurance provider will cover the cost of the Clients treatment by the Practice prior to receiving treatment.
4.2 It is the Clients responsibility to check their policy for any excess amounts payable and for inform the Practice of any excess amount prior to receiving treatment.
4.3 It is the Clients responsibility to check their policy for any limits to treatment (cost or number of treatments) and manage their appointments to within their policy limitations.
4.4 Should the clients insurer either: Advise the Practice that they will not make payment of an invoice, or fail to pay an invoice within 90 days of submission by the Practice, the Practice will invoice the Client for the amount unpaid.
4.5 An invoice and then a subsequent letter requesting payment of the invoice will be sent free of charge. Any further correspondence relating to the unpaid invoice will incur an administration charge per item.
4.6 It is the Clients responsibility to manage and resolve any disputes or problems arising over payment from their insurer.
5. RECOVERY OF OUTSTANDING ACCOUNTS
5.1 In the event that the Practice is required to take action to recover payment of an outstanding invoice, the Client accepts fully liability for all additional administrative and recovery costs incurred by the Practice and/or a third party debt recovery agent, in recovering payment.
5.2 In the event that the Practice is required to take action to recover payment of an outstanding invoice, the Client accepts fully liability for all additional administrative and recovery costs incurred by the Practice and/or a third party debt recovery agent, in recovering payment.
5.3 An invoice and letter, then a further letter requesting the Client resolves their unpaid account will be sent free of charge. All further correspondence will incur an administration fee of £10.00 per correspondence.
5.4 Any additional recovery charges will be added to the amount to be recovered.
6. GOVERNING LAW AND JURISDICTION
6.1 This agreement shall be governed by and interpreted in accordance with the law of England and Wales.
6.2 The parties to this agreement submit to the exclusive jurisdiction of the English Courts in relation to any claim, dispute or matter arising out of or relating to this agreement.
Our main clinic location is within David Lloyd Club in Thorpe Wood, Peterborough with a satellite clinic in Oundle School.
Please contact us at 01733 565911 for more information on our clinic times & locations.
David Lloyd Club
Thorpe Wood Business Park,
get in touch
Monday : 8.15 - 8.30pm
Tuesday : 8.15 - 6pm
Wednesday : 8.15 - 8pm
Thursday : 8.15 - 6pm
Friday : 8.15 - 6pm