Physio Science UK (PSUK) have a strict data protection policy in line with the Data Protection Act (DPA) 1998 and General Data Protection Regulations (GDPR) 2018.
PSUK is required to process relevant personal data regarding staff, therapists, patients, clients and customers as part of its operation, and shall take all reasonable steps to do so in accordance with this policy.
This is the updated Data Protection Policy following an audit in February 2018, and in line with the new GDPR.
2.0 Data Protection Officer
PSUK has named Emily Webster as the Data Protection Officer (DPO) and Michelle Khoury as the Deputy Data Protection Officer (DDPO). These officers will endeavour to ensure all data is processed in compliance with this policy and the DPA and GDPR.
3.0 What information do we collect?
Your information will be collected and used appropriately to enable us to provide a high-quality service to you. We undertake to protect personal and sensitive data in a manner that is consistent with the requirements of the DPA and GDPR. We take appropriate organisational and technical security measures to protect your data against unauthorised disclosure or processing.
3.1 Physiotherapy Clinics
All data provided by clients is recorded and stored in accordance with the DAP and GDPR. Personal information that we collect may include name, address, contact numbers, email address, source of referral, a brief detail of the condition requiring physiotherapy, and insurance details if relevant.
These details may be collected in several different ways including:
- Over the telephone.
- By email.
- On initial assessment where clients complete the necessary documents for the physiotherapy records.
- At the point of referral from an external source eg from an insurance intermediary or surgeon.
When an individual discloses personal information about themselves verbally, in writing or electronically, they consent to our use of the information for physiotherapy purposes. This information is held and used in compliance with the DPA, GDPR and Charted Society of Physiotherapists (CSP).
Personal information is not disclosed to any third party without obtaining your prior consent, unless we are required to do so by the referral source, or by law.
Physiotherapy notes are kept in line with the CSP codes of conduct and record keeping guidance. These are stored securely, and access is restricted to relevant PSUK personnel only.
3.2 Pitch side therapists
Personal information is collected utilising the online ‘join us’ application form at www.physioscienceuk.com. Personal information is collected and processed in line with an application to work with PSUK.
Explicit consent is obtained via this application form and includes a clear description of the use and storage of personal information.
Therapists will be required to utilise ‘Egress’ when sending/receiving injury reports to PSUK, to ensure end to end encryption when sending/receiving this sensitive data.
3.3 Player Welfare Services
All personal information collected and used with regards to providing player welfare services to independent schools or sports teams, is done so lawfully and in conjunction with the DPA and GDPR.
Contact details for each team are stored securely and accessed only by appropriate PSUK personnel. It is up to the individual teams to ensure that all contact details held for them by PSUK, are up to date.
Independent schools and teams will be required to utilise ‘Egress’ when sending/receiving injury reports to PSUK, to ensure end to end encryption when sending/receiving this sensitive data.
4.0 Use of your Information
4.1 Physiotherapy Clinics
We will hold and use information in line with the DPA and GDPR. We require this information to ensure PSUK can provide a high-quality service to you.
Personal data and medical records are required to ensure we comply with the HCPC and CSP regulations, regarding accurate collection and documentation of clinical records for patients. PSUK complies with ‘the standards for the clinical structure and content of patient records’ compiled by HSCIC in 2013 and supported by the CSP. The standard retention period for physiotherapy notes is 8 years, as per the CSP guidelines.
We also collect other information such as your injury or how you were referred to PSUK, this is to help PSUK continue to improve the service we provide.
All patients complete and sign the PSUK ‘patient registration and terms and conditions’ at their first appointment.
4.2 Pitch Side Therapists
Personal data is stored following completion of the online ‘join us’ application form. Explicit consent is obtained during the online application process. The personal information collected during this application is collected and stored securely and is only used for its intended purpose.
Once the therapist has fulfilled the application process and begins working with PSUK, they consent that their contact details may be passed to the relevant teams/independent schools, to ensure effective communication regarding fixtures.
Therapists will be contacted annually to review their personal data and ensure we hold up to date records. It is the therapists responsibility to inform us of any changes in their personal data, and to ensure we hold accurate and up to date records for them.
If a therapist has not responded to any form of communication from PSUK in 3 years, their details will be removed from the database, and held on a ‘removal database’ for a further 1 year. Following this period their details will be erased completely from all PSUK systems.
Pitch side therapists are required to send all injury reports and medical records securely using ‘Egress’, which provides end to end email encryption.
4.3 Player Welfare Contracts
Personal data will only be held by PSUK to ensure effective communication regarding contracts held with each team or independent school.
This information will be stored securely on PSUK IT systems and only accessible to appropriate PSUK personnel.
During the sporting season contact details for the relevant staff members with each team/independent school will be passed to the relevant pitch side therapists to ensure effective communication regarding fixtures. This information is only shared with consent from the team/independent school and pitch side therapist.
Injury reports and medical records will be sent to the team/independent school securely using the end to end encryption system ‘Egress’. These notes will also be processed and stored in accordance with the CSP guidelines and have a retention period of 8 years.
5.0 Disclosure of your Information
We will not disclose your information without your prior consent, unless required to do so by law.
6.0 Controlling the use of your data
If you have given us permission to use your data for a particular purpose, you can change or revoke that at any time. Please see section 13.0 below.
7.0 What we store and transfer of your data
PSUK utilises several electronic systems that store your data securely, please go to their websites regarding their privacy policies.
- Google docs
- Simply Book
The transmission of information via the internet or email is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of data while you are transmitting it to our site; any such transmission is at your own risk. Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorised access.
Where we have given you (or where you have chosen) a password so that you can access certain parts of our site or, you are responsible for keeping this password confidential. You should choose a password that is contains multiple characters and is not easily guessed.
9.0 Third party links
10.0 Sharing information
Our website allows you to share pages with social networks such as Facebook, Twitter and Instagram.
We do not share, sell or distribute your data to third parties.
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site.
Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences. We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website and services to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website and service, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us. You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
12.0 Your rights
The DPA and GDPR give any client of PSUK to several rights of their personal data. This includes:
Right to be informed
All clients have the right to be informed of the use of their data, PSUK upholds this within the relevant terms and conditions within each area of the business.
Right to access
Any client of PSUK has the right to access information held by us. Please email us if you would like to request copies of the personal data held by PSUK. Once we have received and acknowledged receipt of your request, we will send copies of the requested information within one month. Please see the relevant contact email addresses below
Right to rectification
All clients of PSUK have the right to update any inaccurate information held by PSUK. Please email us if you would like to update any of your personal data. Once we have received and acknowledged receipt of your request, we will send copies of the requested information within one month. Please see the relevant contact email addresses below
Right to erasure
You also have the right that we cease using your data and for this data to be erased. You can exercise these rights at any time by writing to us via email. These requests will be actioned within one month of receipt of the request.
Pitch Side Therapists working with PSUK have three options with removal of personal data. 1. Completely removed from the database, only listing name and date of removal. 2. Removal from main database but kept on a separate individual database for potential appropriate future events. 3. Removal from database but stored on a ‘removal database’ for 1 year. It is the therapists decision as to which option they would prefer to opt for.
Right to restrict processing
You have the right to change the permissions that you have given us in relation to how we use your data. Please email PSUK if you would like to change these details at any point. Once we have received and acknowledged receipt of your email, we will amend these details within one month. Please see the relevant contact email addresses below.
A small administrative fee will be payable for dealing with any data requests.
Contact details for personal data requests
Physiotherapy Clinic: email@example.com
Player Welfare Services: firstname.lastname@example.org
Pitch Side Therapists: email@example.com
13.0 Changes to this policy
PSUK’s privacy statement is subject to change at any time. Please check regularly for updates to this policy to be informed of how we are protecting your personal data.
If you have any questions about this policy please contact us at firstname.lastname@example.org.