top of page

Acerca de

Privacy Policy

Personal data is an increasing concern for individuals and it is understandable that service users are interested in how companies look after their data and privacy. Hannah Violet Physiotherapy not only provides care for your well-being; we aim to apply that same level of care to your data and privacy.

This Privacy Notice covers how Hannah Violet Physiotherapy:

  • Collect;

  • Use;

  • Disclose;

  • Transfer; and,

  • Store your data.

Categories of personal information 

Hannah Violet Physiotherapy will process two categories of personal information about you: 

  • Personal Data and

  • Special Category Data (Health Data) 

In this Privacy Notice we use the terms; 

“Personal Data” for Personal data
“Special Category Data” for Special Category Data
“Data” for both categories

Scope

This Privacy Notice applies to anyone whose data we process, including our service users and visitors to our website, but does not apply to:

  • Our employees (handling of their personal data is governed by our employee handbook);

  • Services we provide to others as a data processor of personal data which will be governed by a written agreement with the third party data controller and their own privacy policy.

 

We may change this Privacy Notice from time to time, so please check back regularly to keep informed of any updates.

 

This version of the Privacy Notice was updated on 19/07/2021.

Our commitment to you

 

Ascenti is committed to protecting and respecting your privacy. Any decision we make regarding data will have considered the 6 data principles, more information on these can be found on the ICO website .

Information we may hold on you

Personal data means any information about you from which you can be identified. The data we collect depends on the nature of the services we are providing but can include:

  • Basic details such as name, address and contact details;

  • Details of contact we have had with you throughout your treatment with us;

  • Professional information (such as job title, qualifications, previous experience and NI number);

  • Details of the services you have accessed;

  • Treatment notes and reports about your health and any treatment you have received;

  • Your feedback and treatment outcome information;

  • Information surrounding complaints and incidents which may have arisen;

  • Recordings of inbound and outbound telephone calls;

  • Details of visits to our website (including your IP address, login information, and other analytical information). Please refer to our Cookie Policy for more details; and,

  • Any other personal data we collect in the course of providing our services or in the course of operating our business.

Information we may hold on you

Personal data means any information about you from which you can be identified. The data we collect depends on the nature of the services we are providing but can include:

  • Basic details such as name, address and contact details;

  • Details of contact we have had with you throughout your treatment with us;

  • Professional information (such as job title, qualifications, previous experience and NI number);

  • Details of the services you have accessed;

  • Treatment notes and reports about your health and any treatment you have received;

  • Your feedback and treatment outcome information;

  • Information surrounding complaints and incidents which may have arisen;

  • Recordings of inbound and outbound telephone calls;

  • Details of visits to our website (including your IP address, login information, and other analytical information). Please refer to our Cookie Policy for more details; and,

  • Any other personal data we collect in the course of providing our services or in the course of operating our business.

Collect

 

Your data may be collected:

  • From you in person (e.g. at an appointment with one of our clinicians, or at an event);

  • By telephone;

  • By correspondence (including post, text, email or otherwise);

  • Via our website or online portals (e.g. when submitting an enquiry on our contact form);

  • Via CCTV footage collected by us and/or our buildings’ landlords

    • Use

     

    In general we use your data to provide our services to you, including the following specific purposes:

  • Responding to your initial queries and requests for further information about Ascenti, including quotes;

  • Sending you your service related information;

  • Supporting you through your treatment journey, including telephone support;

  • Decision making by the healthcare professionals involved in your treatment;

  • Record keeping and administration purposes;

  • Quality, risk management and training purposes;

  • Compilation of statistical data (personal data will not be published or passed on without consent);

  • We want to hear what you think and your contact information may be used to provide an option to complete a satisfaction survey;

  • To facilitate marketing and business development; only with your consent. 

  • To allow the billing of services provided and to obtain payment;

  • To process and respond to any complaints, concerns or incidents;

  • To comply with any other legal, professional or regulatory obligations imposed on us; and,

  • To audit our services and the use of our websites.

    •  

    We rely on the following legal reasons for processing your personal data:

  • Contractual necessity: We will process your personal data when it is necessary to perform a contract you have entered into, or in order to take steps at your request prior to entry into a contract.

  • Legal obligation: We will process your personal data when it is necessary to comply with a legal or regulatory obligation (e.g. identity checks, external auditing)

  • Consent: Where we require consent to process your personal data will specifically request this from you (verbally or in writing) and provide information on the purpose of that processing. If you have given consent, you can change your mind at any time and withdraw it by contacting us.

  • Legitimate interests: We will process your personal data when we, or a third party, have a legitimate interest in processing it (e.g. responding to complaints, ensuring our business policies are adhered to, or improving our business by monitoring and recording information relating to our services). We only process for this reason if the legitimate interest is not overridden by your own interests or fundamental rights or freedoms. Please contact us if you would like more information on our, or a third party’s, legitimate interests and the balancing test we use to ensure processing is lawful.

    •  

    As a provider of healthcare services and assessments, our clinicians are under a legal requirement to document your treatment. These treatment notes will necessarily include data pertaining to your health which is defined as ‘special category data’. Further to the legal grounds for processing above we will process this data special category data on the basis:

  • That it is necessary for medical diagnosis and the provision of health care services - processing of this data will be done by professionals under a common law and contractual duty of confidentiality; or

  • Consent to process your health data, for example where our digital services such as our online triage tools and health applications (‘apps’) use your health data to make automated decisions based upon health data you provide. If you have given consent, you can change your mind at any time and withdraw it by contacting us.

    •  

    In certain circumstances where we need to process ‘special category data’ in the context of our services but outside the scope of our services (e.g. in order for us to audit the quality of our service). 

    We will only use your personal data for the purpose, or purposes, for which we have obtained it. If we reasonably consider that we need to use it for another reason we will only do so if that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will inform you and explain the legal basis which allows us to do so.

    We may process your data without your knowledge or consent where this is required by law.

    Please contact us if you would like further information on the exact lawful basis for any specific data processing activity.

     

    Disclose

    We will share your data with carefully selected third parties when:

    • You specifically request it, or a disclosure is required in order for us to provide our services and/or fulfil our contractual obligations to you;

    • We are under a legal or regulatory duty to disclose your information; or,

    • As a result of any changes in business ownership or organisation.

     

    We may share your personal information, where required and to the extent permitted and on which we have a lawful basis, with:​

    • Any 3rd party who provides your treatment (where we do, we will ensure that they process information in accordance with our confidentiality and security requirements).

    • Solicitors, Insurers, or any other instructing party;

    • Third party NHS providers to support your health and care arrangements, including referrals, pathology and other results within NHS services;

    • Law enforcement agencies and regulators (e.g. CQC);

    • Any other third party you may ask us to share your data with.

     

    Where our professional duties of confidence as medical clinicians require that we seek your consent before sharing your personal data with a third party, we will do so. Such consent has a different legal basis to consent for the purposes of EU/UK privacy law and seeking consent further to our professional duties will not therefore affect the basis of processing in privacy law. The processing under privacy EU/UK privacy law will be on the bases as set out above.

    Store

    Hannah Violet Physiotherapy has in place physical, electronic and operational procedures intended to safeguard and secure the information we collect. These measures are updated as necessary and audited on a regular basis. All the data we process is done so by our staff in the UK and kept on UK only servers.

     

    How long we retain your data for will vary from matter to matter but will be determined in accordance will the following criteria:

    • The length of time necessary to complete our contract with you;

    • Any time limits for establishing or defending legal claims or responding to complaints/incidents;

    • Any period necessary to comply with our legal obligations under EU/UK law; and,

    • Any periods for retention that is recommended by regulators or professional bodies.

     

    Hannah Violet Physiotherapy provide healthcare services; as such there is a legal and regulatory obligation for records to be kept for a minimum period of time.

     

    We will typically keep your data for a period of 10 years, after which time it will be destroyed, if it is no longer required for the lawful purposes for which it was obtained. Closed files are archived after 6 months resulting in restricted access and additional security

    Your rights

     

    You have the right to obtain confirmation from us as to whether we are processing your personal data and, if we are, to request a copy of the personal data we hold about you. This is known as a ‘subject access request’. 

    If you wish to make a subject access request, please request this at info@hvphysio.uk

     

    You also have the right to ask that we update any information we hold about you that may be incorrect. It is important that the information we hold about you is accurate and up to date. If any of your personal information changes please let us know.

    In certain circumstances you have the right to request that we restrict the way in which we process your data, or that we erase all personal information that we hold about you. 

    You have the right to object to certain types of processing.

    We will try our best to comply with any request to restrict, object or erase your data, however processing of some data may still be required for legitimate business purposes or to comply with legal obligations. Please note that if you want us to restrict or stop processing your data this may prevent us from providing our services to you.

    You have the right to request that we send a copy of your data, that you have provided to us, to another organisation for your own purposes (e.g. if you wish to change service provider). This data must be provided in a structured and usable format. This right only applies to personal data processed by way of consent or in pursuant to our contract with you. If you wish us to transfer your personal data please let us know.

     

    You will not have to pay a fee to access your personal data or to exercise any of your other rights. However we may charge a reasonable fee should your request be clearly unfounded, repetitive or excessive. In order to prevent unauthorised access to information we may ask for proof of identity. We will do our best to respond to your request within one month, however if that is not possible due to the number or complexity of requests we will notify you and keep you updated.

    As part of the processing of your personal and health data, decisions may be made by automated means using clinical algorithms. An automated decision is one that is made by our systems rather than a person.

     

    Under data protection laws, you have the right to:

  • Express your concerns and object to a decision taken by purely automated means; and

  • Request that a person review that decision.

    •  

    If you would like us to review a decision we have made about you, such as a recommendation for a treatment pathway, please contact us.

    Where you have used our digital services such as our online triage tools and health applications (‘apps’) and we have used your personal and health data to create a profile of you, your right to request a copy of the personal data that we hold about you includes not only the personal data used to create the profile but also the information on that profile itself. Where there are any inaccuracies in the profile (or the information that we have used to create that profile) you have the right to ask that we update the profile or any information we hold about you that is incorrect.

     

    For further information on your rights, please visit: ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/individuals-rights/.

    bottom of page