top of page

Privacy Policy

Back to Action Physiotherapy and Sports Injuries is committed to protecting and respecting your privacy.

​

Back to Action Physiotherapy and Sports Injuries understands that your personal data is entrusted to us and appreciates the importance of protecting and respecting your privacy. To this end we comply fully with the data protection law in force in the UK including UK GDPR and the Data Protection Act 2018 (“Data Protection Laws”) and with all applicable clinical confidentiality guidelines including those published from time to time by the Health and Care Professions Council (HCPC) and the Chartered Society of Physiotherapy (CSP).

​

This Privacy Policy sets out the basis on which we collect and process personal data about you including our practices regarding the collection, use, storage and disclosure of personal data that we collect from you and/or hold about you, and your rights in relation to that data.

​

This Privacy Policy applies to anyone who receives services at or from Back to Action Physiotherapy and Sports Injuries so please read the Privacy Policy carefully to understand how we process your personal data. By providing your personal data to us or by using our services, website or other online or digital platform(s) you are accepting or agreeing to the practices as described or referred to in this Privacy Policy.

​

What Personal data we may collect from you?

When we refer to personal data in this policy, we mean information that can or has the potential to identify you as an individual.

 

Accordingly, we may hold and use personal data about you as a customer, a patient or in any other capacity, for example, when you visit one of our websites, complete a form, access our services or speak to us.

 

Personal data we collect from you may include the following:

  • information that you give us when you enquire or become a customer or patient of us or apply for a job with us including name, address, contact details (including email address and phone number)

  • the name and contact details (including phone number) of your next of kin

  • details of referrals, quotes and other contact and correspondence we may have had with you

  • details of services and/or treatment you have received from us or which have been received from a third party and referred on to us

  • information obtained from customer surveys, promotions and competitions that you have entered or taken part in

  • recordings of calls we receive or make

  • notes and reports about your health and any treatment and care you have received and/or need, including about clinic and hospital visits and medicines administered

  • patient feedback and treatment outcome information you provide

  • information about complaints and incidents

  • information you give us when you make a payment to us, such as financial or credit card information

  • other information received from other sources, including from your use of websites and other digital platforms we operate or the other services we provide, information from business partners, advertising networks, analytics providers, or information provided by other companies who have obtained your permission to share information about you. See section below on Cookies.

Where you have named someone as your next of kin and provided us with personal data about that individual, it is your responsibility to ensure that that individual is aware of and accepts the terms of this Privacy Policy.

 

Where you use our websites, we may automatically collect personal data about you including:

  • Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform,

  • Information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our site (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page.

 

Other people’s personal data

If you provide us with another person’s personal data you must inform that person about the contents of this Privacy Policy.

Changes to your personal data

If you change any of your personal data which we already hold about you please make sure you notify us quickly so that we can update our systems to reflect the changes although our systems will also continue to hold the originally recorded personal data.

 

When do we collect personal data about you?

We may collect personal data about you if you:

  • visit one of our websites

  • enquire about any of our services or treatments

  • register to be a customer or patient with us or book to receive any of our services or treatments

  • fill in a form or survey for us

  • carry out a transaction on our website

  • participate in a competition or promotion or other marketing activity

  • make online payments

  • contact us, for example by email, telephone or social media

  • participate in interactive features on our website

  • use our Digital Wellbeing Platform portal

 

How do we lawfully process your personal data?

Your personal data will be kept confidential and secure and will only be used for the purpose(s) for which it was collected and in accordance with this Privacy Policy, applicable Data Protection Laws, clinical records retention periods and clinical confidentiality guidelines.

 

Set out below are some of the ways in which we process personal data although to do so lawfully we need to have a legal ground for doing so. We normally process personal data if it is:

  • necessary to provide you with our services - to enable us to carry out our obligations to you arising from any contract entered into between us and you including relating to the provision by us of services or treatments to you and related matter such as billing, accounting and audit, credit or other payment card verification and anti-fraud screening

  • in our or a third party's legitimate interests to do so - see details below. For further information about direct marketing to businesses and legitimate interest, please see the ‘Marketing’ section below

  • required or allowed by any applicable law or legal obligation or as necessary in the public interest of for the protection of a person’s vital interest

  • with your explicit consent for example: direct consumer marketing communications.

​

Generally, we will only ask for your consent to processing if there is no other legal grounds to process. In these circumstances, we will always aim to be clear and transparent about why we need your consent and what we are asking it for. Where we are relying on consent to process personal data you have the right to withdraw your consent at any time by contacting us using the details below and we will stop the processing for which consent was obtained.

 

To process special category data (as detailed in the 'What personal data we may collect from you' section) we rely on additional legal grounds and generally, they are as follows:

  • With your explicit consent

  • It is necessary for the purposes of preventive or occupational medicine, to assess whether you are able to work, medical diagnosis, to provide health or social care treatment, or to manage health or social care systems and services. This may also include monitoring whether the quality of our services or treatment is meeting expectations

  • It is necessary to establish, make or defend legal claims or court action

  • It is necessary so that we can comply with employment law

  • It is necessary for a public interest purpose in line with any applicable law or legal obligation. This should assist in protecting the public against dishonesty, malpractice or other seriously improper behaviour for example, investigating complaints, clinical concerns, regulatory breaches or investigations e.g the Care Quality Commission or GMC or ICO. It may also include assisting governmental bodies in controlling public health issues e.g. COVID19.

 

Processing of personal data which you have made public:

As stated above, one of the legal grounds for processing data is where it is in our legitimate interest to do so, taking into account your interests, rights, and freedoms. This allows us to manage the relationship that exists between you and us and can include the following reasons:

  • provide you with information, products or services that you request from us

  • managing all aspects of our relationship with you, our products and services and any third parties who may provide products or services on our behalf

  • allow you to participate in interactive features of our services, when you choose to do so

  • notify you about changes to our products or services

  • keep our records up to date

  • respond to requests where we have a legal or regulatory obligation to do so

  • check the accuracy of information about you and the quality of your treatment or care, including auditing medical and billing information for insurance claims as well as part of any claims or litigation process

  • support your healthcare professional

  • assess the quality and/or type of care you have received (including giving you the opportunity to complete customer satisfaction surveys) and any concerns or complaints you may raise, so that these can be properly investigated

  • to conduct and analyse market research

  • to ensure that content from any of our website is presented in the most effective manner for you and for your computer

  • to allow us to enforce our website terms of use, our policy terms and conditions or other contracts, or to protect our or other's rights, property or safety

  • to share your personal information with people or organisations in order to run our business or comply with any legal and/or regulatory obligations including to defend ourselves from claims, exercise our rights and adhere to laws and regulations that apply to us and the third parties we work with

  • to take part in, or be the subject of, any sale, purchase, merger or takeover of all or part our business

  • to personalise the marketing emails we send you, where you have consented to us doing so

 

Security of your personal data:

We protect all personal data we hold about you by ensuring that we have appropriate organisational and technical security measures in place to prevent unauthorised access or unlawful processing of personal data and to prevent personal data being lost, destroyed or damaged. We conduct assessments to ensure the ongoing security of our information systems. Any personal data you provide will be held for as long as is necessary having regard to the purpose for which it was collected and in accordance with all applicable UK laws.

 

All information you provide to us is stored securely. Any payment transactions on our website will be processed securely by third party payment processors.

 

The transmission of information via the internet cannot be guaranteed as completely secure. However, we ensure that any information transferred to our websites is via an encrypted connection. Once we have received your information, we will use strict procedures and security features to minimise the risk of unauthorised access.

 

At your request, we may occasionally transfer personal information to you via email, or you may choose to transfer information to us via email. Email is not always a secure method of information transmission; if you choose to send or receive such information via email, you do so understanding the risks associated with doing so.

 

How long do we retain your personal data:

Unless we explain otherwise to you, we will retain your personal data on the basis of the following guidelines:

  • for as long as we have a reasonable business need, such as managing our relationship with you and managing our business

  • for as long as we provide services and/or treatment to you and then for as long as someone could bring a claim against us; and/or

  • in line with legal and regulatory requirements or guidance.

bottom of page