Privacy Policy

Privacy Policy


TCR Physio are committed to high standards of practice in all our activities. All personal information is collected, held and used in strict compliance with the General Data Protection Regulations 2018 (GDPR) and in accordance with the standards of the Health and Care Professional Council and Chartered Society of Physiotherapy.

This privacy policy relates to our use of your personal information collected from you in person or in writing. We do not encourage personal/sensitive information to be delivered via non-secure means such as email, or social media.

Data received via non-secure means will be transferred to our records with the original deleted.

  • ‘Personal information’ means any information that is capable of identifying you.

  • ‘Sensitive data’ is a special category of personal data which includes health conditions

  • ‘We’ means TCR Physio

We collect and process health data because we have a legal obligation to do so; it is adequate, relevant and limited to what is necessary.

For the purposes of the GDPR, Lisa Arthurs, trading as TCR Physiotherapy, is the ‘data controller’, i.e. the entity responsible for and controls the processing of your personal data.


Information Collected

We collect and process information when you make an appointment or book online.

At the point of enquiry or booking we may ask you for your name, date of birth, address, telephone numbers, email and details regarding your problem/condition.

At your appointment in the clinic, we will ask for information regarding your general and previous health and the condition for which you seek advice. We will also ask for information regarding any activities you undertake, your employment and any medication you take. We will record the findings of a physical examination. We record our diagnosis, treatment plan and specific problems/goals.

Information regarding your health is collected directly from you, or may be recieved from another health provider with your permission.

If you enquire or book but do not attend an appointment you do not become a patient with us and we will not keep your data.


Website

We do not collect any personal information from visitors to our website. Our website contains links to external sites, but we are not responsible for these sites.

How we may use your personal data

We may use your personal data for the following purposes:

  1. To provide a legal record of any treatment or advice we provide

  2. To ensure continuity of care

  3. To send exercises by email either in written form, via video taken in clinic or both

  4. We may pass information with your permission to other professionals involved in your care.

  5. We may use your information for audit/admin purposes.

  6. We do not pass on your information for commercial purposes.

  7. We will send you news and offers from TCR Physio with consent.

We take all reasonable steps to ensure that our information is kept up to date and rectified if necessary. It is also your responsibility to inform us if any personal information changes.


Disclosure of your information

With your permission we may pass information to other professionals involved in your care. If this information is given to you in a letter then the protection of the letter contents is your responsibility.

If the information is passed by email, it will be password protected and we will take all reasonable precautions to transmit the information securely. Otherwise it will be sent via post or Egress secure email.

In certain circumstances, the GDPR allows personal data to be disclosed to law enforcement agencies without the consent of the data subject. Under these circumstances TCR Physio will disclose requested data where it is necessary to do so.


Data Security and Storage

We take appropriate measures to safeguard the information we hold from unauthorised access or improper use. Our database is stored in a secure, password protected location. Only users authorised by us have access to this data.

Whilst we will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data which is transferred from you or to you via the internet. For this reason, we prefer more secure means of transferring data.

Health records of adult patients must be stored for 6 years after the time of the last consultation. Child health records must be stored until the child’s 25th birthday (or 26th birthday if aged 17 at the time of treatment). Maternity records must be stored for 25 years. When health records and other data are no longer required to be stored these will be destroyed securely and permanently.


Your Rights

You have a right to be informed about the collection and use of your data. That information is contained in this Privacy Policy.


The Right of Access

Individuals have the right to access their personal data (subject access request).

To do so an individual must:

  • put your request to any member of TCR Physio staff, who will record your request

  • provide proof of your identity and address (e.g. a certified copy of driving license, passport)

  • specify the personal data you want access to

This will be provided within 30 days in compliance with GDPR.

We can decline a subject access request if it is unreasonable.


The Right of Rectification

Individuals may request that we rectify any errors in their personal data.


The Right of Erasure (the right to be forgotten)

Our health care notes are collected due to legal obligation and therefore cannot be erased prior to the statutory periods listed above.


Restriction of Processing

Individuals may be entitled to limit the purpose for which their data is processed, for example by withdrawing consent to receiving emails or withdrawing consent to us sharing data with named health care professionals. Please inform your treating therapist if you do not wish to be added to our mailing list.

Customers will be notified within 72 hours of any data breach if there is high risk to the individual.

Further information is available from the ICO on the website.


Changes to Our Privacy Policy

All changes will be notified on our website.