Privacy and Cookie Policy

Introduction

Synergy Physiotherapy (a trading name of OH Physiotherapy North West Ltd.) is an occupational health (OH) physiotherapy business providing occupational health, physiotherapy, health care and well being services to employers and private customers across the UK.

In order to operate to the highest possible healthcare standards, we are required to collect confidential data. We use this information in good faith, and at all times following the principles and robust guidance published in relevant legislation industry standards, and professional governing bodies.

Purpose of policy

This policy details our approach, our compliance and the principles and guidance we consistently apply to privacy and data protection. Additionally, it serves as a statement of intent to which our company, our employees and approved third parties must comply.

It is not feasible for this policy to detail every possible use of data, however it serves as a basis for guidance where required.

Distribution and Access

This policy is published and easily accessible on our website. It is distributed to our staff at induction and subject to regular review. We send this policy to service users (patients / employees) at every new appointment booking and provide it to customers (employers) at every service launch and as required for informative purposes.

Synergy Physiotherapy commitments

Synergy Physiotherapy is fully committed to:

  • Ensuring our compliance with the Principles of Data Protection.
  • Meeting all legal obligations as detailed in the General Data Protection Regulations (2018), Human Rights Act (1990), Health and Social Care Act (2015), Access to Health Records Act (2000), and any other relevant legislation.
  • Facilitating the right of individuals data subject access requests, via easy to use, visible and robust procedures and processes.

Who do we collect data from?

In order to operate our business and deliver healthcare services, we collect data from the following:

  • Our patients
  • Employees of the customers who purchase of services
  • Our customers
  • Our employees
  • Individuals who interact with our website

Individuals from any of the above categories can be assured that all personal information being collected, held and used by Synergy Physiotherapy will be in strict compliance with all current UK legislation (Data Protection Act 1998 and the General Data Protection Regulations (GDPR) 2018).

What type of data do we collect and why?

As an occupational health physiotherapy business, Synergy Physiotherapy has a legal duty to collect, store and process information that enables us to create medical records to provide physiotherapy services.

Generally, the data we collect may consist of the following:

  • Individual details: Name, address, telephone number, employment details, email address, age, gender.
  • Medical details: Medical history and medical conditions, other patient details as required for legitimate treatment purposes.

We also collect, store and process details of our staff (within personnel records).

Synergy ensure that all personal data is collected, stored, processed and transferred (where required) in a lawful manner, completely in line with all GDPR guidelines.

Website: Visitors to our website can be assured that Synergy do not collect any personal information, other than in explicit and clear instances where information is knowingly volunteered and given by a website user. Any website visitors who wish to receive contact from Synergy must provide and enter contact details and the nature of their request. We collate anonymised statistical information, such as visitors numbers to our website, however this cannot be used for individual identification.

Cookies: Synergy Physiotherapy do not use cookies to collect personal or advertising information from visitors to the website. Refer to the Cookie Policy section below for more details.

Who does what in terms of the data that Synergy collects and holds?

Data controller: Synergy will act as the “Data Controller” for the information we collect. However it is imperative to make it explicitly clear that it is the individual themselves who have control of the data. This is in line with their “Individuals Rights” unless exceptional legal jurisdiction applies

Data processor: Synergy Physiotherapy employees, along with approved third parties e.g. those we use for our patient management system and exercise prescription software, will act as “Data Processors”. It is their explicit responsibility to collect, store transfer and delete data in line with the guidelines or the wishes of the individual (unless there is a legal obligation for Synergy not to comply with the wishes of the individual).

We will only process the data for the purposes for which it was collected so we will not edit, transfer or delete this without legal basis or an individual’s express wishes.

Individual data subject rights

Whilst Synergy collect data on behalf of our customers to deliver health care services, all individuals and service users have the following rights when it comes to their own data:

  • The right to be informed: Any service user is informed, at the first available opportunity, what data is to be collected, and what it will be used for.  This will be provided in a clear, concise, and transparent format.
  • The right of access: Any service users can request, verbally or in writing (without any charge), access to their own records.  This will be provided in an accessible format (upon identification conformation) within 30 calendar days (in the majority of circumstances).
  • The right to rectification: Any service user can request that inaccurate or incomplete data is rectified. In instances where any inaccurate data has been disclosed to another party (for example their employer), Synergy have an obligation to inform the party of the corrections.
  • The right to erase: With due consideration for legal protection required for medical records, service users may request the deletion of data where it is no longer required for legitimate purposes, or where they withdraw their consent to processing. Under no circumstances may a medical record be altered or erased without seeking the proper authority and consulting with the Synergy Physiotherapy Data Protection Officer.
  • The right to restrict processing: Where and when a service user contests the accuracy of personal data, or instances where they object to processing, processing of data may be suspended prior to a decision regarding rectifying or deleting data.
  • The right to data portability: Service users may obtain and reuse their personal data for their own purposes and to transfer to another data controller.
  • The right to object: Service users may object to their data being used on grounds relating to their situation unless Synergy can demonstrate compelling legitimate grounds to continue.  This is considered on a case-by-case basis.

Synergy will ensure we comply with individual requests regarding individual rights under GDPR unless there is a legal reason for us not to do so.

Data Security

Synergy Physiotherapy take data security very seriously. We therefore implement appropriate measures to safeguard all information we hold from unauthorised access or any improper use. All our data is securely stored in a protected environment, and only users authorised by Synergy, with the appropriate training and permission levels, have access.

Who has access to the data

Personal data collected routinely as part of physiotherapy administration, assessment or treatment may be accessed by clinical or administrative staff as required for the provision of services, or by clinical auditors who ensure the quality of service.

This data may also be shared with other clinical professionals outside of Synergy Physiotherapy, where this is required for the provision of services, is required by law, or when required to safeguard the wellbeing of a patient or other person.

Data may occasionally be accessed by selected service suppliers who provide technical support.

Accessing your information

GDPR legislation gives you the right to access your information. If you wish to exercise these rights, please speak to your physiotherapist or contact for more information, email Synergy at [email protected], or call us on 0151 662 0076.

How long will the data we hold to be kept for (data retention periods)

Different types of data have different legal “retention periods” that Synergy adhere to.

Personal data collected by a healthcare professional (physiotherapist) forms part of a medical record. Synergy are therefore legally required to maintain this data in line with the guidance of relevant healthcare governing bodies. In general terms, this means that data is stored for 8 years after a customers or service users last contact with a clinician. After this period it is destroyed securely.

Other personal data collected through websites or other means will be kept only for the minimum amount of time required, no longer than necessary, and then deleted.

To reiterate the aforementioned individual rights, service users have the right to ask at any time for their data to be destroyed or transferred elsewhere(providing no other laws prevent this from happening).

Third Party Disclosure

Synergy will only pass any personal information to any third party outside of our organisation when we have your explicit consent to do so.

Making a complaint

If you are unhappy with any aspect of this privacy statement or how we collect, store, save, manage or delete personal data, then please contact us via email at [email protected] or call us on 0151 662 0076.

Alternatively, you can contact the Information Commissioners Office who are able to offer comprehensive advice regarding GDPR and data protection laws.

Cookie policy

This Cookie Policy explains what cookies are and how we use them. You should read this policy to understand what cookies are, how we use them, the types of cookies we use i.e, the information we collect using cookies and how that information is used and how to control the cookie preferences. For further information on how we use, store and keep your personal data secure, see our Privacy Policy above.

You can at any time change or withdraw your consent from the Cookie Declaration on our website.

Learn more about who we are, how you can contact us and how we process personal data in our Privacy Policy.

Your consent applies to the following domains: synergyphysiotherapy.co.uk.

What are cookies?

Cookies are small text files that are used to store small pieces of information. The cookies are stored on your device when the website is loaded on your browser. These cookies help us make the website function properly, make the website more secure, provide better user experience, and understand how the website performs and to analyse what works and where it needs improvement.

How do we use cookies?

As most online services, our website uses first-party and third-party cookies for a number of purposes. The first-party cookies are mostly necessary for the website to function the right way, and they do not collect any of your personally identifiable data.

The third-party cookies used on our websites are used mainly for understanding how the website performs, how you interact with our website, keeping our services secure and providing you with a better and improved user experience and help speed up your future interactions with our website.

What types of cookies do we use?

Essential: Some cookies are essential for you to be able to experience the full functionality of our site. They allow us to maintain user sessions and prevent any security threats. They do not collect or store any personal information. For example, these cookies allow you to log-in to your account and add products to your basket and checkout securely.

Statistics: These cookies store information like the number of visitors to the website, the number of unique visitors, which pages of the website have been visited, the source of the visit etc. These data help us understand and analyze how well the website performs and where it needs improvement.

Marketing: This website does not track personal information and does not display advertisements.

Google Analytics: Uses cookies to track user activity to generate usage statistics and reports within the Analytics interface. To disable these cookies please see www.google.com/intl/en/privacypolicy.html. Cookies include: _utma, _utmb, _utmc, _utmz, _utmv.

To opt out of being tracked by Google Analytics on all websites visit https://tools.google.com/dlpage/gaoptout.

Functional: These are the cookies that help certain non-essential functionalities on our website. These functionalities include embedding content like videos or sharing contents on the website on social media platforms.

Preferences: These cookies help us store your settings and browsing preferences so that you have a better and efficient experience on future visits to the website.

How can I control the cookie preferences?

Should you decide to change your preferences later you can delete your cookie history through your browser settings.

In addition to this, different browsers provide different methods to block and delete cookies used by websites. You can change the settings of your browser to block/delete the cookies. To find out more out more on how to manage and delete cookies, visit www.allaboutcookies.org.