This privacy notice sets out how Tudor Physiotherapy Ltd uses and protects any information that you provide or is provided to us in relation to your treatment.
Tudor Physiotherapy Ltd is committed to protect your privacy and your rights under the General Data Protection Regulations (GDPR). This replaced the Data Protection Act 1998 on 25 May 2018. This major change has occurred to help protect and unify the way that an individual’s data is managed throughout the European Union (EU).
This policy explains the information we hold about you, and who else may have access to it. The only personal information we will have is that which is voluntarily supplied by you or is provided to us by a referring agent such as a GP or insurance company.
Please take a minute to read this document and if you find anything unclear please contact us.
Who Are We – Data Controller
Tudor Physiotherapy and Tudor Medical are the trading names of Tudor Physiotherapy Ltd who is the data controller. We have clinics based in Stratford upon Avon, Kenilworth & Shipston on Stour. The Clinic Director is Mr Andrew Holbrook.
Why We Store Your Data – Data Collection and Processing (Storage)
Tudor Physiotherapy Ltd collects and processes (stores) information in order to carry out its main purpose of providing a physiotherapy based healthcare service for its patients. We are part of the medical profession and are therefore governed by the same rules that would apply to your GP or Hospital Consultant. We have a legal obligation, as outlined by the government (Ministry of Health – MOH) and our professional bodies (The Chartered Society of Physiotherapy – CSP and The Healthcare Professions Council – HCPC), to collect and store information about you, your medical condition, work and lifestyle information plus possibly information about other aspects of your physical and mental health, family history, ethnicity, employment status and disability, provided this information is relevant and required to perform our purpose.
What Data We Store – Storage Limitation Principle
The new GDPR regulations cover all types of hard and electronic data. For our purposes, as well as our electronic and hand-written records this may also include photographs, video analysis, referral letters and medical reports. We will only collect and process information about you that is relevant to our purpose and is adequate to fulfil this purpose. Information that we hold will be kept up-to-date and every effort will be made to rectify information as soon as possible when we become aware of inaccuracies. Although you have the right to information held about you deleted our legal obligation may supersede this right with regards to your healthcare information. Please contact Tudor Physiotherapy Ltd directly if you have questions about this.
How Long We Store Your Data – Storage Limitation Principle
Under MoH and CSP/HCPC regulations, relating to the maintenance of health records, we are required to keep your records for a minimum of 8 years or until your 25th birthday if your treatment was as a child. After 8 years following treatment (or after your 25th birthday if treatment was as a child your records to be destroyed securely.
How We Store Your Data – Integrity and Confidentiality Principle
Tudor Physiotherapy Ltd takes your data security seriously. We use a hosted diary management system to collect and store personal information about you (name, contact details, appointment history, insurance details and accounts information. Please note that no credit or debit card details are retained and stored). The system is password protected and only staff working within the clinic have access to this system. The data itself is securely stored at data centres in the UK conforming to ISO27001 standards with multi-layer security features, the operators of the data centres do not have access to your data and simply hold this data on our behalf. Our computer system is also password protected and only staff working at Tudor Physiotherapy Ltd have access to the computer system. We may occasionally send and receive letters or emails about your care to/from other healthcare professionals, insurance companies and medico-legal companies. These will be added to your records and then in the case of emails deleted. No information of this kind will be held for any longer than required to perform our purpose but does form part of your medical record. Currently we keep hand-written medical records. These records are held in secure filing cabinets, in a secure office within a secure building.
Who else might see my personal information?
Tudor Physiotherapy Ltd will not share your personal information with any other company without your consent. When relevant, following full explanation and with your consent we may communicate, regarding your treatment, with other medical and healthcare professionals, coaches, fitness instructors, family, insurance companies, medico-legal companies or other individuals involved in your wider care. We will ask your permission before doing this and you have the absolute right to deny this permission except in the circumstance of vital interest such as communicating with next of kin or medical professionals in the event of an incident, accident or emergency. We operate solely within the European Union and therefore no data will be transferred outside of the Union. We will share your information where required to do so by relevant legislation, or court orders. We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so.
As a company Tudor Physiotherapy Ltd does not believe in the sending of mass marketing emails and we will not use the information that we hold to do this. If, however, you represent a particular client group (eg sports coach or company manager) we may ask for your consent to allow us to send specific information for you to pass on to your relevant contacts.
Should Tudor Physiotherapy Ltd be acquired by another company, customer information may be deemed a transferable business asset, and as such will transfer to the new owners.
Yours Rights Regarding the Data We Hold
1. Right of Access – Following a written request we will provide all information held about you. We have one month from the date of the written request to provide you with this data. This information will be provided free of charge to the patient unless there is an unreasonably excessive request. Written reports are not covered by this and do incur an administrative fee equivalent to one 30minute treatment charge at the current rate of Tudor Physiotherapy Ltd at the time of the request. We may still charge insurance companies and solicitors or other third parties acting on behalf of the patient if requesting their records. The individual requesting the information will need to complete a Medical Record Release Form.
2. Right of Rectification – You have the right for information stored by us to be accurate. We will make every effort to ensure that personal information stored about you is accurate and up-to-date. Health records cannot be rectified if the information is true in accordance with maintenance of medical records regulations.
3. Right to be Forgotten (Erasure) – You have the right to ask to have your records deleted. As we are a medical healthcare company we are legally obliged to keep your records for a minimum of 8yrs or until your 25th birthday if your treatment was as a child. If this timescale has lapsed and you wish your records to be deleted, please contact the clinic in writing and this will be arranged providing there is no legal obligation to refuse in accordance with the regulations on place at the time of the request.
4. Right to Restriction of Processing – You have the right to restrict the purpose for which we process your information. We will always seek to gain your consent for processing your data in any other way than our legal requirement to maintain accurate, up-to-date and specific medical records.
5. Right of Data Portability – You have the right to have your records transferred to another location if you or treatment is transferred to another physical or geographic location. In this circumstance you will need to complete a Medical Record Release Form as per the Right to Access section above.
6. Right to Object – You have the right to object to your data being stored/processed. As we are a medical healthcare practice, this will result in us not being able to treat you as a patient.
7. Right not to be Automatically Processed – Tudor Physiotherapy Ltd does not currently operate any automatic processing or profiling based on your personal or health data.
What Happens If We Lose or Share Your Data Without Consent – Data Breaches
We take security of your data seriously but unfortunately from time to time things may happen that are beyond our control. In the event of a data breach we will inform you as soon as is practically possible about the nature, extent and possible impact of any data breach. This involves not only inadvertent sharing but also destruction of information through fire, flood, theft, loss etc… If the data breach is deemed serious enough, we will also inform the Information Commissioners Office (ICO) within 3 days of the breach and set-up an internal investigation as to the cause of any such breach. If required, we will communicate the results of such an investigation to you and also our intended plan to rectify and stop such breaches in the future. We only need to do this if there has been a definite or high risk breach as defined by the ICO.
Our Cookies Policy
Last updated: November 09, 2018
What are cookies
Cookies are small pieces of text sent by your web browser by a website you visit. A cookie file is stored in your web browser and allows the Service or a third-party to recognize you and make your next visit easier and the Service more useful to you.
Cookies can be "persistent" or "session" cookies. Persistent cookies remain on your personal computer or mobile device when you go offline, while session cookies are deleted as soon as you close your web browser.
What are your choices regarding cookies
Please note, however, that if you delete cookies or refuse to accept them, you might not be able to use all of the features we offer, you may not be able to store your preferences, and some of our pages might not display properly.
For the Chrome web browser, please visit this page from Google: https://support.google.com/accounts/answer/32050
For the Internet Explorer web browser, please visit this page from Microsoft: http://support.microsoft.com/kb/278835
For the Firefox web browser, please visit this page from Mozilla: https://support.mozilla.org/en-US/kb/delete-cookies-remove-info-websites-stored
For the Safari web browser, please visit this page from Apple: https://support.apple.com/kb/PH21411?locale=en_US
For any other web browser, please visit your web browser's official web pages.
Where can you find more information about cookies
You can learn more about cookies and the following third-party websites:
Network Advertising Initiative: http://www.networkadvertising.org/
If you have any queries or concerns about this policy please write to:
Mr Andrew Holbrook
Tudor Physiotherapy Ltd
Stratford upon Avon