Privacy Policy
Context
UK GDPR (United Kingdon General Data Protection Regulation) came into force on 31st December 2020, replacing GDPR which had been in force from 25th May 2018; We have put together this privacy statement to give our clients more information about what we do with your personal data and the rights you have as an individual in relation to the data that we hold for you.
This policy will explain what data we hold, how we use your data, and how we take measures to ensure the data held is kept securely and safely.
Your Rights
Best Form Sports Therapy will ensure that it treats personal information lawfully and correctly. To this end, we fully endorse and adhere to the principles and your rights as set out in the UK GDPR as outlined below:
Your personal data shall be processed fairly and lawfully and shall not be processed unless specific conditions are met.
Your personal data shall be obtained only for one or more specified and lawful purposes and shall not be further processed in any manner incompatible with that purpose or those purposes.
Personal data collected shall be adequate, relevant, and not excessive in relation to the purpose or purposes for which it is processed.
Personal data shall be accurate and, where necessary, kept up to date.
Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes (see Retention Periods later in this statement for details).
Personal data shall be processed in accordance with the rights of data subjects under UK GDPR, GDPR and the Data Protection Act 2018.
Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
Personal data shall not be transferred to a country or territory outside of the UK unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data or contractual clauses are in place to ensure that data is stored with a level of protection at least equal to that provided under UK GDPR.
Furthermore, under the UK General Data Protection Regulations (UK GDPR) you have the right to:
The right to be informed about what data is being held about you and how it is processed and managed which has been clearly outlined within this privacy statement.
The right of access to data that is held about you. You can do this by contacting us via email. We may request that you provide identification documents to confirm you are the data subject.
The right to rectification if the data that is held about you is inaccurate or incomplete. You can request this to be undertaken by contacting us via email.
The right to request the erasure of the data we hold for you, which is also known as the right to be forgotten. To request the right of erasure please contact us via email. If there are legal or professional reasons why data needs to be retained, it may not be possible for us to erase your data. If this is the case, we will write to you to let you know.
The right to restrict the processing of the data we hold upon you. This means not deleting the data we hold upon you but placing certain restrictions or total restrictions on how we process it. To request the restriction of processing please contact us via email.
The right to data portability to receive the data we hold on you in an open source format such as in a CSV format. To request the data we hold in such a format, please contact us via email.
The right to object to the way your data is being held, processed, or managed. You can do so by contacting us via email.
Rights in relation to automated decision making and profiling to be outlined to you. Currently, Best Form Sports Therapy does not undertake any form of automated decision making.
What Data Is Held
Best Form Sports Therapy holds the following data for legitimate client communication regarding booking initial / follow up appointments and to comply with the current legislation.
First name
Last Name
Email address and/or telephone number
Address where applicable
Date of Birth
Medical History / Medical Records as shared by you, the client.
Data Storage and Data Sharing
Best Form Sports Therapy takes the security of your information seriously. Only your Therapist will have access to your data for the purposes specified in this privacy statement. Your data may sometimes be shared with third parties such as other health care professional’s e.g. referrals to a GP or a consultant for further imaging or investigation, which would always be discussed primarily with you before doing so.
Any data collected will be clearly outlined to clients at the point of data collection and will only be kept in locations for the length of time required to process such information for its intended purpose. Any handwritten notes are stored and used in a confidential manner and confidentially disposed of after the intended purpose.
Best Form Sports Therapy uses the following UK GDPR compliant systems to store and / or process data:
Gmail for email correspondence, calendar and contact software.
Instagram, LinkedIn, Whats App, SMS, Facebook, and Twitter for marketing & communications purposes.
Retention Periods
Medical/Health records are retained by Best Form Sports Therapy for 7 years to meet requirements set by HMRC and to comply with our insurance. Handwritten notes are retained and stored securely for a maximum of 12 months.
Complaints
Should you have a complaint about the management of your data or any further questions regarding anything in the policy above please contact us via email.
Should you be dissatisfied with the way your complaint is handled, you can make a complaint or raise a concern to the Information Commissioner’s Office. You can contact the Information Commissioner’s Office on 0303 123 1113 or go online to the ICO.
Effective Date
This policy was last updated on 1st September 2023