Our website address is: http://www.AmandaMarshPhysiotherapy.co.uk.
To enable us to monitor and improve the website, we may gather certain information about you when you use it, including details of your operating system, browser version, domain name and IP address, and the details of the website you came from.
When using AmandaMarshPhysiotherapy.co.uk website you consent to the collection and use of this information. If you do not wish to have this information collected please change your computer’s security settings to block cookies. However, blocking cookies may restrict access to the website.
Why do we collect personal information about you?
Amanda Marsh Physiotherapy collects personal information about you to inform you about, and provide you with services, to deal with any enquiries you may have about them and to improve and develop these and the site for the future.
Amanda Marsh Physiotherapy collects the following types of personal information about you:
~ Identity data – Forename and surname, Company name (if relevant), gender, marital and family status (if you make this known to us in our dealings), birth date, medical information.
~ Contact data – E-mail address, Telephone number, Address, Delivery name and address
~ Transaction data – Details of the Amanda Marsh Physiotherapy products or service you have purchased from us and information about whether or not payment has been made
~ Profile data such as purchases made or services booked by you, your interests and preferences and any feedback and survey responses
~ Marketing and communications data such as your preferences in receiving marketing from us and your communication preferences
Depending on your settings or the privacy policies for other online services, you may give us permission to obtain information from your account with those other services. For example, if you are using the site on your mobile, you may choose to provide us with location data. The information we obtain from those services does depend on your settings for that service or their privacy policies. So you should always regularly check what those are.
How do we receive personal information about you?
Amanda Marsh Physiotherapy receives this personal information about you when you contact us directly or via email or telephone or visit the Amanda Marsh Physiotherapy website to request to purchase a product or service, to make a general enquiry, to book an appointment, to provide us with feedback or to request marketing information.
How do we use Personal Information about you?
We will only use your personal data when the law allows us to – where we need to perform a contract with you, where necessary for our legitimate interests where those do not override your interests and rights, for legal compliance and where none of those apply, with your consent.
Amanda Marsh Physiotherapy uses personal information about you:
~ to identify who you are when you contact us
~ to provide you with the Amanda Marsh Physiotherapy products or services you have requested (and note we may not be able to perform a contract to provide products or services if you fail to provide certain of the information requested)
~ to ensure payment for Amanda Marsh Physiotherapy products or services purchased and to prevent or detect fraud
~ to understand what Amanda Marsh Physiotherapy products or services you may be interested in
~ to contact you regarding your Amanda Marsh Physiotherapy products or services to provide you with e-receipts, to answer your general enquiries or to administer warranty claims or product safety related communications
~ to contact you regarding your Amanda Marsh Physiotherapy services to update you regarding your bookings
~ to improve Amanda Marsh Physiotherapy products or services and to carry out customer surveys
~ to resolve complaints or issues you may have with a Amanda Marsh Physiotherapy product or service
~ to send you marketing information about Amanda Marsh Physiotherapy products or services or general Amanda Marsh Physiotherapy news that you may be interested in, if you have opted into receiving this service
~ to invite you to Amanda Marsh Physiotherapy events you may be interested in
~ to improve our customer relationship with you
How will we contact you?
Amanda Marsh Physiotherapy may contact you by post, telephone, email and/or text message, unless you have told us not to.
When you fill out any of our paperwork, we store your information on our password protected record system. When paperwork has been entered onto this system, it is then shredded. We collect this information to ensure we are carrying out safe, risk-assessed treatment. We may also use this information when contacting your General Practitioner, Consultant, Surgeon or other medical practitioner. We will always ask your permission before doing this.
Every so often, we may use your email address to send you offers or newsletters. These will always be relevant to our healthcare services and we only send information we believe to be beneficial to you. You will always have the option to unsubscribe from these emails.
We use a hosted system called TM3 to book appointments and store patients’ records.
TM3 have a dedicated infosec team to ensure all data of clients is protected to the highest possible level. All data is stored in ISO27001 accredited, highly secure and monitored datacentres. Our data is hosted in the UK.
TM3 acts as our data processor, i.e. they store data only and have no decision making in changing or editing your data – Amanda Marsh Physiotherapy is the data controller.
As with form-based information, any medical notes completed by a practitioner after any appointment will be entered on to our password protected record system. No one will have access to these notes apart from a member of staff at Amanda Marsh Physiotherapy, and any medical persons given permission by you to access them.
This includes the reception team, your personal practitioner and all other practitioners. They cannot be accessed by anybody else. Paperwork awaiting entry onto our system is locked away securely until shredded. All computers and phones are locked away when the clinic is closed.
Please note that we may, in some cases, need to disclose details provided by you to police/other enforcement agencies to assist with investigations when required to do so, by law.
We take every precaution to ensure that your personal information is safe and secure, and only used for its intended purpose as described in this policy.
Initially medical records will be retained for eight years from the last treatment date for adults and up to the age of 25 years old for children (under 18) in order to meet professional healthcare record management guidance as set out by the Chartered Society of Physiotherapy. However we will keep medical records indefinitely unless you ask us to destroy them, in which case, they will be destroyed immediately. Please contact us in writing/email to do so.
All data is held within the UK. AMP does not store personal data outside the EEA.
Your rights under GDPR
If you have any questions about the protection of your data, please e-mail us at firstname.lastname@example.org
We will make every effort to respond to any query in a satisfactory way.
MARKETING & NEWS
Our ‘sign-up forms’, both electronic and physical, are designed to ensure the user understands that they are signing up to communications which will include news from Amanda Marsh Physiotherapy, and marketing campaigns. By signing up to the Amanda Marsh Physiotherapy Database, individuals are agreeing that we have a lawful basis for collecting and processing personal data. Unless otherwise instructed we will hold this information for ten years, at which point you may be contacted to reconfirm your subscription.
By the definitions of GDPR Amanda Marsh Physiotherapy is the ‘controller’ of your data, the organisation MailChimp is the ‘processor’ of your data. Subscribers personal details will be transferred to MailChimp, the applicable activities performed by MailChimp are: data collection through electronic sign up forms, storage of personal data in distribution lists and the transfer of personal data to certain of MailChimp’s sub-processors, who perform critical support for their services. Mailchimp’s servers and offices are located in the United States, so your information may be transferred to, stored, or processed in the United States. The legal ground for transferring personal data set out in the GDPR allows for an ‘adequacy decision’ – a decision by the European Commission that an adequate level of protection exists for personal data in the country, territory or organisation to which it is being transferred. A ‘Privacy Shield’ framework is one such example. MailChimp participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S Privacy Shield Framework. They are committed to subjecting all Personal Information received from European Union (EU) member countries and Switzerland, respectively, in reliance on each Privacy Shield Framework, to the Framework’s applicable Principles.
GDPR also stipulates an individual’s ‘right to be forgotten’. To this end if you do not wish to receive any further emails from us please use the “unsubscribe” link found in all email communications. Alternatively send your unsubscribe request to info@AmandaMarshPhysiotherapy.co.uk. Please allow a few days for the request to process.
For the avoidance of doubt, Amanda Marsh Physiotherapy will not pass data to any third parties except to enable you to receive information you have requested to be sent to you by post or email.
Our site may link to other websites and we are not responsible for their data policies or procedures or their content.
If you are concerned about how your data is stored please contact us by email for further information; if you are not satisfied with our response you have the right to complain to the Information Commissioners Office (ICO)
ICO Wycliffe House, Water Lane, Wilmslow, SK9 5AF Telephone +44 (0) 303 123 1113 or email
May 2018 (reviewed June 2020 & August 2021)