CMG Physio Limited

CMG Physio LimitedCMG Physio LimitedCMG Physio Limited

CMG Physio Limited

CMG Physio LimitedCMG Physio LimitedCMG Physio Limited
  • Home
  • About me
  • Physiotherapy
  • Acupuncture
  • Contact me
  • More
    • Home
    • About me
    • Physiotherapy
    • Acupuncture
    • Contact me
  • Home
  • About me
  • Physiotherapy
  • Acupuncture
  • Contact me

GDPR

  

Privacy Policy  
 

This Privacy Policy sets out how we, at CMG Physio Ltd, use, store and protect your personal information. This Policy is effective from 25th May 2018
 

What personal information does CMG Physio Ltd hold?
 

Under GDPR, May 2018, personal data is defined as “any information relating to an identified or identifiable natural person” 


 We hold the following information about you:


· Personal identifiable details such as your name, address, email address and phone number as requested during our assessment process. 

· We also maintain clinical records which will include information collected as part of our physiotherapy assessment and details of our treatment and intervention, as well as reports shared from other professionals as part of the multidisciplinary team e.g. health and social care professionals.


How this information is stored:

 

· Paper-based notes have been used these are kept in a locked filing cabinet.

· Digital files are stored locally on a computer with password protection.

· Videos and photographs, if consented to, will initially be recorded and stored on a mobile phone device. The mobile phone is locked with password protection when not in use. Any photos or videos will be downloaded to our computer and erased from the mobile device. Videos and photographs will be erased completely from the computer, once the assessment report, exercise plan or treatment plan has been agreed and finalised. On occasion, we may keep specific photos or videos to chart a patient’s progress during physiotherapy. These will be added to the individual’s clinical notes and removed from all other storage formats.


Who we share this information with:


· We do not share your personal information with anyone else unless we have explicit and clear consent from you to do so.

· With your consent, we may share your personal information with other members of the multidisciplinary team involved such as your case manager, occupational therapist or other professionals involved in your care.

· On occasion, we may be asked to share information for safeguarding purposes, and in these situations, we have a legal obligation to do so. We will always advise you if this is the case.
 

Our lawful basis for processing personal information
 

We hold personal information, as described above, to enable us to conduct physiotherapy assessment and treatment.
 

We understand that consent for us to hold personal data must be: 

·  Freely given 

·  Specific 

·  Informed 

·  Unambiguous 

 

Individual’s Rights 


Under GDPR, we acknowledge the following rights of the individual, in respect of any personal data that we hold: 

·  the right to be informed  

·  the right of access

·  the right to rectification 

·  the right to erasure

(Please note under UK law we are requested to keep physiotherapy notes for 8 years following the completion of treatment). More information on records retention can be found online at (https://digital.nhs.uk/article/1202/Records-Management-Code-of-Practice-for-Health-and-Social-Care-2016)

·  the right to restrict processing  

·  the right to data portability

·  the right to object 

·  the right not to be subject to automated decision-making including profiling, we do not use any of your information for marketing purposes at CMG Physio Ltd.

https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
 

​How can you access, amend move the personal data that you have given to us?


Even if we already hold your personal data, you still have various rights in relation to it. To get in touch about these, please contact us. We will seek to deal with your request without undue delay, and in any event in accordance with the requirements of any applicable laws. Please note that we may keep a record of your communications to help us resolve any issues which you raise.

Right to object: If we are using your data because we deem it necessary for our legitimate interests to do so, and you do not agree, you have the right to object. We will respond to your request within 30 days (although we may be allowed to extend this period in certain cases). Generally, we will only disagree with you if certain limited conditions apply.

Right to withdraw consent: Where we have obtained your consent to process your personal data for certain activities (for example for a research project), or consent to market to you, you may withdraw your consent at any time.

Right to erasure: In certain situations (for example, where we have processed your data unlawfully), you have the right to request us to "erase" your personal data. We will respond to your request within 30 days (although we may be allowed to extend this period in certain cases) and will only disagree with you if certain limited conditions apply.

Right of data portability: If you wish, you have the right to transfer your data from us to another data controller. We will help with this with a GP to GP data transfer and transfer of your hard copy notes

Access to your personal information

Data Subject Access Requests (DSAR): You have a right under the Data Protection legislation to request access to view or to obtain copies of what information that Coastal Physiotherapy holds about you and to have it amended should it be inaccurate. To request this, you need to do the following:

• Your request should be made to the Practice

• There is no charge to have a copy of the information held about you

• We are required to respond to you within one month

• You will need to give adequate information (for example full name, address, date of birth, and details of your request) so that your identity can be verified, and your records located information we hold about you at any time.

What should you do if your personal information changes?

You should tell us so that we can update our records please let your physiotherapist know as soon as any of your details change, this is especially important for changes of address or contact details (such as your mobile phone number).

Objections / Complaints

Should you have any concerns about how your information is managed at CMG Physio Ltd, please contact the Data Protection Officer, Catherine Gibbons. If you are still unhappy following a review by the Practice, you have a right to lodge a complaint with a supervisory authority: You have a right to complain to the UK supervisory Authority as below.

Information Commissioner:

Wycliffe house

Water Lane

Wilmslow

Cheshire

SK9 5AF

Tel: 01625 545745

www.informationcommissioner.gov.uk 

If you are happy for your data to be extracted and used for the purposes described in this privacy notice, then you do not need to do anything. If you have any concerns about how your data is shared, then please contact the Practice Data Protection Officer.

If you would like to know more about your rights in respect of the personal data we hold about you, please contact the Data Protection Officer as below.

Data Protection Officer:

The Practice Data Protection Officer is Catherine Gibbons. Any queries in regard to Data Protection issues should be addressed to her at cmgphysiolimited@hotmail.co.uk

Postal: Catherine Gibbons, 46 Beachy Head View, ST LEONARDS ON SEA, E Sussex, TN38 8EW

Links to other websites

 

Our website may contain links to other websites of interest. Please be aware that we do not have any control over how these websites act and how they may use your personal information. This privacy statement does not govern these sites.  

Copyright © 2023 CMG Physio Limited - All Rights Reserved.

  • GDPR

Powered by GoDaddy