Call Now

Privacy Policy

Effective Date: 4th October 2024

At Rehab Physio London (“RPL”, “we”, “our”, “us”), we are committed to protecting and respecting your privacy. This Privacy Policy outlines how we collect, use, store, and protect your personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and HIPAA (Health Insurance Portability and Accountability Act) compliance when using HubSpot to process referrals.

 

1. Information We Collect

We may collect and process the following categories of personal data:

  • 1.1. Personal Identification Information:

    Full name
    Date of birth
    Address
    Email address
    Phone number

  • 1.2. Health Information:

    Medical history, rehabilitation goals, and progress notes
    Treatment plans and test results
    Information relating to medication and therapies you are receiving

  • 1.3. Financial Information:

    Payment and billing information
    Insurance details

  • 1.4. Technical Information:

    IP address, device type, and browser information collected through cookies when using our website.

 

2. How We Use Your Information

We use the information collected for the following purposes:

  • 2.1. Service Provision

    We provide a wide range of therapy services, including:

    • Physiotherapy
    • Occupational Therapy
    • Speech and Language Therapy
    • Psychology
    • Dietetics
    • Music Therapy
    • Clinical Exercise
    • Therapy Assistants
    • Equipment Prescription and Hire

     

    We use your information to:

    Deliver assessments, treatment, and rehabilitation programs tailored to your needs. Securely maintain clinical records on Cliniko, a GDPR-compliant clinical system where we store patient notes. Manage referrals and inquiries using HubSpot CRM in accordance with HIPAA regulations.

    Communicate with you regarding appointments and any changes to services.

  • 2.2. Legal Compliance

    We may process your personal data to comply with legal obligations, such as maintaining accurate health records or complying with health and safety regulations.

  • 2.3. Customer Support and Communication

    We use your contact information to respond to your inquiries and keep you informed about your appointments, changes in treatment, or updates to our services.

  • 2.4. Billing and Payment

    We use financial data to process payments and manage invoicing for our services.

  • 2.5. Marketing (with consent)

    If you have provided explicit consent, we may use your contact details to send you updates about our services or health tips. You can opt out at any time.

 

3. Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Consent: When you provide voluntary consent for specific processing activities, such as receiving marketing communications.
  • Contractual Necessity: To fulfil the contract we have with you for providing therapy services.
  • Legal Obligation: To comply with regulatory and legal obligations, particularly concerning medical record retention and patient confidentiality.
  • Legitimate Interest: To provide and improve our services while ensuring your data privacy and security.

 

4. How We Share Your Information

We do not share your personal data with third parties unless:

  • It is required to provide our services (for example, other healthcare professionals involved in your care).
  • It is necessary for processing payments (for example, payment processors or insurers).
  • We are complying with legal obligations or safeguarding your health and safety.

We manage referrals, enquiries, and patient records using Remy, our practice management system. We use trusted service providers to operate the practice, and any such provider acts on our instructions and is required to handle your information in line with UK data protection law, including the UK GDPR and the Data Protection Act 2018.

Sharing with our marketing partner

When you submit an enquiry through our website, the information you provide (your name, contact details, postcode, how you heard about us, and your message) is shared with our marketing partner, Klatch, who manage our website and advertising on our behalf. They use this information to respond to enquiries, manage our marketing campaigns, and measure how well our advertising is working.

Klatch act as a data processor on our behalf, which means they may only use your information in line with our instructions and applicable data protection law. They may use trusted third-party tools to do this, including marketing and analytics platforms. Where any of these tools transfer data outside the UK, appropriate safeguards are in place as required by the UK GDPR.

We do not share information about your care or treatment with our marketing partner. The sharing described here relates only to website enquiries and marketing activity.

You can ask us at any time to confirm what information is held, to correct it, or to have it deleted, by contacting us at hello@rehabphysiolondon.com. 

     

    5. How We Store and Protect Your Data

    We implement stringent measures to protect your data:

    • Cliniko is used to securely store clinical records, with encryption and controlled access to safeguard your data.
    • HubSpot CRM is used to manage referrals, ensuring HIPAA compliance and secure data storage.
    • Paper records, if used, are securely stored in locked facilities.
    • We retain your data as required by UK law (minimum of 8 years for medical records following the last treatment).

     

    6. Your Data Protection Rights

    Under the UK GDPR and Data Protection Act 2018, you have the following rights:

    • Right to Access: You can request a copy of the personal data we hold about you.
    • Right to Rectification: You can ask us to correct inaccurate or incomplete personal information.
    • Right to Erasure: You may request deletion of your data in certain circumstances.
    • Right to Restrict Processing: You can ask us to limit how your personal data is processed in certain situations.
    • Right to Data Portability: You can request that we transfer your data to another organisation in a structured, commonly used, and machine-readable format.
    • Right to Object: You can object to the processing of your personal data in some circumstances, particularly if we are processing based on legitimate interests.
    • Right to Withdraw Consent: If we are processing your data based on your consent, you can withdraw that consent at any time.

     

    7. Data Retention

    We will retain your personal data for as long as is necessary for the purposes outlined in this Privacy Policy or as required by law. For medical records, the retention period is a minimum of 8 years after your last treatment.

     

    8. Cookies and Tracking Technologies

    Our website uses cookies to improve your experience. Cookies are small data files stored on your device that help us track usage, remember your preferences, and optimise your interactions. You can control or disable cookies through your browser settings, but this may affect your experience on our site.

     

    9. Contact Information

    If you have any questions, concerns, or would like to exercise your rights regarding your personal data, please contact us:

    Email: hello@rehabphysiolondon.com
    Phone: 0208 638 8067
    Address: 43 Harwood Road, London, SW6 4QP

     

    10. Changes to This Policy

    We may update this Privacy Policy from time to time in order to reflect changes in our practices or for other operational, legal, or regulatory reasons. When changes are made, the updated policy will be posted on our website with the new effective date.

    By continuing to use our services, you acknowledge that you have read and understood this policy.