Privacy Policy
At Rehab Physio London (“RPL”, “we”, “our”, “us”), we are committed to protecting and respecting your privacy. This Privacy Policy outlines how we collect, use, store, and protect your personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and HIPAA (Health Insurance Portability and Accountability Act) compliance when using HubSpot to process referrals.
1. Information We Collect
We may collect and process the following categories of personal data:
-
1.1. Personal Identification Information:
Full name
Date of birth
Address
Email address
Phone number -
1.2. Health Information:
Medical history, rehabilitation goals, and progress notes
Treatment plans and test results
Information relating to medication and therapies you are receiving -
1.3. Financial Information:
Payment and billing information
Insurance details -
1.4. Technical Information:
IP address, device type, and browser information collected through cookies when using our website.
2. How We Use Your Information
We use the information collected for the following purposes:
-
2.1. Service Provision
We provide a wide range of therapy services, including:
- Physiotherapy
- Occupational Therapy
- Speech and Language Therapy
- Psychology
- Dietetics
- Music Therapy
- Clinical Exercise
- Therapy Assistants
- Equipment Prescription and Hire
We use your information to:
Deliver assessments, treatment, and rehabilitation programs tailored to your needs. Securely maintain clinical records on Cliniko, a GDPR-compliant clinical system where we store patient notes. Manage referrals and inquiries using HubSpot CRM in accordance with HIPAA regulations.
Communicate with you regarding appointments and any changes to services.
-
2.2. Legal Compliance
We may process your personal data to comply with legal obligations, such as maintaining accurate health records or complying with health and safety regulations.
-
2.3. Customer Support and Communication
We use your contact information to respond to your inquiries and keep you informed about your appointments, changes in treatment, or updates to our services.
-
2.4. Billing and Payment
We use financial data to process payments and manage invoicing for our services.
-
2.5. Marketing (with consent)
If you have provided explicit consent, we may use your contact details to send you updates about our services or health tips. You can opt out at any time.
3. Legal Basis for Processing
We process your personal data based on the following legal grounds:
- Consent: When you provide voluntary consent for specific processing activities, such as receiving marketing communications.
- Contractual Necessity: To fulfil the contract we have with you for providing therapy services.
- Legal Obligation: To comply with regulatory and legal obligations, particularly concerning medical record retention and patient confidentiality.
- Legitimate Interest: To provide and improve our services while ensuring your data privacy and security.
4. How We Share Your Information
We do not share your personal data with third parties unless:
- It is required to provide our services (e.g., other healthcare professionals involved in your care).
- It is necessary for processing payments (e.g., payment processors or insurers).
- We are complying with legal obligations or safeguarding your health and safety.
- When we use HubSpot CRM to process referrals, it is done in compliance with HIPAA to ensure the protection of your healthcare information. We ensure that any third-party services we use comply with data protection laws, including the UK GDPR and HIPAA, to safeguard your data.
5. How We Store and Protect Your Data
We implement stringent measures to protect your data:
- Cliniko is used to securely store clinical records, with encryption and controlled access to safeguard your data.
- HubSpot CRM is used to manage referrals, ensuring HIPAA compliance and secure data storage.
- Paper records, if used, are securely stored in locked facilities.
- We retain your data as required by UK law (minimum of 8 years for medical records following the last treatment).
6. Your Data Protection Rights
Under the UK GDPR and Data Protection Act 2018, you have the following rights:
- Right to Access: You can request a copy of the personal data we hold about you.
- Right to Rectification: You can ask us to correct inaccurate or incomplete personal information.
- Right to Erasure: You may request deletion of your data in certain circumstances.
- Right to Restrict Processing: You can ask us to limit how your personal data is processed in certain situations.
- Right to Data Portability: You can request that we transfer your data to another organisation in a structured, commonly used, and machine-readable format.
- Right to Object: You can object to the processing of your personal data in some circumstances, particularly if we are processing based on legitimate interests.
- Right to Withdraw Consent: If we are processing your data based on your consent, you can withdraw that consent at any time.
7. Data Retention
We will retain your personal data for as long as is necessary for the purposes outlined in this Privacy Policy or as required by law. For medical records, the retention period is a minimum of 8 years after your last treatment.
8. Cookies and Tracking Technologies
Our website uses cookies to improve your experience. Cookies are small data files stored on your device that help us track usage, remember your preferences, and optimise your interactions. You can control or disable cookies through your browser settings, but this may affect your experience on our site.
9. Contact Information
If you have any questions, concerns, or would like to exercise your rights regarding your personal data, please contact us:
Email: hello@rehabphysiolondon.com
Phone: 0208 638 8067
Address: 43 Harwood Road, London, SW6 4QP
10. Changes to This Policy
We may update this Privacy Policy from time to time in order to reflect changes in our practices or for other operational, legal, or regulatory reasons. When changes are made, the updated policy will be posted on our website with the new effective date.
By continuing to use our services, you acknowledge that you have read and understood this policy.