We look after your wellbeing and your personal data. You can put your trust in Central Somerset Physiotherapy. You are choosing a reputable business that thrives on high standards, professional qualification and constant improvement. Our 'Terms and Conditions' are laid out below for your reference and peace of mind.
Terms and conditions:
Below are the terms and conditions on which we, Central Somerset Physiotherapy, provide physiotherapy services (the 'Services'). The exact services we will provide to you will depend on what we agree and what is the result of the Initial Assessment. If you have questions concerning them please ask before entering into a contract with us. Before we provide any Services, we shall perform an initial assessment of your needs and requirements ('Initial Assessment').
An initial face to face or online assessment consists of:
■ A discussion of your needs with us; an evaluation of your needs:
■ A full objective examination of your problem, which will involve following our reasonable instructions as set out below;
■ Developing a programme of recommended action to address your needs and requirements.
■ Remote physiotherapy assessments will take place using a GDPR compliant method of assessment (Zoom, Physitrack, Skype, Microsoft Teams etc)
Result
Please note that after the Initial Assessment has been carried out, we may decide that we cannot provide any Services if, for example, treatment for the condition may not be suitable or appropriate.
Performance of the Services Initial Assessment
We will normally provide you with the Services only after an Initial Assessment has been carried out. If there is a significant period between an Initial Assessment and us providing the Services, we may ask you to confirm in writing that the Initial Assessment remains accurate, or ask you to undergo another Initial Assessment.
Outcomes
It is not possible that any particular result or outcome can be guaranteed as a result of us providing the Services. Our aim is to provide the Services using reasonable care and skill. Some patient's conditions may take longer than others to treat and we will regularly reassess the treatment plan.
Sessions
If we have not agreed the number of sessions to be provided, we shall provide sessions on a session-by-session basis. We will agree the date and time of the first session and any subsequent sessions by telephone, in person or by e-mail.
Assignments
We may set you assignments to be completed between sessions. You are not obliged to complete these assignments; but if you do not complete them, your progress in achieving the desired outcomes may be slowed down.
Costs of sessions and payment fees
Our fees for each session are as confirmed by us to you. You are personally liable to pay all of our fees and any surcharges incurred, such as any cancellation fees. We are happy to accept you as a client if you are arranging to pay through a third party, such as private medical insurance, however it is your responsibility to check with that third party whether you have to pay any excess and how much treatment they will pay for, as you will be liable for any payment they do not make.
Payment
We accept payment in cash or cheque. Payment will be by you to us at the end of each session for that session.
Late arrival and cancellation
If you are late arriving at a session, the session will begin on your arrival and continue until the time when it is scheduled to end. If you wish the session to overrun, and we agree, then you may be charged at our discretion for the extra time we spend in providing the Services.
If you have booked a session and you cancel with less than 24 hours' notice or do not turn up for the session, then you are liable to pay the cost of that session. Please be aware that, in many cases, insurance companies will not pay our fees if you have not turned up or cancelled with less than 24 hours' notice and as is the case above, if your insurance company will not pay, you will be liable for such payment.
On occasion, we may have to cancel a scheduled session. This may occur, for example, if a staff member is sick or if a preceding session has overrun. If we have to cancel a scheduled session, we will book you another appointment as soon as reasonably possible. No charge will be made to you for the session cancelled by us.
Confidentiality
We shall treat all personal and business information supplied by you as confidential.
We shall not disclose such information to any third party without your prior permission, except where required by law or where action might be necessary to protect you or someone else.
Data Protection
We are registered under the Data Protection Act 1998 and we shall treat all personal data in accordance with the requirements of that Act.
Outcomes
We shall seek to enable you to achieve your desired outcomes. No outcome can be guaranteed, however, and you have sole responsibility for acting on any recommendations or advice Central Somerset Physiotherapy may give. We have no liability for any loss incurred by you, whether financial or otherwise, following my provision of the Services, nor for any perceived failure by you, whether justified or otherwise, to achieve your desired outcomes or goals.
Indemnity
You agree that you will indemnify us against any and all loss or damage suffered, including any legal fees or costs, as a result of any breach of this agreement by you.
Early termination
In exceptional circumstances, such as illness or other commitments, inappropriate behaviour by you, refusal to be treated in a reasonable way, actual or potential conflict of interest, or other reasons, we may decide to terminate the Services early and or refuse or be unable to provide further sessions to you. In such circumstances, we shall give you reasonable notice of termination where practicable and will refund to you any advance payment made for sessions not yet provided.
Events outside our control
We will not be liable to you as a result of any delay or failure to perform our obligations under this contract as a result of any event beyond our control including but not limited to, strikes, lock-outs or other industrial disputes, failure of a utility service or transport network, act of God, fire, flood or storm or breakdown of machinery.
Disputes and governing law
If you are unhappy with the Services Central Somerset Physiotherapy provides, we hope you will discuss any problems or issues with the practitioner who treated you first. If that does not resolve matters to your satisfaction, the matter will be referred to one of the practice directors who will handle the complaint. This agreement is governed and construed by English law and the parties submit to the jurisdiction of the courts of England and Wales.
How your personal information is managed?
Central Somerset Physiotherapy want you to feel assured about the privacy and security of any personal data or information that you provide. This privacy policy notice explains how Central Somerset Physiotherapy uses any personal information that we collect about you and your rights in relation to that information.
The General Data Protection Regulation (GDPR) Personal Data
By itself, data has no meaning. For instance, a date is just a series of numbers and characters which could indicate the date of any unspecified event. However, when you attribute that date to a specific event or person, it becomes information, such as a person’s date of birth.
Personal data is data which relates to any living individual who can be identified from that data, or from that data and other information; such as an expression of opinion about the individual.
What is the GDPR?
The General Data Protection Regulation 2018 (GDPR) replaces the Data Protection Act 1998 (DPA) in governing how personal data is managed by a "controller" or "processor".
In this respect, a data controller is a person (or business) who determines the way in which, personal data is processed. A data processor is anyone who processes personal data on behalf of the data controller (not including the data controller's own employees).
A "Data Subject" is a person whose data is being processed.
GDPR Principles
Under the GDPR, the data protection principles set out the main responsibilities for organisations. GDPR requires that personal data shall be:
■ Processed lawfully, fairly and in a transparent manner.
■ Collected for specified, explicit and legitimate purposes.
■ Adequate, relevant and limited to what is necessary.
■ Accurate and, where necessary, kept up to date.
■ Kept in a form which permits identification of data subjects for no longer than is necessary.
■ Processed in a manner that ensures appropriate security of the personal data.
■ It also requires that the controller shall be responsible for, and be able to demonstrate, compliance with the principles.
The GDPR provides the following rights for individuals:
■ The right to be informed – Central Somerset Physiotherapy must provide details (such as those provided in this privacy notice) of how Central Somerset Physiotherapy processes information to the data subject. This information must be available at any time personal data is obtained.
■ The right of access – Data subjects have the right to know what information Central Somerset Physiotherapy has in relation to them. Data subjects then have the right to access this information.
■ The right to rectification – Data subjects have the right request we update inaccurate or incomplete information that is being processed or stored by Central Somerset Physiotherapy.
■ The right to erasure – Data subjects have the right to request we delete any information we have in relation to them.
■ The right to restrict processing – Data subjects have the right to block or suppress Central Somerset Physiotherapy processing their information.
■ The right to data portability – Data subjects can request that Central Somerset Physiotherapy make their information available to move, copy or transfer personal data easily from one environment to another.
■ The right to object – Data subjects can object to processing their information for activities such as marketing.
■ Individuals also have rights in relation to automated decision making and profiling. However, Central Somerset Physiotherapy does not carry out this type of processing. This privacy policy notice explains how Central Somerset Physiotherapy processes personal data and the rights of the data subject in relation to that data.
Who is collecting your data?
Central Somerset Physiotherapy Ltd. Company Registration Number: 8079844
Administration Address: 10 Rectory Road, Burnham-on-Sea, Somerset TA8 2BY
Call: 01749 675568 Email: admin@centralsomersetphysio.co.uk
Any information collected or produced as part of these services will be managed in accordance with Central Somerset Physiotherapy’s information security policies & procedures.
Central Somerset Physiotherapy’s lawful basis for processing data:
Central Somerset Physiotherapy acts as both controllers and processors of personal information.
As Controller
As controller, Central Somerset Physiotherapy’s processing activities include arranging appointments between data subjects (patients) and clinicians (physiotherapists) for the purposes of consultation, examination and treatment services.
In arranging an appointment, the legal basis for Central Somerset Physiotherapy processing personal data, such as a data subject’s name, contact details, date of birth, will be contractual. It will be an informal contract between the data subject and Central Somerset Physiotherapy with the understanding that Central Somerset Physiotherapy will provide a service in exchange for payment. The data subject or their representative will be advised of this arrangement at the time of booking, as well as their rights in relation to processing their information.
Terms and conditions relating to a contract for the provision of a service should not infringe on a data subject’s rights in relation to GDPR.
As Processor
As processor, Central Somerset Physiotherapy’s processing activities include arranging appointments between third-party referrers (physiotherapy clinicians).
Where data is collected from third-parties, there will be a contractual agreement between Central Somerset Physiotherapy and the third-party.
Special Category Data – Second Lawful Basis
Information about an individual, that is likely to be of a sensitive or private nature and could be used in a discriminatory way, is described as sensitive personal information and identified as special category data. This type of information needs to be treated with greater care than other forms of personal data.
Sensitive personal information may include:
■ Racial or ethnic origin
■ Political opinion
■ Religious or other similar beliefs
■ A physical or mental health or condition Sexual Orientation
When a data subject presents for an appointment, they will be required to provide, or a clinician may generate/obtain and document information that may contain sensitive or special category data, including information relating to a physical or mental health or condition.
Second Lawful basis for processing special category data
Special category data is personal data which the GDPR says is more sensitive, and so needs more protection. When processing special category data, Central Somerset Physiotherapy must identify both a lawful basis under Article 6 and a separate condition for processing special category data under Article 9.
In accordance with GDPR Article 9 section 2 (a), relating to special category information, the most appropriate lawful basis for Central Somerset Physiotherapy in processing this kind of data is that the data subject must provide consent prior to an appointment where special category information may be obtained and/or processed.
Consent needs to be clear, concise, specific, granular, explicit, separate from other terms & conditions and will require the data subject to positively opt in. Consent forms will be periodically and routinely reviewed and updated to ensure they remain relevant and applicable to the process for which it is required.
Requirements for sharing special category data with third-parties
Central Somerset Physiotherapy may act as a processor of personal data but become a controller in obtaining special category data during an appointment. Central Somerset Physiotherapy may also be a controller and need to transfer information to a third-party where the third-party acts as a processor. In these instances:
Third-parties will be identified to the data subject prior to transfer of information. Explicit consent will be required for Central Somerset Physiotherapy to share personal information with third-parties, irrespective of their original role. Third-parties will be required to have a contractual agreement with Central Somerset Physiotherapy. As part of this contract third-parties will be required to demonstrate that they have attained a suitable level of information security and have met the standards set by GDPR in acting as processor.
Central Somerset Physiotherapy will not transfer information outside of the EU.
How personal data is collected
Central Somerset Physiotherapy will collect personal data:
■ In direct communications (such as website, telephone, letter or Facebook) either with the data subject or a third-party controller.
■ When a data subject completes a consent form, template, questionnaire or registration form, either directly from the data subject or via a third-party.
■ When a clinician completes a clinical record or report as part of a consultation/appointment.
■ As part of a third-party instruction or referral where Central Somerset Physiotherapy is a processor.
■ As part of a clinical record obtained from a third-party, such as a diagnostic test result, screen or clinical specialist/expert/consultant where Central Somerset Physiotherapy is the original controller and referrer.
■ As part of financial processing.
■ We also use analytical and statistical tools that monitor details of your visits to our website and the resources that you access, including, but not limited to, traffic data, location data, weblogs and other communication data (but this data will not identify you personally).
What personal data is being collected or generated?
■ Name and DOB
■ Contact information including email address
■ Demographic information such as postcode
■ Other information relevant to customer surveys and/or offers
Central Somerset Physiotherapy will need to obtain a minimal amount of personal data to:
■ Contact a data subject
■ Provide details of an appointment.
■ When Central Somerset Physiotherapy need to make changes to an appointment.
■ Identify the data subject in relation to their own existing medical record(s).
Internal record keeping
■ We may use the information to improve our products and services.
■ We may periodically send promotional emails about new products, special offers or other information which we think you may find interesting using the email address which you have provided.
■ Data subjects are permitted to arrange appointments anonymously. However, the data subject will need to provide identifiable details, which will need to be recounted in communications with Central Somerset Physiotherapy to provide a continual service.
■ The minimum amount of personal data a data subject’s is required to provide is contact information, name and date of birth. However, as part of an appointment, a clinician may also need to obtain or create sensitive personal information about a data subject, which includes information relating to a physical condition. With consent, Central Somerset Physiotherapy may also refer to previous medical opinion (such as medical records).
■ The amount of information required will vary depending individual circumstances, symptoms or requirement. However, the personal data required will be proportional and relevant.
■ Data subjects are not compelled to provide any information. However, withholding or providing inaccurate information may affect the ability of our clinicians to provide an effective service.
How will personal data be used?
The information Central Somerset Physiotherapy collect will only ever be used for the purposes of undertaking or providing consultation, treatment, examination and medical management services.
As part of these services Central Somerset Physiotherapy may require personal information to create appointments and to convey or record medical opinion. Central Somerset Physiotherapy will not use or pass on personal data to market services that are unrelated to those that have been consented.
However, with consent, Central Somerset Physiotherapy may use personal data to inform a data subject about a follow-up or related service.
Where is personal data stored?
Information is either stored as an electronic record, on a central database or as a hardcopy (paper record) at Central Somerset Physiotherapy main administration centre. Information may be processed externally on-site or at one of Central Somerset Physiotherapy’s clinic locations, so long as use abides to Central Somerset Physiotherapy’s information security and Remote Working policy.
Who will it be shared with?
With consent, Central Somerset Physiotherapy may share information with third-parties for further investigation and/or specialist opinion. Examples of third-parties include:
■ Clinical experts, specialists or consultants.
■ Solicitors or agencies where Central Somerset Physiotherapy is originally acting as processor.
■ Employers who refer for occupational health opinion.
Security
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
How we use cookies
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
Google Analytics
We may track visits to our website using Google Analytics for statistical purposes, where your location and what pages you visit will be tracked – however we do not have access to your name or other private information purely from your website visit. We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
Contact Forms
Should you contact us via our website using an online form, your information will be processed in the same way as any record as described above.
Links to other Websites
Our website may contain links to enable you to visit other websites of interest easily. However, once you have used these links to leave our site, we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement on the website you visit. Although we may link to websites of interest, we are in no way responsible for any content on those websites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.
Mailing software, privacy and unsubscribe
On occasion we send emails to our students and customers with information that may be of interest, through a mailing list service called Mailchimp or Brevo. Only your name and email address, or if a student the name of the course you are on, are stored within Mailchimp or Brevo. They have their own Privacy Policy to ensure your data is secure. All of our emails sent via the service always have an ‘unsubscribe’ link at the bottom of the email, where you can remove yourself from all future mailings instantly, and remove any of your data.
The removal of information
Data subjects have the right to withdraw consent or request a copy/transferal/removal of their information at any time by requesting Central Somerset Physiotherapy’s Consent Removal form.
■ Your rights
■ The DPA and GDPR give you the right to access information held about you by us. Please write to us or contact us by email if you wish to request confirmation of what personal information we hold relating to you. You can write to us or email to: admin@centralsomersetphysio.co.uk
There is no charge for requesting that we provide you with details of the personal data that we hold. We will provide this information within one month of your requesting the data.
You have the right to change the permissions that you have given us in relation to how we may use your date. You also have the right to request that we cease using your data or that we delete all personal data records that we hold relating to you. You can exercise these rights at any time by email to: admin@centralsomersetphysio.co.uk
Suspected Breaches
Suspected breaches in data protection can be reported to Liz Gardner. Serious breaches will be reported to the Information Commissioner’s Office (ICO). You retain the right to report a breach to the ICO directly - https://ico.org.uk/for-organisations/report-a-breach/.
It is the responsibility of all Central Somerset Physiotherapy’s employees and contractors to report suspected breaches of information security to Liz Gardner without delay.
Changes to this policy
We may update these policies to reflect changes to the website and customer feedback. Please regularly review these policies to be informed of how we are protecting your personal data.
We welcome any queries, comments or requests you may have regarding this Privacy Policy. Please do not hesitate to contact us at:
admin@centralsomersetphysio.co.uk