About UsOur ServicesGet in Touch

Legal

Privacy Policy

1. Who we are

This Privacy Policy explains how Physio Me collects, uses, discloses and protects personal data in the course of providing private community physiotherapy services. References to "we", "us" and "our" are to Physio Me. Our contact details are set out in section 11 below.

We act as a data controller for the personal data described in this policy.

2. Scope and lawful basis

We process personal data in accordance with applicable UK data protection laws, including the UK General Data Protection Regulation and the Data Protection Act 2018. We will only process personal data where we have a lawful basis, which may include performance of a contract, compliance with legal obligations, our legitimate interests, and, for special category data such as health information, the provision of health or social care and the management of health or social care systems and services, or explicit consent where required.

3. The data we collect

We may collect and process the following categories of personal data:

  • Identity and contact details such as name, address, telephone number, email address, date of birth and emergency contact information.
  • Administrative and financial data such as appointment history, billing details and payment information.
  • Health and clinical data such as medical history, current symptoms and conditions, medications, referrals, assessment notes, treatment plans, progress reports, imaging and test results, and communications with other healthcare professionals where relevant to your care.
  • Correspondence and communications such as emails, messages, feedback and complaints.
  • Technical data such as IP address and basic device and usage information when you visit our website or use our digital services.

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you do not provide that data when requested, we may be unable to provide or continue to provide services.

4. How we collect data

We collect data directly from you when you contact us, register, complete forms, attend appointments, or communicate with us. We may also receive data from third parties such as your GP, consultant or other healthcare professionals, with your knowledge or where permitted or required by law. Limited technical data may be collected via our website through cookies or similar technologies.

5. Purposes of processing

We use personal data for the following purposes:

  • To register you as a patient and manage our relationship with you.
  • To assess, plan, deliver and review physiotherapy treatment and related services.
  • To liaise with other healthcare professionals involved in your care, where appropriate.
  • To arrange appointments, send reminders and communicate about your care and our services.
  • To process payments, manage accounts and meet tax and accounting obligations.
  • To handle queries, feedback, incidents and complaints.
  • To meet legal, regulatory and safeguarding obligations, including clinical record-keeping.
  • To manage our business operations, service quality, training and risk management.
  • To improve our services and website, including anonymised or aggregated analysis that does not identify individuals.
  • For marketing communications, only where permitted by law and with your consent where required. You can opt out at any time.

6. Lawful bases relied upon

Depending on the processing activity, we rely on one or more of the following lawful bases:

  • Performance of a contract with you or to take steps at your request prior to entering into a contract.
  • Compliance with our legal obligations, including health and safety, clinical record-keeping and tax.
  • Our legitimate interests in delivering and improving our services, managing our business, and ensuring network and information security, provided such interests are not overridden by your rights.
  • Vital interests, where necessary to protect life.
  • For special category health data: processing that is necessary for the provision of health or social care or the management of health or social care systems and services; for the establishment, exercise or defence of legal claims; for reasons of public interest in the area of public health; or based on your explicit consent where required.

7. Sharing your data

We may share personal data where necessary and lawful with:

  • Healthcare professionals involved in your care, such as your GP or consultant.
  • Laboratories, imaging providers or other allied health services involved in your treatment.
  • Service providers acting on our behalf, such as IT, practice management, secure messaging, payment processing and document storage providers, subject to appropriate contractual safeguards.
  • Regulators, professional bodies, governmental authorities, courts, or law enforcement where required by law or in connection with legal claims.
  • Emergency services where necessary to protect vital interests.

We do not sell personal data. International transfers will only occur where necessary and with appropriate safeguards in place.

8. Data security

We implement appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing, accidental loss, destruction or damage. Measures include access controls on a need-to-know basis, encryption in transit and at rest where appropriate, secure storage of clinical records, staff confidentiality obligations and training, system monitoring and regular review of our security arrangements. Despite these measures, no system can be completely secure and we cannot guarantee absolute security.

9. Data retention

We retain personal data only for as long as necessary for the purposes set out in this policy and to satisfy legal, regulatory, accounting or reporting requirements. Clinical records are retained in accordance with applicable healthcare record retention standards, after which data will be securely deleted or anonymised.

10. Your rights

Subject to applicable law and certain exemptions, you have the following rights in relation to your personal data:

  • To be informed about the collection and use of your personal data.
  • To request access to your personal data and to obtain a copy.
  • To request rectification of inaccurate or incomplete data.
  • To request erasure in certain circumstances.
  • To request restriction of processing in certain circumstances.
  • To object to processing based on our legitimate interests and to object to direct marketing at any time.
  • To data portability, allowing you to obtain and reuse certain data across different services.
  • To withdraw consent at any time where processing is based on consent, without affecting the lawfulness of processing before withdrawal.
  • To lodge a complaint with the UK Information Commissioner's Office if you are concerned about how we handle your data.

We may need to verify your identity before responding to a request and may charge a reasonable fee where permitted by law for manifestly unfounded or excessive requests.

11. Contact us

If you have any questions about this policy or how we process personal data, or if you wish to exercise your rights, please contact:

Data Protection Lead

Physio Me

Email: phy.sio@me.com

Telephone: 07508 418857

You may also contact the Information Commissioner's Office via www.ico.org.uk, telephone 0303 123 1113, or by post at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

12. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in law, guidance or our practices. We will post the updated policy with a revised effective date and, where appropriate, notify you by email or during your next interaction with us.

13. Additional information for website users

Our website may contain links to third-party sites. We are not responsible for the privacy practices of those sites. Our website may use cookies and similar technologies for functionality, analytics and, where applicable, marketing.