This policy outlines how Ellie Yuen Physiotherapy collects, uses, and protects your personal data. We are committed to ensuring your privacy is protected in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Why We Collect Your Data
We collect and process your personal information for the following legal reasons:
Contractual Necessity: To provide the healthcare services you have requested.
Legitimate Interests: To safely manage your clinical care, send appointment confirmations, and provide updates regarding your treatment.
Legal Obligation: As healthcare providers, we are legally required to maintain accurate clinical records.
Consent: For specific actions such as sending electronic exercise programmes or marketing (which you can withdraw at any time).
2. How Your Data is Stored
Your data is stored securely using industry-standard protection:
Electronic Records: We use Cliniko, a specialist healthcare management system that is fully GDPR compliant and encrypted.
Security: Any local access via work computers is protected by multi-factor authentication, strong passwords, and regular security updates.
Financial Data: Payments are processed via Stripe or bank transfer. We do not store your full credit card details on our internal systems.
3. Data Retention (How long we keep records)
By law, we must retain clinical records to ensure continuity of care and for legal protection:
Adults: Records are kept for 7 years following your most recent appointment.
Minors: Records are kept until the patient reaches age 25, or 7 years after the last appointment, whichever is longer.
Disposal: Once this period expires, your data will be securely and permanently deleted/destroyed.
4. Sharing Your Information
We maintain strict confidentiality. Your data will never be shared with third parties for marketing purposes. It is only shared when:
You provide written consent (e.g., sharing a report with your GP, Consultant, or Insurance provider).
We are required by law (e.g., a formal court order).
There is a serious risk of harm to yourself or others.
5. Your Rights
Under UK GDPR, you have the following rights:
Access: You can request a copy of the personal data we hold about you.
Rectification: You can ask us to correct any factual inaccuracies in your records.
Erasure: You can request the deletion of your data only once the legal minimum retention period (7 years) has passed.
Withdrawal of Consent: You can opt-out of exercise software or newsletters at any time.
6. Complaints
We take the protection of your data very seriously. If you have any concerns or questions about how your personal information is handled, please contact Ellie Yuen directly at info@ellieyuenphysio.com so we can resolve the matter.
You also have a legal right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s independent authority set up to uphold information rights. You can contact them via their website at www.ico.org.uk.
.svg)
.svg)
.svg)
.svg)
.svg)