Privacy Policy

The policy: This privacy policy is for this website; limberphysiotherapy.co.uk (limberphysiotherapy.com), served by Amy Martin, trading as Limber Physiotherapy, Lewes, BN72RR and governs the privacy of its users who choose to use it. It explains how we comply with the GDPR (General Data Protection Regulation), the DPA (Data Protection Act) [pre GDPR enforcement] and the PECR (Privacy and Electronic Communications Regulations).

This policy will explain areas of this website and your engagement in Limber Physiotherapy services, that may affect your privacy and personal details, how we process, collect, manage and store those details and how your rights under the GDPR, DPA & PECR are adhered to. Additionally, it will explain the use of cookies or software and the download of any documents, made available to you on this website. Further explanations may be provided for specific pages or features of this website and Limber services in order to help you understand how we, Limber physiotherapy and this website and its third parties interact with you and your computer / device in order to serve it to you.

Our contact information is provided at the foot of this page if you have any questions.

The DPA & GDPR May 2018

This website complies with the DPA (Data Protection Act 1998) and already complies with the GDPR (General Data Protection Regulation) which came into effect from May 2018.

Physiotherapy and Pilates and Personal Information.

All data provided by clients is recorded and held in accordance with the DPA, GDPR and standards set out by the Chartered Society of Physiotherapy (CSP).

What data is collected through Limber Physiotherapy services?

Information collected or may include, name, address, contact details, email address, social media profile name, details of a particular condition or current complaint, medical history, medication list, lifestyle, family and work details. Goals, aims, concerns and beliefs may be expressed and recorded. GP, consultant and relevant health care professional details may be gathered. Record of invoicing and payment is for accounting of payment. No personal payment information such as card details are ever kept. For card payments through a system such as PayPal or bank transfer, the providers privacy policy should be referred to.

Personal information may be collected through multiple sources and recorded as a data in the examples set out here:

Over the phone in a dialogue or message

Through submission of an e-mail enquiry

Through emailed forms and e-mailed correspondence

Direct from the LIMBER physiotherapy website contact information giving portals (such as generating an enquiry and any forms)

Via a social media contact

Verbally (and documented) in a consultation setting

Verbally (and documented) in a Pilates setting

Via a referral or communication from a medical professional

Through correspondence from a medical insurance provider

Disclosing information (in any format) acts as consent for use for (the client’s) physiotherapy and Pilates treatment and provision. As fore-mentioned, this information is held and used in compliance with DPA, GDPR and CSP standards

Physiotherapy notes, as medical records, are a professional and legal obligation to comply with the HCPC and CSP statutory requirements. Appropriate record keeping is supported by the Health and Social Care Information Centre (HSCIC). Such record keeping provides evidence of the interactions with each patient and assists in patient care. As per the CSP codes of conduct, these documents are maintained securely for 8 years as standard (or for a child, 8 years after their 18th birthday or until 25 years of age) and direct access is limited to LIMBER physiotherapy (Amy Martin).

Personal information is not disclosed to any 3rd party without obtaining consent unless required to do so by the referral source or by Law. The Caldicott Review in England 2013 emphasised the health care professional has a duty to maintain patient confidentiality but also a duty to share information (safely and appropriately) with other health professionals who are directly involved in the patients care in order to give the best possible advice and treatment. Intention of this ‘inter professional’ communication is discussed with each patient and it is the right of the patient to deny permission to share information.

Access to Records

Under the DPA, it is within the rights of the patient to see a copy of their health records. The request must be in writing and processed within 40 days. A third-party request for a copy of health records (e.g. a solicitor or insurance company) can only be actioned on written consent of the patient. This is the case for relatives to unless the relative holds a Power of Attorney or other legal authority for the patient.

Requests for access to a deceased patients medical record should be made under the Access to Medical Records Act 1990 to the data processor. Permission may be considered either by legal authority and / or the Executors of the deceased Estate.

Use of Cookies

This website uses cookies to better the user’s experience while visiting the website. As required by legislation, where applicable this website uses a cookie control system, allowing the user to give explicit permission or to deny the use of /saving of cookies on their computer / device.

What are cookies? Cookies are small files saved to the user’s computer’s hard drive that track, save and store information about the user’s interactions and usage of the website. This allows the website, through its server to provide the users with a tailored experience within this website.

Users are advised that if they wish to deny the use and saving of cookies from this website on to their computers hard drive they should take necessary steps within their web browsers security settings to block all cookies from this website and its external serving vendors or use the cookie control system if available upon their first visit.

Website Visitor Tracking

This website uses tracking software to monitor its visitors to better understand how they use it. The software will save a cookie to your computer’s hard drive in order to track and monitor your engagement and usage of the website, but will not store, save or collect personal information.

Downloads & Media Files

Any downloadable documents, files or media made available on this website are provided to users at their own risk. While all precautions have been undertaken to ensure only genuine downloads are available users are advised to verify their authenticity using third party anti-virus software or similar applications.

We accept no responsibility for third party downloads and downloads provided by external third-party websites and advise users to verify their authenticity using third party anti-virus software or similar applications.

Contact & Communication With Us

Users contacting this us through this website do so at their own discretion and provide any such personal details requested at their own risk. Your personal information is kept private and stored securely until a time it is no longer required or has no use.

Where we have clearly stated and made you aware of the fact, and where you have given your express permission, we may use your details to send you Limber Physiotherapy services information through a mailing list system or direct correspondence (for example to update you on a waiting list). This is done in accordance with the regulations named in ‘The policy’ above.

Email Mailing List & Marketing Messages

We operate an email mailing list program, used to inform subscribers about services, information and updates. Users can subscribe through an online automated process where they have given their explicit permission. Subscriber personal details are collected, processed, managed and stored in accordance with the regulations named in ‘The policy’ above.

Subscribers can unsubscribe at any time and all personal data will be removed, by clicking ‘unsubscribe’ from the footer of the email sent. The type and content of marketing messages subscribers receive, and if it may contain third party content, is clearly outlined at the point of subscription.

Email marketing messages may contain tracking beacons / tracked clickable links or similar server technologies in order to track subscriber activity within email marketing messages. Where used, such marketing messages may record a range of subscriber data relating to engagement, geographic, demographics and already stored subscriber data.

Our EMS (email marketing service) provider is Mailerlite and you can read their privacy policy here.

External Website Links & Third Parties

Although we only look to include quality, safe and relevant external links, users are advised to adopt a policy of caution before clicking any external web links mentioned throughout this website.

We cannot guarantee or verify the contents of any externally linked website despite our best efforts. Users should therefore note they click on external links at their own risk and we cannot be held liable for any damages or implications caused by visiting any external links mentioned.

Social Media Policy & Usage

We adopt a Social Media Policy to ensure appropriate online behaviour. While we may have official profiles on social media platforms users are advised to verify authenticity of such profiles before engaging with or sharing information with such profiles. We will never ask for user passwords or personal details on social media platforms. Users are advised to conduct themselves appropriately when engaging with us on social media.

There may be instances where our website features social sharing buttons, which help share web content directly from web pages to the respective social media platforms. You use social sharing buttons at your own discretion and accept that doing so may publish content to your social media profile feed or page.