This privacy notice sets out how Johnson Physio processes personal information about you.
Reason for Processing Information
The reason for collecting personal information about you is to provide a healthcare service to you and to manage our accounts.
Types of Information Processed
We process information relevant to the above reason. This information may include:
- Personal details
- Family details
- Lifestyle and social circumstances
- Goods and services
- Financial details
- Employment and education details
We also process sensitive classes of information that may include:
- Physical or mental health details
- Sexual life
Who the Information is Processed About
We process personal information about our:
- Patients
- Customers and clients
- Suppliers
- Business contacts
- Professional advisors
Who the Information May be Shared With
We will not sell your personal information.
We sometimes need to share the personal information we process with the individual themself and also with other organisations. Where this is necessary we are required to comply with all aspects of the Data Protection Act (DPA).
What follows is a description of the types of organisations we may need to share some of the personal information we process with for one or more reasons.
Where necessary or required we share information with:
- Healthcare professionals
- Social and welfare organisations
- Central government
- Business associates
- Family, associates and representatives of the person whose personal data we are processing
- Suppliers and service providers
- Financial organisations
- Current, past and prospective employers
- Employment agencies and examining bodies
How Long Data Will be Stored for
Healthcare notes are required to be stored for specified lengths of time depending on who they relate to:
- Adult: 8 years after conclusion of treatment or death
- Children and young people: 25th birthday or 26th if young person was 17 at conclusion of treatment, or 8 years after death
- Maternity: 25 years after the birth of the last child
Rights of Subject
You have the right to ask us for copies of the personal information that we hold about you. This request is known as a, ‘subject access request,’ and can be made verbally or in writing. We then have one month to respond to your request.
Security
We are committed to ensuring that your information is secure. We have suitable physical, electronic and procedural policies in place to prevent unauthorised access or disclosure. Johnson Physio complies with the Data Protection Act (1998) and General Data Protection Regulation (GDPR).