The Wembley Physiotherapy Service is committed to protecting your privacy and is fully GDPR compliant.
What category of Data is held in this clinic:
Medical records, which are personal data that you supply, such as name, address, date of birth, email address, contact details of GP, disclosed health conditions, insurance details for claims, test results , imaging results, referral letters etc.
What is the purpose of these data;
To enable the health professional (Physiotherapist N.A.Brill) to deliver optimal, safe and efficient treatment for all patients.
Legal basis for holding and processing these data:
- Legitimate interest under Article 6 (1)(f) of GDPR (processing of data is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
- for the purpose of health care under Article 9(2)1h of GDPR. ( Processing of data is necessary for purposes of preventative or occupational medicine, for assessing working capacity of an employee, for medical diagnosis, provision of health or social care or treatment or management of health or social care systems and services on the basis of Union or Member state law or contract with a health professional.)
- processing may be necessary to protect vital interests of a data subject or another natural person where the data subject is physically or legally incapable of giving consent.(i.e. if a patient faints or has a heart attack during a treatment session).
- If a SAR request is received from a solicitor, insurance company, employer or other third party, the legal base is explicit consent, as per Article 6(1a) and Article 9 (1a) of GDPR.
How long are the data stored for:
The data from each treatment episode are stored for the life time of the Practitioner, under Article 6 of GDPR , as processing is necessary for the establishment, exercise or defence of a legal claim or where courts are acting in their judicial capacity. All data are stored securely.
Data from patients,who, subsequent to having made an appointment, then do not attend, will be held for 3 days to allow for a rebooking of the appointment. If no further contact is made, they will then be deleted.
Are the data shared with any one
Organisations or persons involved directly in your health care and who have a legitimate relationship with you may at times need access, such as your GP, your health insurance claims department etc. This is done only if you give written permission for this. We never sell your information for any purpose.
No direct or indirect marketing activities, which require personal data, are carried out in this Practice.
Automated decision making:
No such process exists in this Practice.
Privacy Notice statement
Links to other websites
We accept no responsibility for the legal obligations of other websites you may visit following links on our website. Please consult their own policies for these purposes.