This policy covers the collection, processing and other use of personal data under the Data Protection Act (DPA) 2018 (GDPR compliance) that came into effect on 25th May 2018. By using our website and services you consent to this policy.
MP Physiotherapy is a trading name of MP Physiotherapy Limited.
Registered in England. Company No: 9558294
Registered Office: MP Physiotherapy, Sadhana Yoga, 91 Saint John’s Hill Clapham Junction, London, SW11 1SY
We take your privacy seriously. We are the data controller for your personal data, and any enquiry regarding the collection or processing of your data should be addressed to Michael Pan via one of the following:
By post: MP Physiotherapy, Sadhana Yoga, 91 Saint John’s Hill Clapham Junction, London, SW11 1SY
By email: email@example.com
By telephone: 077 9494 7985
Information collected by www.mpphysiotherapy.com, Findoc booking platform, over the phone or via email
When you contact us by one of the above methods, we will collect personal data about you, e.g.: title, name, surname, mobile number, email address, and your private health insurance details (if applicable). We will collect this information only if it is directly provided to us by you, and therefore with your consent. We will only collect the personal data you choose to provide to us.
We use analytical tools that monitor details of visits to our website such as website traffic, location data and other communication data.
When using the online booking form, you are sharing your information with us, but also with Findoc (www.findoc.co.uk) and you are subject to their privacy statement.
Information collected at the clinic prior to treatment
Privacy for healthcare treatment is assured under the common law Duty of Confidence. We collect your personal and health data. Processing of this personal data is necessary for the purposes of medical diagnosis and healthcare. As we provide direct healthcare, your consent is implicit for us to share information with others involved in your treatment.
The lawful basis for processing your personal data is of a vital interest necessary to protect life.
The lawful basis for processing your personal data is your consent.
As stated in Article 9 of the GDPR, processing is necessary to protect the vital interests of the data subject or of another natural person, where one is physically or legally incapable of giving consent. We therefore collect either:
We keep your information secure in accordance with the DPA 2018 (GDPR compliance) and use it to respond to your enquiry. When attending your appointment you will have the option to give consent.
You are asked to provide us with informed consent for treatment, and once given we only provide treatment within the scope of that consent. As the treatment changes, we would again ask you for your informed consent.
External health professionals/ NHS
Information such as your name, surname, address, date of birth, mobile number and relevant musculoskeletal or general health information, is shared with other medical professionals with whom you may be seeking further treatment or are being referred to. This information is shared via post or encrypted email sent to a dedicated secretary/ referral source appointed by the individual health professional that receives your referral.
Your healthcare records will be shared with solicitors to handle medico-legal cases, if requested by yourself. Information is shared only upon recipient of signed and dated ‘MP Physiotherapy Subject Release of Medical Records Request’ form. Data is shared via a recorded/signed for postal service for security purposes.
Upon completion of a provisionally-authorised course of treatments, we may share your data via encrypted email with your insurance provider in order to obtain further treatment authorisation.
Online billing and secure messaging services
We use the following services:
Information is shared with the above for billing purposes. Files are transferred and encrypted using a password-protected account.
Key Performance Indicators (KPIs)
If requested by Bupa, specific information that is obtained by processing existing service-user data may be shared with the Bupa insurance scheme. Information is shared to provide Bupa with statistical and performance data.
Statutory duty to disclose information
Upon justification to disclose confidential information by a local authority (for example, the Police, the Care Quality Commission, the Home Office), we have a statutory duty to disclose the required information. Acts of Parliament which require production of confidential information are: Prevention of Terrorism Act, Road Traffic Act, Public Health Act, Police and Criminal Evidence Act 1984, and Misuse of Drugs Act 1971.
We can move, copy or transfer your personal data from one IT environment to another in a safe and secure way, without compromising the data in any way.
Communication over the internet i.e.: email is not always secure. We do our best and have measures in place to safeguard your personal information, but we cannot always guarantee the security of your data when electronically submitted or transmitted to us. This is at your own risk. We can assure you that when we do receive your information, we have measures in place to keep it safe and secure.
If a data breach is reported by a third party, an individual, or is discovered by our administration staff or clinicians, we will investigate and take the appropriate measures to resolve the issue immediately.
Our website makes use of a third party link, Findoc, for the online appointment bookings. Any link you make to or from the third-party website will be at your own risk as we do not have control over it. We do not accept any responsibility for the content on the third-party website. Any use of the third-party website will be subject to and any information you provide will be governed by the terms of the third-party website, including those relating to confidentiality, data privacy and security.
A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
In accordance with the DPA 2018 (GDPR compliance), please see your rights below.
Please note in order to comply with your request(s), we require a written request to our Data Controller Michael Pan (see our ‘Who we are’ clause), and proof of identity (see ‘Proof of Identity’ below). We will respond to you within 30 days of receipt of your request (unless there are exceptional circumstances, in which case we will inform you if a longer period is required).
The right to request a copy of your information
Email or write to our Data Controller Michael Pan with details of the information you would like a copy of. We may charge a fee of £10 for this service depending on the amount of information requested. Verbal requests can be accepted where the individual is unable to request in writing.
The right to correct any mistakes in your information
Let us know what information about you is incorrect, and what you would like changed.
The right to ask us to stop contacting you with direct marketing
Tell us what method or of contact you are not happy with, and how you would like it changed.
The right to have your personal data erased (‘the right to be forgotten’)
Let us know why you would like your details erased and why you are withdrawing your consent for our services.
Please note, as we are healthcare providers, to comply with common law and other healthcare regulations, we may not be able to erase all of your data as requested from our records.
The right to restrict the processing of your data
Let us know what personal information you would like us to restrict the processing of.
The right to object to us processing your data
Can be requested at the point of first communication or at any other time. Let us know what personal data you object to us processing.
Proof of identity
To help us establish your identity, you must provide two pieces of identification: One that clearly shows your name and date of birth, and a second that shows your current address.
We may request additional information from you to help us confirm your identity and your right to access, and to provide you with the personal data we hold about you. We reserve the right to refuse to act on your request if we are unable to identify you.
We may deny or limit the scope of information we provide to you if:
Although we do not have the obligation to inform you why we had denied to provide you with your personal information, we will document this for our records.
If you wish to raise a complaint on how we have handled your data, you can contact us you can contact us to the above provided information (see clause ‘Who we are’) addressed to Michael Pan, who is responsible for data protection compliance. We will respond to your request within 30 days. The Clinic Manager will investigate the problem, and will arrange a formal meeting with you to try to resolve the complaint.
If the problem remains unresolved and you are unhappy with how we have dealt with your request, and believe we are not processing your personal data in accordance with the law (DPA and the GDPR), you have the right to make a complaint to the You can also seek other legal independent advice.
Last updated: 31.03.2019
Sadhana Yoga & Wellbeing
91 St John’s Hill
London SW11 1SY
Mon - Sat 8.00 - 18.00