This website is operated by DLS Physiotherapy. We take your privacy very seriously, therefore we urge you to read this policy very carefully because it contains important information about us and:
This privacy notice was last updated on the 13th of September 2021. We may update this Notice from time to time and you should review it whenever you visit our website or before providing us with any personal data about yourself.
Who we are
DLS Physiotherapy (‘we’ or ‘us’) are a ‘data controller’ for the purposes of the General Data Protection Regulation (Regulation (EU) 2016/679) (“the GDPR”) (i.e. we are responsible for and control the processing of, your personal information). We are a limited trading company trading as DLS Physiotherapy and based in Menston, Ilkley. We are a team of expert professionals providing private and specialist treatment such as (Physiotherapy, Pilates, Personal Training, Massage, and Nutrition).
How we collect your personal data
We will only collect and use your personal data where we have legitimate business reasons to do so. We may obtain personal data from you to provide you a service when you contact us or visit our practices or when you get in touch with us via our website. This includes personal data provided to us when you register with us to receive our services or when you enter a competition or promotion.
We also collect your data when you contact us about employment with DLS Physiotherapy, when you provide our staff with business cards or contact details, if you deal with us when we are providing services to one of our clients, when we receive referrals from other employees, clients or suppliers, when you deal with us in order to provide us with goods or services, when staff give us your details as an emergency contact or when potential employees give us your details as a referee.
We may also collect your data when we search websites where you have posted your data to be found in relation to business opportunities. We will of course let you know at the earliest opportunity when we have gathered your data in this manner.
The personal data we collect
We collect personal data in order to provide the best possible service we can or to maintain good business and client relationships. We only collect the data we need and we will ensure we have appropriate physical and technological security measures to protect your personal data.
For clients using our services or suppliers whose services we use, depending on the relevant circumstances, we may collect some or all of the following information: name, title, email address, postal address, telephone numbers and other contact numbers, bank details, health information and health insurance information. We may also collect data from medical professionals where you have given us permission to do so.
What we use your information for
DLS Physiotherapy collects and processes your personal data for legitimate Business purposes including diagnosing and administering treatment, internal record-keeping, processing financial transactions, processing instructions from clients, in connection with legal, financial and dispute management, for compliance with legal, regulatory and tax reporting obligations and releasing your personal information to regulatory or law enforcement agencies, if they require us to do so by law for the prevention, detection and investigation of crimes. We may also use your data to market our related products and services directly to you and advise you of any updates to our services; where we do so you will be able to unsubscribe at any time from receiving any further communications from us.
We may use your personal data where we deem it to be necessary for our legitimate interests or for mutually beneficial legitimate interests. These legitimate interests are explained a little further down this notice.
Sharing your personal data
Where appropriate and in accordance with local laws, regulatory obligations and patient agreement, we may share some of your personal data with other medical professionals, third party service providers who perform functions on our behalf including external consultants, business associates and professional advisers such as lawyers, auditors and accountants, debt collectors, technical support consultants.
If DLS Physiotherapy acquires, merges with or is acquired by another business or company in the future, (or is in meaningful discussions about such a possibility) we may share your personal data with the other business or company, subject to appropriate assurances as to the protection of your data privacy.
Personal information provides by third parties
We may receive information about you from other sources. This information may include, Full name, Date of birth, Contact number, Address. All information shared to DLS Physiotherapy from Third Parties and other sources are referrals that have been pre-approved by a client who has agreed to share this information.
We will register this information for the following purposes:
To ensure the client has an account with us
To book the patient in with an appropriate practitioner
Personal information you provide about third parties
If you give us information about another person, you confirm that the other person has appointed you to act on their behalf and agreed that you:
Should consent on their behalf to the processing of their personal data;
Shall receive any data protection notices on their behalf; and
Shall consent on their behalf to the transfer of their personal data abroad.
Monitoring and recording communications
We may monitor communications such as emails and telephone calls for the following purposes:
Quality assurance, Training, Fraud Prevention and Compliance.
Keeping your information secure
We will use technological and organisation measures to keep your information secure. These measures may include the following examples:
User accounts access is controlled by a unique username and password; all data is stored on a secure server.
We are certified to ISO 27001. This family of standards helps us manage your information and keep it safe and secure.
However, while we will use all reasonable efforts to secure your personal data, in using the site you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data that are transferred from you or to you via the internet. If you have any particular concerns about your information, please contact us using the details below.
What rights do you have?
You have individual rights under the GDPR. You can exercise any of these rights by contacting us using our contact details at the end of this notice or by any other means. Your rights are listed and explained below. You have the right to:
You can request a copy of your information which we hold (this is known as a subject access request). If you would like a copy of some or it, please:
You can require us to correct any mistakes in your information, which we hold free of charge. If you would like to do this, please:
DLS Physiotherapy is a private medical company and do not retain personal data for longer than necessary.
The guidelines that DLS Physiotherapy follow are in accordance with the GDPR that replaces the Data Protection Act 1998, where records form as legal record of treatment and therefore must be retained safely and securely. The legal requirement to retain records for a certain period relates to the legal period for bringing civil claims under Personal Injury Law or Contract law as defined by the Limitation Act 1980 and The Limitation (Norther Ireland) Order 1989.
An individual has three years to bring a personal injury claim (with some exceptions) and six years if they wish to bring the claim under contract law. Therefore, records must be retained at least until the limitation period has expired.
DLS Physiotherapy aim to store health records securely for seven years, give or take limits in a personal injury claim and under contract law.
CCTV is in place at the premise of DLS Physiotherapy to protect staff and the business from suspicious transactions and incidents. Data is deleted after 30 days.
DLS Physiotherapy record telephone conversations for Quality assurance, Training, Fraud Prevention and Compliance. We also have a mute button in place on all of our telephone systems. We use this mute button to ensure we do not record sensitive information (i.e. payment information). You can also request to have your conversation muted. Telephone records are deleted after 3 months.
You can ask us to stop contacting you for direct marketing purposes. If you would like to do this, please:
From time to time, we may also have other methods to unsubscribe from any direct marketing including for example, unsubscribe buttons or web links. If such are offered, please note that there may be some period after selecting to unsubscribe in which marketing may still be received while your request is being processed.
If you have any questions about the policy or the information we hold about you, please contact us by:
(Data protection officer – Danielle Stones) firstname.lastname@example.org (you should contact the data protection officer directly, if you would like to request for a subject access request).