Back in Action UK are committed to providing clinical and service excellence to our customers and clients. An integral part of this is to ensure that we take our legal and ethical responsibilities to protect your privacy extremely seriously. This policy explains how we use customer information and how we protect your privacy.
This privacy notice provides you with details of how we collect and process your personal data through your use of our services. Back in Action UK is the data controller and we are responsible for your personal data (referred to as “we”, “us” or “our” in this privacy notice).
We have appointed a Data Protection Officer who is in charge of privacy related matters for us. If you have any questions about this privacy notice, please contact the Data Protection Officer by emailing us at firstname.lastname@example.org
If you are not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We should be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you.
It is very important that the information we hold about you is accurate and up to date. Please let us know if at any time your personal information changes by emailing us at email@example.com
Why do we need to process your data?
Due to the nature of the work carried out by Back in Action UK we have a legal duty to collect information from our patients and staff, as well as receive enquiries via our website. Some of this information is personal and its collection and storage is governed by the EU’s General Data Protection Regulations (2018) which Back in Action (UK) are compliant with. We will not disclose any data to third parties without your consent, except when required by law.
What data do we collect about you?
Personal data means any information capable of identifying an individual. It does not include anonymised data.
We may process certain types of personal data about you as follows:
Identity Data may include your first name, maiden name, last name, username, marital status, title, date of birth and gender.
Contact Data may include your home address, email address and telephone numbers.
Sensitive Data may include details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, trade union membership, information about your health and genetic and biometric data, criminal convictions and offences.
How we collect your Personal Data ?
We collect data about you through:
Direct interactions: You may provide data by filling in forms we give to you in person or via email when you use our services as a client (patient) or work with us as an employee, contractor or agency staff member.
Indirect interactions: If your employer is one of our Customers, then your line-manager or HR Manager may refer you to us for physiotherapy assessment and treatment. As part of this process they will complete a referral form which will contain your identity and contact personal data.
We do not collect any personal information from visitors to our website other than information that is knowingly or voluntarily given. Anonymous information is collected, such as the number of visitors to the website in a given period but is purely statistical and cannot be used to identify an individual user.
Visitors interested in requesting more information must provide contact details and the reason for their request. Visitors will not be contacted by us, unless such information is given, and contact is specifically requested.
How do we keep your data secure?
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know such data. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We take the following precautions to ensure your personal data remains secure:
• Personal and clinical information in electronic or hardcopy form is protected by our security procedures that meet all current legislation in the UK and the guidelines of the Chartered Society of Physiotherapists and the Association of Chartered Physiotherapists in Occupational Health and Ergonomics.
• We will gain your consent before sharing information with your employer.
• We will gain your consent before sharing information with other third parties such as your GP or work OH department
• We will always process data in accordance with your rights under the EU’s GDPR.
• We will always store your data securely and retain it for 8 years as required by the law, after which it will be destroyed.
• In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
• We will always ensure the data held and shared with permission is ‘relevant and ‘appropriate’ for the purpose it was obtained
• Back In Action UK clinicians and administrators are trained to take the necessary steps to ensure your data remains private
We will never pass any personal information to any third party outside of our organisation (unless they are commissioned for data processing activities where we remain the ‘data controller’) without your consent.
No data will be transferred outside of EU borders.
What are your rights?
Back in Action UK (BIA UK) expects that all their employees, contractors and temporary staff, ensure that they provide treatment and customer service which respects and promotes patients’ dignity, embraces and encourages equality and diversity and is sensitive to each patient’s individual needs.
This means that all BIA UK staff should:
• at all times act with integrity and honesty in any decisions affecting patients, other health care colleagues and their staff. This includes any financial and commercial dealings and interests related to physiotherapy practice;
• maintain confidentiality of patient information and comply with current privacy legislation;
• give patients information in a way that each individual patient can understand;
• Act in accordance with the Equality Act 2010 to ensure that all individuals receive fair and equal treatment irrespective of their age, disability, sex, sexual orientation, race, religion or belief, gender reassignment, marital status or pregnancy.
• listen to and respect their patients’ views including their religious and cultural beliefs insofar as they impact on all aspects of physiotherapy treatment;
• provide opportunities for patients to be involved in informed decision making relating to all aspects of treatment, including payment for the treatment;
• provide appropriate levels of supervision to all physiotherapists, physiotherapy students and physiotherapy assistants involved in treating patients, for whom they have responsibility;
• provide effective and appropriate treatment to patients on an individual needs basis. Appropriate and effective treatment encompasses the use of current evidence where available, is individually tailored to meet each patient’s needs, and does not exploit the patient through provision of services that are either inadequate or excessive, unnecessary or not reasonably required; and
• ensure that they demonstrate and maintain their professional competence by active advancement of their knowledge of scientific, clinical and technical developments, and ongoing legal and ethical obligations.
Patients have a right to expect that they will be treated ethically and competently by their physiotherapist. This means they should expect to be treated individually and sensitively with the best available level of skill and knowledge appropriate to their condition. Patients have the following specific rights which correspond to physiotherapists’ clinical, professional and ethical obligations:
• a right to have the information they give to a physiotherapists remain confidential, in accordance with current privacy legislation;
• a right to obtain a copy of, or information about their personal data, physiotherapy treatment notes and reports in accordance with current privacy legislation;
• a right to request correction and/or erasure of your personal data
• a right to object to processing of your personal data.
• a right to request restriction of processing your personal data.
• a right to request transfer of your personal data.
• a right to withdraw consent.
• a right to be involved in treatment decisions;
• a right to information about their treatment which facilitates their involvement. This includes information necessary to give their informed consent to treatment;
• a right to information about the skill level and qualifications of the physiotherapist or student physiotherapist involved in their treatment;
• a right to treatment which is appropriate and effective, based on currently available evidence and delivered by an appropriately qualified physiotherapist, supervised physiotherapist or physiotherapy student;
• a right to respectful treatment which does not exploit the therapeutic and at times dependent nature of their relationship with their physiotherapist; and
• a right to have their complaints about a physiotherapy treatment or physiotherapist taken seriously.
How do I gain copies of my records?
If you would like a copy of your records, please make this request via email to firstname.lastname@example.org, including your full name, address, date of birth, and the name and location of the employer you worked for when utilising our service. The email must also include that you wish for a copy of the information held by ‘Back in Action UK’ (not just state the ‘physiotherapy records of your employer’). We will verify your identify before releasing this information.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights).
What are Cookies?
Cookies are small pieces of information placed on your computer or other device (such as smartphone or tablet) by a web page server that is uniquely assigned to you as you browse websites.
For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org.
Types of cookies:
Strictly necessary cookies. These are cookies that are required for the operation of our Website. Without these cookies, interactive services such as shopping baskets cannot be provided.
Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our Website when they are using it. This helps us to improve the way our Website works, for example, by ensuring that users are finding what they are looking for easily.
Functionality cookies. These are used to recognise you when you return to our Website. This enables us to personalise our content for you.
Targeting cookies. These cookies record your visit to our Website, the pages you have visited and the links you have followed. We will use this information to make our Website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.
Cookies are also used to provide aggregated statistics on visitors to our websites and their browsing behaviour. This enables us to order the site to make customers journeys easier, and if necessary, make improvements. The data is aggregated and anonymised, which means we cannot identify you as an individual.
- For more information on Mozilla Firefox, click here
- For more information on Microsoft Internet Explorer click here
- For more information on Google chrome click here
- For more information on Safari, click here
Please note, in general our website may not operate properly if cookies are switched off, you may not be able to fully experience all the features of our online services.