Privacy Policy

We value your privacy and want to be clear about the data we collect and process. Our Privacy Notice reflects the high standards established with the EU General Data Protection Regulation (GDPR).

We have never and will never sell your data to third parties. PhysiCare will not share your information with anyone else for their marketing purposes.

The following text is a full statement of PhysiCare's privacy policy and describes our practices with regards to processing of Personal Information. Our principal activities involve providing Physiotherapy, Assessment and Training Services to business and residential users. 

1. The name and contact details of our organisation:

   If you have any questions about your privacy, please either email gdpr@physicare.co.uk, or write to:

   • Data Protection Officer
   • PhysiCare Ltd
   • 22 Bannatyne Street
   • Lanark
   • ML11 7JR
2. The purposes of the processing:

   PhysiCare have valid grounds (known as “lawful basis”) under the EU General Data Protection Regulation (GDPR) for collecting and using personal data. Note: we may process your personal data for more than one lawful basis depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data.

   "Personal Information" means information that relates to an individual who can be identified from that information or from that information together with other information which is held by or is likely to be held by Us.

3. The lawful basis for the processing:
   
   
   1. Consent: you have given clear consent for PhysiCare to process your personal data for a specific purpose.
   2. Contract: the processing is necessary for a contract we have with you.
   3. Legal obligation: the processing is necessary for us to comply with Statutory law.
   4. Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party, such as your employer or referrer.
   5. Special category data: Article 9(2) of the GDPR – "(h) processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3."
4. The legitimate interests for the processing:
   
   
   1. Keeping our records up to date, verify your identity, handling our customer contact efficiently and effectively.
   2. To provide services on behalf of a third party e.g. your employer or referrer.
   3. To manage our relationship with you.
   4. Complying with ISO9001 and any regulations that apply to us e.g. HCPC, CSP etc.
5. The categories of personal data obtained:
   
   
   1. Your name, address and contact details (including both current and previous addresses, telephone numbers and email addresses).
   2. Unique identifiers, your date of birth, gender and if appropriate details of your GP or other health professionals involved with your treatment of care.
   3. Sensitive personal data on your mental or physical health (Special category data).
   4. Images i.e. photographs, video etc... For example, when we undertake a risk assessment etc...
   5. Information about the devices you use to access our webpages (desktop and mobile) and this may include your IP address.
   6. Recordings of telephone calls when we receive or make a call.

   It is our policy to ensure that all relevant statutory requirements are complied with and to monitor our internal procedures periodically to ensure compliance.

6. The recipients or categories of recipients of the personal data:
   
   
   1. IT companies who support our website and other business systems have limited and supervised access.
   2. Those involved with your treatment or care e.g. your Occupational Health Nurse/provider, your GP, external Physiotherapists we refer you to etc.
   3. Any person or organisation who is responsible for meeting your service/treatment expenses (your consent may be required). For example, sensitive personal data your employer does not already have.
   4. During internal audits/case reviews in accordance with UK laws and CSP guidelines.
   5. In an emergency and if you are incapacitated we may make your personal data available to third parties on the basis of Vital interests i.e. your life or health.

   It is our policy to take all necessary steps to ensure that Personal Information held by Us is processed fairly and lawfully. We will take all necessary steps to implement this policy. All our employees and data processors who have access to Personal Information are obliged to respect the confidentiality of your Personal Information.

7. The details of transfers of the personal data to any third countries or international organisations.

   PhysiCare do not use third parties who are based outside the European Economic Area (EEA), so processing of your personal data will not involve a transfer of data outside the EEA.

8. The retention periods for the personal data:

   If we collect your personal information, the length of time we retain it is determined by several factors including the purpose for which we use that information and our obligations under other laws or recommended by regulators, professional bodies or associations.

   We may need your personal information to establish, bring or defend legal claims. PhysiCare will always retain your personal information for 7 years after the date it is no longer needed by us for any of the permitted purposes (Lawful Basis).

   The only exceptions to this are where:

   1. Any periods for keeping information which are set by law or recommended by regulators, professional bodies or associations.
   2. you exercise your right to have the information erased (where it applies) and we do not need to hold it in connection with any of the reasons listed under Lawful Basis/Bases for processing this information, or required under the law;
   3. we bring or defend a legal claim or other proceedings during the period we retain your personal information, in which case we will retain your personal information until those proceedings have concluded and no further appeals are possible; or
   4. in limited cases, existing or future law or a court or regulator requires us to keep your personal information for a longer or shorter period.
9. The rights available to individuals in respect of the processing:

   You can find details of what your rights are by visiting https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights

   The law gives you certain rights in respect of the personal data that we hold about you. Some rights, however, may be limited. We may be obliged by law or regulation to keep information. We must respect other people’s privacy as well, which means we may need to redact or remove information where it includes personal data about someone else, even if it is connected to your data. On occasion there may be a compelling legitimate interest to keep processing data.

10. The right to withdraw consent: If you want to exercise your rights in respect of your personal data, the best way to do so is to contact us by email on gdpr@physicare.co.uk, or to write to us. To protect your privacy, we may ask you to prove your identity before we take any steps in response to such a request.
11. The right to lodge a complaint with a supervisory authority:

    If you are not satisfied with how we handle your request, you can contact the Information Commissioner’s Office on 0303 123 1113 or visit their website (http://www.ico.org.uk).

12. The source of the personal data:

    You give us your data when you enquired or become a customer or patient of ours. Or, it was provided by one of our customers who has taken up one of our services and has referred you to us. For example, your employer or referrer.

13. The details of whether individuals are under a statutory or contractual obligation to provide the personal data:

You are not under any statutory or contractual obligation to provide your personal data. However, we may not be able to provide you with services without this information.

14. The details of the existence of automated decision-making, including profiling:

    PhysiCare do not use any automated decision-making processes. Although we may use systems to group/categorise individuals (profiling), all decision-making includes human involvement and you can contact any PhysiCare staff member to ask us to reconsider a decision.

15. Other:

    You can access the Site home page and browse the Site without disclosing Personal Information.

    PhysiCare only use Category 1 Cookies - Strictly Necessary Cookies. These cookies enable services you have specifically asked for when/if you register on our website. These cookies are essential in order to enable you to move around the website and use its features, such as accessing secure areas of the website. Without these cookies, services you have asked for, like shopping baskets, making a referral, cannot be provided.

    We may collect Personal Information that you volunteer while using the Site and/or the Services. This information may be used by Us to notify you about important changes to the Site, new services and other information we think you may find interesting. Where We collect such information, We make clear the nature of the information and the purposes for which it is used and we offer you the choice to opt-out of receiving such information.

    PhysiCare use anonymised information (with all names and other identifying information removed) for research, statistical or marketing purposes.