GDPR Policy
At Farnham Physiotherapy & Sports Clinic, we are committed to protecting the privacy and security of our patients’ personal data. This GDPR policy outlines how we collect, use, and protect your data in accordance with the General Data Protection Regulation (GDPR) and other relevant data protection laws.
1. Data Collection
We collect personal data from our patients in order to provide high-quality physiotherapy services. This data may include:
- Name
- Contact information (e.g., address, email, phone number)
- Date of birth
- Medical history and information related to current health concerns
- Treatment notes and progress reports
We collect this data during the initial consultation and subsequent appointments, as well as through our online booking system and patient intake forms.
2. Use of Data
We use the personal data we collect for the following purposes:
- Providing physiotherapy assessments, treatments, and rehabilitation services
- Communicating with patients regarding appointment scheduling, reminders, and follow-up careMaintaining accurate medical records and treatment notes
- Billing and processing payments for services rendered
- Complying with legal and regulatory requirements
3. Data Sharing
We may share personal data with third parties only when necessary to provide our services or as required by law. This may include sharing data with:
- Other healthcare professionals involved in a patient’s care (e.g., referring physicians, specialists)
- Insurance companies or third-party payers for billing and reimbursement purposes
- IT service providers who assist with the maintenance and security of our systems
We do not sell or otherwise disclose personal data to third parties for marketing purposes without explicit consent.
4. Data Security
We take appropriate technical and organizational measures to safeguard the confidentiality, integrity, and availability of our patients’ personal data. This includes:
- Implementing access controls and authentication mechanisms to restrict access to personal data
- Regularly monitoring our systems for security vulnerabilities and incidents
- Training our staff on data protection best practices and their obligations under GDPR
5. Data Retention
We retain personal data for as long as necessary to fulfill the purposes for which it was collected, as required by law, or as instructed by our patients. After the retention period expires, we securely dispose of or anonymize the data in accordance with our data retention policy.
6. Patient Rights
Our patients have the following rights regarding their personal data:
- The right to access and obtain a copy of their personal data
- The right to rectify inaccuracies or incomplete information
- The right to request the erasure of their personal data under certain circumstances
- The right to restrict or object to the processing of their personal data
- The right to data portability, allowing them to receive their data in a structured, commonly used format
Patients can exercise their rights by contacting us using the contact information provided below.
