Privacy Notice

“The price of greatness is responsibility”

– Sir Winston Churchill, Stroke

Scope of our Privacy Notice

Dorset Neuro Rehab is committed to protecting your privacy and securely processing information related to you. The purpose of this Privacy Notice is to provide details about the information we collect and hold about you, or anyone you have provided information about, and how we use and protect this information. We aim to be transparent about the information we collect, how we use it and your rights.

The General Data Protection Regulation (GDPR) came into effect on 25 May 2018 and regulates through legal obligations the collection and processing of personal information of individuals living in the European Union (EU).

This Privacy Notice applies to any person who makes an enquiry, is in communication with us or is in receipt of our services. 

Definitions

“we”, “us”, “our”, “clinic” pertains to Dorset Neuro Rehab

“client” or “clients” is anyone who attends or enquires about intention to use our services

“services” is any assessment, treatment or product supplied by Dorset Neuro Rehab

GDPR is the General Data Protection Regulation

ICO is the Information Commissioner’s Office

Our contact details

For all matters pertaining to data protection please contact Ian Denslow using the contact details below. As we are a mobile clinic we do not have registered premises, therefore, if you require a postal address please also use the contact details below and we can send you a private postal address. If you have any queries about this Privacy Notice, if you are unsure what something means or if you wish to know more about personal information we hold please do contact us.

Dorset Neuro Rehab

email: physiotherapy@dorsetneurorehab.com

tel: 07869 083852

web: www.dorsetneurorehab.com

We are registered with the ICO and our registration number is: ZA786871

What information we collect and hold

In order for us to provide you with a high quality, specialist service we are required to gather and store personal information about you.

We collect information about you that includes, but is not limited to:

  • Name
  • Date of birth
  • Gender
  • Address(es)
  • Email address(es)
  • Telephone number(s)
  • Occupational status
  • Next of kin (or similar) contact details including name, address(es), email address(es) and telephone number(s)
  • GP details
  • NHS details including NHS Number and Hospital Number
  • Details of other health providers you may have ongoing or recent input from
  • Medical history including medications
  • Financial details that relate to payment for our services (we do not store card details)
  • Private medical insurance details

How we gather this information

Information is gathered from you, or any third parties acting on your behalf, when you interact with our services. We collect information through the following means:

  • From yourself through electronic communications such as email, our website and virtual consultations, via the telephone and through face to face consultations
  • From family members or someone acting on your behalf
  • Through our electronic assessment forms that we may ask you to complete
  • Through your interaction with our social media pages
  • From other health professionals and care providers
  • From private medical insurance companies 
  • From case managers acting on your behalf
  • From emergency services such as the police or ambulance staff and social services in an emergency situation

Please note, if you are providing us with personal information about other people, please ensure they have accessed and understood this Privacy Notice prior to providing us with this information.

Why we collect this information and information sharing

For the purpose of providing optimal and safe assessment and treatments we require detailed medical information. The information provided to us underpins the provision of care from us to you. Likewise this information provides the basis to our legal documentation of assessment and treatments undertaken. 

The contact details provided to us may be used for ongoing communication pertaining to your care and/or to remind you of future appointments or to provide reports concerning your care. 

At times we may be required to share your information with other healthcare practitioners including, but not exclusive to, GPs, Consultants, Surgeons, Physiotherapists, Occupational Therapists, Speech and Language Therapists, Psychologists, Care Agencies, Medical Insurance Companies, Administrative Staff, Police and other law enforcement agencies and any other person that you have authorised us to share information with. Should you wish for any information not to be shared please contact us immediately and your consent for sharing of information can be withdrawn. 

We may also be required to share information about you in a medical emergency with the relevant personnel.

We may use your contact details to respond to any enquiries to us and may use these details for marketing purposes. When you make contact with us by any means you are consenting to us providing you with relevant information and marketing using the communication methods you provide. Should you wish to opt out of certain communications please inform us of this.

The GDPR requires us to have a lawful basis to process personal information. We collect and process information under the following legal conditions:

  1. Consent: By agreeing to this Privacy Notice you are consenting to us processing your personal data for the purposes outlined in this Privacy Notice. You can withdraw your consent at any time using the contact details provided. All clients are required to complete our Consent Form.
  2. Legitimate Interests: The processing of your information does not override your interests, rights or freedom that relate to your information. Your information is processed to enable us to provide the appropriate level of communication relevant to your treatment episode.
  3. Legal Obligation: To fulfil our legal obligation we complete documentation of the services provided to you. We are required to process your personal information in order to complete documentation fully.

As a healthcare provider it is our legal responsibility to adhere to UK Laws including The Health and Social Care Act 2008 (Regulated Activities) which states:

“systems or processes must enable the registered person, in particular to –
maintain securely an accurate, complete and contemporaneous record in respect of each service user, including a record of the care and treatment provided to the service user and of decisions taken in relation to the care and treatment provided”

(Part 3, Section 2, Regulation 17 (c)).

NB. As the client receiving services from us, you are the “service user”.

Additionally the Health and Care Professions Council (HCPC) requires us to take and process records and documentation to ensure safe and effective care. As a regulatory body this also demonstrates a legal requirement for the recording of clinical records that pertain to your care provision.

How we store your information

Client data is stored electronically in a secure environment. We utilise the clinical system WriteUpp, developed by Pathway Software, to record and store clinical records. WriteUpp is ISO27001 certified, utilises Data Encryption and Two-factor authentication. 

Our website operates under an SSL Certificate providing a secure connection for anyone visiting it.

Any paper data is uploaded electronically then physical copies securely destroyed. 

Our staff are trained in Information Governance and appropriate handling of information and what actions to take in response to a data breach.

If you attend a clinic appointment based within Move Clinic your name and contact details will be shared with Move Clinic and stored in their clinical systems for the purpose of diary management.

In order to provide you with personalised treatment plans we utilise third party applications or websites. In order to do this we may need to provide details such as your name and contact details. If you do not wish for any of your personal information to be used in this way please inform us and alternative treatment plans can be provided.

Currently, we utilise Rehab My Patient to deliver exercise prescriptions. Rehab My Patient adheres to GDPR and within it’s own Privacy Policy details how it processes the information provided to it. The Privacy Policy is divided into sections and is intended for (i) subscribers of Rehab My Patient (ii) patients / clients of subscribers of Rehab My Patient and (iii) all users of the website. Rehab My Patient is a website operated and owned by Surrey Physio Group Ltd and their Privacy Policy can be found by visiting  https://www.rehabmypatient.com/privacy_policy.

How long we keep your information

We only keep your information for as long as is deemed necessary. The information we collect and store is used by us to fulfil our services to you and to communicate with you. Information we feel is no longer required to be stored i.e. it has been stored for a period of time relevant to UK Law and no longer required, will be securely deleted. In line with UK requirements your information is retained for eight (8) years.

Your data protection rights

Under data protection law, you have rights including:

  • Right of access: You have the right to ask us for copies of your personal information.
  • Right to rectification: You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
  • Right to erasure: You have the right to ask us to erase your personal information in certain circumstances.
  • Right to restriction of processing: You have the right to ask us to restrict the processing of your information in certain circumstances.
  • Right to object to processing: You have the right to object to the processing of your personal data in certain circumstances.
  • Right to data portability: You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request we have one month to respond to you.

Please contact us at physiotherapy@dorsetneurorehab.com or on 07869 083852 if you wish to make a request. Should you wish to make a request via postal service please contact us using the above details for our private postal address.

Complaints

Should you wish to complain about how your information and data have been used we respectfully request that you first contact us.

Alternatively, you can contact the Information Commissioner’s Office (ICO) directly using their website:

https://ico.org.uk/make-a-complaint/

Or by calling their helpline number:

0303 123 1113

Or you can write to them at:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF