PRIVACY POLICY.
Functional Movement Physiotherapy Ltd
1. Introduction
Functional Movement Physiotherapy Ltd ("we", "us", "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you receive treatment from our physiotherapy services.
We are registered at 27 Norfolk Street, Liverpool, L1 0BE. You can contact us by telephone at 0151 601 1481 or by email at hello@functionalmovementphysio.co.uk.
This policy complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2. Information We Collect
We collect and process the following types of personal information:
2.1 Personal Details
• Full name, date of birth, and address
• Contact details (telephone, email)
• NHS number (if applicable)
• GP details (name and practice)
2.2 Medical Information
• Medical history and current conditions
• Assessment findings and clinical notes
• Treatment records and progress notes
• Current medications and allergies
• Relevant test results or imaging
2.3 Financial Information
• Payment information (processed securely by our payment providers)
• Insurance details (if applicable)
3. How We Use Your Information
We use your personal information for the following purposes:
• To provide physiotherapy assessment, treatment, and care
• To maintain accurate medical records
• To communicate with you about your treatment and appointments
• To process payments and manage billing
• To comply with legal and regulatory requirements
• To improve our services and patient care
3.1 Marketing and Service Communications
We may use your contact details to send you:
• Service messages, such as appointment confirmations, reminders and important information about your treatment or our services. These are not marketing and are sent on the basis of contract or our legitimate interests.
• Marketing communications, such as information about new services, classes or events, where you have given your consent, or where the law otherwise permits us to do so.
You can opt out of marketing communications at any time by following the unsubscribe instructions in our messages or by contacting us using the details in the "Contact Us" section. This will not affect your receipt of essential service messages.
4. Legal Basis for Processing
We process your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
We rely on the following legal bases:
• Provision of health care: We process information about your health because it is necessary for the purposes of providing health care and treatment.
• Contract: We process your personal data where this is necessary to enter into and perform our contract with you, for example to arrange and deliver appointments and to manage payments.
• Legal obligation: We process certain information to comply with our legal and regulatory obligations, including clinical record-keeping, taxation, and accounting requirements.
• Legitimate interests: We may process your personal data where this is necessary for our legitimate interests, provided your interests and fundamental rights do not override those interests. These interests include managing our business, improving our services, and handling queries, complaints, or legal claims.
• Consent: In limited circumstances, we rely on your consent, for example for certain types of marketing communications or where required before sharing information with third parties not directly involved in your care. Where we rely on consent, you may withdraw it at any time (see "Your Rights" below).
5. Sharing Your Information
We only share your personal information where this is lawful, appropriate and with your consent.
We may share your information with:
• Your GP and other health professionals involved in your care, where this is necessary to provide health care and treatment and, where required, with your consent.
• Medical insurers and other funders, where this is necessary for the administration and payment of your treatment and in line with our agreements with you and them.
• Our service providers, such as IT, messaging and payment providers, who act as data processors on our behalf and are bound by written contracts and appropriate safeguards.
• Regulators, public bodies or law enforcement authorities where we are required to do so by law, or where it is necessary to protect your vital interests or the vital interests of another person, or to establish, exercise or defend legal claims.
We do not sell your personal data to third parties.
6. PracticeHub - Our Data Processor
We use PracticeHub Limited (practicehub.io) as our electronic medical records system. PracticeHub acts as a data processor on our behalf and stores your medical information securely on their servers.
Key Information About PracticeHub:
• PracticeHub is UK GDPR compliant
• They use industry-standard security measures including encryption
• Data is stored securely on servers managed by Amazon Web Services
• We have a Data Processing Agreement with PracticeHub
• PracticeHub's full privacy policy and security documentation is available at https://practicehub.io
7. Data Security
We take the security of your personal information seriously. We implement appropriate technical and organisational measures to protect your data from unauthorised access, loss, or misuse, including:
• Secure, password-protected electronic systems
• Encryption of data in transit and at rest
• Regular security updates and backups
• Limited access to your information on a need-to-know basis
• Staff training on data protection and confidentiality
8. Data Retention
We retain your personal and medical information in accordance with professional and legal requirements. Clinical records are retained for a minimum of 8 years from the date of your last treatment (or until age 25 for patients under 18, whichever is longer), as required by professional guidelines.
After this period, records will be securely destroyed unless there is a legal requirement to retain them for longer.
9. Your Rights
Under UK GDPR, you have the following rights:
• Right of access: You can request a copy of the personal information we hold about you
• Right to rectification: You can request correction of inaccurate or incomplete information
• Right to erasure: You can request deletion of your data in certain circumstances
• Right to restrict processing: You can request that we limit how we use your data
• Right to data portability: You can request your data in a portable format
• Right to object: You can object to certain types of processing
• Right to withdraw consent: You can withdraw consent at any time where processing is based on consent
Please note that some rights may be limited by professional obligations and legal requirements to maintain medical records.
10. Contact Us
If you have any questions about this Privacy Policy, wish to exercise your rights, or have concerns about how we handle your personal information, please contact us:
Functional Movement Physiotherapy Ltd
27 Norfolk Street, Liverpool, L1 0BE
Telephone: 0151 601 1481
Email: hello@functionalmovementphysio.co.uk
11. Complaints
If you believe we have not handled your personal information properly, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's data protection supervisory authority.
Information Commissioner's Office
Website: www.ico.org.uk
Telephone: 0303 123 1113
Email: casework@ico.org.uk
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Any changes will be posted on our website and, where appropriate, notified to you by email. We encourage you to review this policy periodically.
