Privacy policy.
Privacy Policies
At Mazza Physiotherapy we take the privacy of our clinic and website users very seriously and ask that you read this Privacy Policy carefully as it contains important information about how we will use your personal data. Under the General Data Protection Regulations 1998 and 2018 certain regulations must be complied with. These regulations are designed to ensure that due care and attention is taken when processing any data that you have provided to us.
Who we are
Mazza Physiotherapy are a company registered in England and Wales under company number 12546224. We are registered on the Information Commissioner’s Office Register and act as the data controller when processing your data. Our designated Data Protection Officer can be contacted at enquiries@mazzaphysiotherapy.com
What data we collect
This notice applies to all information collected in the clinical setting at Mazza Physiotherapy or submitted on this website. On some pages you can make requests to receive information or make online bookings. The types of personal information collected at these pages are:
Name
Address
Email Address
Date of Birth
Home Telephone Number
Mobile Telephone Number
Health/Medical Information
Employer
Job Role and Line Manager.
This information is required by law; however, we may also collect information which will give us a better insight and understanding of the users of our website.
How Do We Collect Your Data?
We collect personal information provided by you, the data subject, Occasionally we may contact your GP for additional information with your consent. We collect information using the following methods:
When you register online or make a booking for any of our products or services.
Voluntarily complete a customer survey or provide feedback on any of our message boards or via email.
Use or browse our website via your browser’s cookies.
We will obtain your personal data when you send us feedback, post material, contact us for any reason or sign up to a service.
We may also obtain sensitive personal data about you if you volunteer it during the completion of an online form. If you volunteer such information, you will be consenting to us processing it.
We will obtain medical and confidential information as part of our assessment and treatment about you which is held on an encrypted software practice management system, called Cliniko.
Personal information provided by medico-legal/occupational health/other contracted bodies to whom we provide physiotherapy services on a contractual basis.
Additional information provided by data subjects and/or referring bodies over the phone.
Why we collect your data
To provide you with allied health professional treatment.
We will occasionally send you marketing information where we have assessed that it is beneficial to you as a customer and in our interests. Such information will be non-intrusive and will only be sent on receipt of a double opt-in initial contact form.
We may use your data for billing and invoicing.
We may occasionally use reduced data to perform internal research, statistical analysis and improving our services.
We may be required to share your information with regulators (such as the HCPC) when investigating complaints.
How we will use your data?
We would like to make it clear that Mazza Physiotherapy will never pass any of your contact details to a third party and under no circumstances pass on any of your clinical records unless you have given your expressed consent in cases where medical reports are required as part of your treatment.
We may use your data for the following purposes:
To help us identify you.
Administration.
Statistical Analysis.
Marketing – see marketing and opt-in out below.
Fraud prevention and detection.
To notify you or any changes to this website or our services which may affect you.
Improving our services.
To contact you via email or phone regarding current or future appointments.
To contact you via our online newsletter.
How Do We Store Your Data?
All our clinical records are held securely on the practice management software system and are unavailable to anyone except authorised clinicians. Personal contact details are used solely for appointment purposes and are stored securely on a cloud-based computerised diary system.
On your first session with us you will be asked to complete a consent form. Mazza Physiotherapy Ltd will scan this form and store this on to the cloud-based system. All paper copies will be destroyed. The length of time this information will be kept securely will be in accordance to the HCPC & CSP regulations.
Any payment details are encrypted.
Whilst we will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data which are transferred from you or to you via the internet. Any sensitive confidential information this is required to be sent over the internet will be done via password protected documents or use of encrypted email if requested.
Marketing
Mazza Physiotherapy Ltd would like to occasionally contact you to send information about news, updates and services that we feel are relevant to you. We do not share your information with any other companies.
Before you start your first Physiotherapy Session you will be asked to sign our consent form. On this form you will be given the option to ‘opt in’ to allow us to send you our newsletter or so we may contact you by mail, telephone, SMS or email about products, services and promotions which may be of interest to you. We will never share your personal data with any third party organisations. If you prefer not to receive any further marketing communications from us, you can opt out any time by contacting us at enquiries@mazzaphysiotherapy.com
Your Rights
You have the right to access any personal information that Mazza Physiotherapy Ltd processes about you and to request information about:
What personal data we hold about you.
The purposes of the processing.
The categories of personal data concerned.
The recipients to whom the personal data has/will be disclosed.
How long we intend to store your personal data for.
If we did not collect the data directly from you, information about the source.
If you believe that we hold any incomplete or inaccurate data about you, you have the right to ask us to correct and/or complete the information and we will strive to do so as quickly as possible; unless there is a valid reason for not doing so, at which point you will be notified.
You also have the right to request erasure of your personal data or to restrict processing (where applicable) in accordance with the data protection laws; as well as to object to any direct marketing from us.
Where applicable, you have the right to data portability of your information and the right to be informed about any automated decision-making we may use.
If we receive a request from you to exercise any of the above rights, we may ask you to verify your identity before acting on the request; this is to ensure that your data is protected and kept secure.
You have every right to see any record. Mazza Physiotherapy will always be happy to assist you in any request in this regard with no detriment to your ongoing treatment.
We can also confirm that your data will not be used for any automated profiling purposes.
You also have the right to have to have your personal data deleted on request and to withdraw treatment consent. However, we are required to retain notes pertaining to treatment episodes and any withdrawal of treatment consent would result in termination of your treatment episode.
Clinical notes are required by law to be held for 8 years after which time we will no longer keep them and will securely delete them from our software Practice management system. We are however required to retain records for a longer period of 25 years when the patient is a child.
If you have any concerns regarding how Mazza Physiotherapy Ltd handles your data you are entitled to complain directly to the Information Commissioners Office (ICO).
Your Rights Summary:
Rights to be informed
You have the right to be provided with clear, transparent and easily understandable information about how we use your personal data and your rights. This is why we are providing you with the information in this Privacy Policy.
Right of access
You have the right to obtain access to your personal data (if we are processing it) and certain other information (similar to that provided in this Privacy Policy). This is so you are aware and can check that we are using your personal data in accordance with data protection law.
Right to rectification
You are entitled to have your personal data corrected if it is inaccurate or incomplete.
Right to erasure
This is also known as ‘the right to be forgotten’ and, in simple terms, enable you to request the deletion or removal of your personal data where there is no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions.
Right to restrict processing
You have the right to ‘block’ or supress further use of your personal data in certain circumstances. When processing is restricted, we can still store your personal data, but may not use it further.
Right of data portability
You have the right to obtain and reuse your personal data in a structured, commonly used and machine-readable format in certain circumstances. In addition, where certain conditions apply, you have the right to have such information transferred directly to a third party.
Right to object to processing
You have the right to object to us processing your personal data for our legitimate business interests or for direct marketing purposes (including in each case any related profiling).
Right to withdraw consent to processing
If you have given your consent to us to process your personal data for a particular purpose (for example, direct marketing), you have the right to withdraw your consent at any time (although if you do so, it does not mean that any processing of your personal data up to that point is unlawful).
Right to make a complaint to the data protection authorities
You have the right to make a complaint to the Information Commissioner’s Office (ICO) if you are unhappy with how we have handled your personal data or believe our processing of your personal data does not comply with data protection law.
In the event you make a request we have one month to respond to you. If you would like to exercise any of these rights please contact us n enquiries@mazzaphysiotherapy.com
How Long We Keep Your Data
Mazza Physiotherapy Ltd only ever retains personal information for as long as is necessary and we have strict review and retention policies in place to meet these obligations. We are required under UK tax law to keep your basic personal data (name, address, contact details) for a minimum of 6 years after which time it will be destroyed.
Mazza Physiotherapy Ltd complies with the Chartered Society of Physiotherapy data retention guidelines in which medical data is required to be kept for the following periods before destruction:
Where you have consented to us using your details for direct marketing, we will keep such data until you notify us otherwise and/or withdraw your consent.
Consequences of Not Providing Your Data
You are not obligated to provide your personal information to Mazza Physiotherapy Ltd however, as this information is required for us to provide you with our services we will not be able to offer some/all our services without it.
Lodging A Complaint
Mazza Physiotherapy Ltd only processes your personal information in compliance with this privacy notice and in accordance with the relevant data protection laws. If, however you wish to raise a complaint regarding the processing of your personal data or are unsatisfied with how we have handled your information, you have the right to lodge a complaint with the supervisory authority.
antony@mazzaphysiotherapy.com
Information Commissioner’s Office
https://ico.org.uk/concerns
0303 123 1113
