Privacy Policy
Privacy Policy at Thrive Physiotherapy
Thrive Physiotherapy will respect and protect any personal information you provide us with. This information can be obtained through making an appointment, the clinical examination or from any purchase of products or services with us.
Any changes to the policy will be made by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective from 30.09.23.
Who is the Policy for?
This policy is information for people that we hold information for or are about to hold their information. They are mostly our individual records for physiotherapy clients. Thrive Physiotherapy (Thrive) are committed to ensuring we hold your data securely. This policy explains:
- What we hold?
- Why we hold it?
- How long we hold it for?
Thrive holds ‘Personal and Special Information’ as defined by the GDPR and Data Protection Regulations. We treat our responsibilities very seriously as an organisation and as individuals we will always treat your information as important and ensure that we protect its use, access and accuracy.
Thrive uses software companies registered with the Information Commissioners Office Registration Number: ISO 9001 (Quality Management) accreditation and ISO 27001 (Information Security Management) accreditation.
What personal information we collect:
- Name, date of birth and address
- Contact information such as a telephone number and/or an email address
- History of your health and any related conditions you have, your medication, occupation and interests
- How your treatment is paid
This information will primarily be collected from you with your permission. Where it is lawful to do so, we may collect information from other sources such as the NHS or other healthcare providers authorised to provide it. This includes parents or carers who have permission to give information on your behalf.
What we do with the information we gather
We require this information to understand your needs and provide you with the best possible service. We require your information for the following reasons:
- During your appointment
- Internal record keeping
- Any letters sent to your GP or the hospital
- Providing products and services
- Responding to any queries you have
- Maintaining records for tax compliance with the laws defence of claims
- Managing and administrating insurance claims
In order to provide you with products or services described above we hold digital copies of your information securely at Thrive.
Third Party System Software Providers and your data security
Part of our processes use third party systems software to collect and store your personal information. Under GDPR guidelines ‘we’ as Data Controllers have responsibility to ensure that your data is processed securely.
Thrive Physiotherapy uses different software providers for different elements of the business. When you provide us with information it can be in the following ways:
- By Telephone:
Any information gathered during a phone call will be input by a staff member directly into our private practice management software where data is securely stored within our own multi-layered protected computer network.
- Newsletter sign-up
You can complete our online form via our website in order to receive a copy of our newsletter via email. When you input your personal information into this form the information is sent directly to our encrypted email service at hello@thrive-physiotherapy.co.uk and is collected by a receptionist/administrator or physiotherapist. All access to our emails are password protected at each stage.
- Booking a physiotherapy appointment online via our website:
Via www.thrive-physiotherapy.co.uk you can book an appointment straight into our diary system. The data provided at this stage links directly with our securely hosted system and is not accessible to anyone outside of our organisation. The system is password protected at all stages with each ‘data controller or data processor’ having their own log-in secure passwords.
You will be asked to complete a digital registration form. This form allows the physiotherapist to gather the relevant information from you prior to your appointment.
- When you attend your appointment:
The receptionist/administrator will input the information from this registration form into our system and will then shred the document to ensure your security.
- After your appointment:
Your physiotherapist may provide you with an exercise programme. You will be asked to provide an email address to the physiotherapist (if you haven’t already done so) and a link will be sent directly to you via an encrypted email with your exercises. By clicking on the link you will access your programme in the external ProSport Exercise Librairy software. ProSport Exercise Librairy ‘Terms &conditions/Privacy Policy’ will then be available for you to read prior to accessing the system.
Your payment information is NOT accessible to anyone at Thrive at any time, this information is kept securely within the software
How long we store your information for
Information will be retained by us for as long as is reasonably necessary as defined under applicable healthcare laws and regulations. For private clients where we create your medical records, we will store the information as long as we provide your treatment and for a further period of 5 years after the last treatment.
Who your personal information is shared with
We may disclose personal information to health care authorities including the NHS or equivalent bodies
How to update your information
If you believe that any information we are holding on you is incorrect or incomplete, you can update your personal information by visiting our practice, sending an email to hello@thrive-physiotherapy.co.uk, or in writing posted via royal mail. If you would like to do this, our head office address is:
Thrive Physiotherapy, 416b Sharrow Vale Road, Sheffield S11 8ZP
Protecting personal information
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronics and managerial procedures to safeguard and secure the information we collect from you. All paper copies of your records are destroyed and electronically accessed only by our data processors.
We cannot 100% guarantee the complete security of our electronic database however we do have antivirus software in place which is maintained by our software security company. We also cannot 100% guarantee that the information you supply to us will not be intercepted when provided over the internet. Any online transmission of information is at your own risk.
Using our Website
When you access our website, we log your IP address for administration and information purposes. Our website may use cookies to allow you access to certain areas within our website or to track visitors to our site with Google Analytics. The cookie will not store any personal information you may provide.
Analytics
The services contained in this section enables Thrive to monitor and analyse web traffic and can be used to keep track of User behaviour.
Google Analytics (Google LLC)
Google Analytics is a web analysis service provided by Google LLC (“Google”). Google utilises the Data collected to track and examine the use of this Website, to prepare reports on its activities and share them with other Google services.
Google may use the Data collected to contextualise and personalise the ads of its own advertising network.
Personal Data processed: Tracker; Usage Data.
Google Analytics 4 (Google LLC)
Google Analytics 4 is a web analysis service provided by Google LLC (“Google”). Google utilizes the Data collected to track and examine the use of this Website, to prepare reports on its activities and share them with other Google services.
Google may use the Data collected to contextualize and personalize the ads of its own advertising network.
In Google Analytics 4, IP addresses are used at collection time and then discarded before Data is logged in any data centre or server. Users can learn more by consulting Google’s official documentation.
Personal Data processed: Trackers; Usage Data.
Displaying content from external platforms
This type of service allows you to view content hosted on external platforms directly from the pages of this Website and interact with them.
This type of service might still collect web traffic data for the pages where the service is installed, even when Users do not use it.
Google Fonts (Google LLC)
Google Fonts is a typeface visualization service provided by Google LLC that allows this Website to incorporate content of this kind on its pages.
Personal Data processed: Usage Data; various types of Data as specified in the privacy policy of the service.
Google Maps widget (Google LLC)
Google Maps is a maps visualization service provided by Google LLC that allows this Website to incorporate content of this kind on its pages.
Personal Data processed: Tracker; Usage Data.
Cliniko
This site, like most other sites on the internet, uses cookies. A cookie is a small bit of text stored in your browser that we use to identify you when you sign in.
Handling payments
Unless otherwise specified, this Website processes any payments by credit card, bank transfer or other means via external payment service providers. In general and unless where otherwise stated, Users are requested to provide their payment details and personal information directly to such payment service providers. This Website isn’t involved in the collection and processing of such information: instead, it will only receive a notification by the relevant payment service provider as to whether payment has been successfully completed.
SumUp
SumUp is a payment service provided by SumUp Payments Ltd.
Personal Data processed: payment data; various types of Data as specified in the privacy policy of the service.
Platform services and hosting
These services have the purpose of hosting and running key components of this Website, therefore allowing the provision of this Website from within a unified platform. Such platforms provide a wide range of tools to the Owner – e.g. analytics, user registration, commenting, database management, e-commerce, payment processing – that imply the collection and handling of Personal Data.
Some of these services work through geographically distributed servers, making it difficult to determine the actual location where the Personal Data are stored.
Wix (Wix.com Ltd)
Wix is a platform provided by Wix.com Ltd. that allows the Thrive to build, run and host this Website. Wix is highly customizable and can host websites from simple blogs to complex e-commerce platforms.
Personal Data processed: various types of Data as specified in the privacy policy of the service.
Tag Management
This type of service helps the Thrive to manage the tags or scripts needed on this Website in a centralised fashion.
This results in the Users’ Data flowing through these services, potentially resulting in the retention of this Data.
Google Tag Manager (Google LLC)
Google Tag Manager is a tag management service provided by Google LLC.
Personal Data processed: Usage Data.
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Your rights
The UK Data Protection Regulations are specific about the treatment of personal and special data, you have the right to receive a copy of your records by making a Subject Access Request in writing. To request a copy of your Data Please submit your request to: Róisín O’Bentley, Thrive Physiotherapy, 416b Sharrow Vale Road, Sheffield S11 8ZP.
Thrive Physiotherapy will only use qualified clinicians when providing advice or services to you. Our clinicians are regulated and authorised by the Health and Care Professions Council (HCPC), Chartered Society of Physiotherapy (CSP) and Pelvic, Obstetric and Gynaecological Physiotherapy (POGP)
Any complaints or praise can be sent to Róisín O’Bentley, Thrive Physiotherapy, 416b Sharrow Vale Road, Sheffield S11 8ZP. If you are unhappy at how Thrive have processed your data you can contact the Information Commissioners Office at www.ico.org.uk or write to Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Legal disclaimer
The information on in this document is intended for information and reference purposes only. The medical information is general and not case specific. It should not be relied upon as a replacement for seeking advice from a registered physiotherapist, general medical practitioner or other professional person. Thrive Physiotherapy do not accept liability whatsoever for any assumed diagnosis or treatment made from information contained within this document or on our website.
By answering any question, inquiry or providing you any information, the therapist is not treating you as a patient or client. Without an assessment, the therapist will under no circumstances assume any liability or responsibility whatsoever for the care of an individual. Our therapist is providing you with the requested information as a professional courtesy, for general information purposes only.
If you have any concerns regarding how your personal data is held by our company, please contact our data controller by visiting our practice or in writing. Alternatively contact the ICO https://ico.org.uk/for-organisations/guide-to-freedom-of-information/what-is-the-foi-act