For the purpose of DPA & GDPR PhysioPilates Carlisle is the data controller. Any enquiries regarding the data we hold or process should be addressed to our Data Protection Officer: Rachel Mills at PhysioPilates Carlisle, Church Street, Carlisle, CA2 5TJ or at firstname.lastname@example.org
By using our services, our websites, or if you disclose personal information about yourself verbally, or in writing you consent to this policy.
PhysioPilates Carlisle, runs PhysioPilates (PhysioPilates is defined as Physiotherapist- led Pilates) and Nordic Walking Classes and offers Physiotherapy, Accupuncture and one to one Pilates and Nordic Walking Sessions. We also offer online PhysioPilates classes under the trading name of ‘MyPhysioPilates’.
We recognise our responsibilities as a provider of services which involve the processing of personal information and we take great care to protect the personal information that we process, through the implementation of several data protection policies and regular checks.
Information we collect and what we do with it
We collect personal information from you to provide clinical services, including physiotherapy, PhysioPilates and Nordic Walking. This will include: name and contact information, as well as health information which is required to perform our services efferently, effectively and safely. This personal information may include: name, date of birth, address, email address, contact number, detail of your condition that you are seeking treatment for or conditions that may impact on your ability to exercise, medical history and other information required to provide you with a high level of service and care. This may be collected in a number of ways, depending upon the situation:
Over the telephone e.g. to confirm details of their personal information/ treatment status appointment or class time and date etc
By email e.g. in response to an enquiry by a patient
By Facebook message e.g. in response to an enquiry by a patient
By text message e.g. in response to an enquiry by a patient
Through the website e.g. when an individual completes the ‘contact us’ page with an enquiry
During initial therapy assessment or subsequent therapy session either through you completing a medical history or other written information or from verbal information given during the session
During initial therapy assessment or subsequent therapy session we will record physical (objective) findings, treatment offered and your response to treatment.
On receipt of enrolment forms which each you have completed prior to joining a Pilates or Nordic Walking Class
We collect personal information from you to appropriately handle your enquiries. This will include details such as name, phone number and email address, but also may include health information to determine if our services would be appropriate for you. This may be collected in a number of ways, depending upon the situation:
Over the telephone in response to an enquiry by you
By email e.g. in response to an enquiry by you
By Facebook message e.g. in response to an enquiry by you
By text message e.g. in response to an enquiry by you
Through the website e.g. when you complete the ‘contact us’ page with an enquiry
We will collect details such as name and email address if you provide us with such details to sign up for our free newsletter
We will collect details such as name and email address if you provide us with such details to sign up for our online services such as MyPhysioPilates
If you are applying for a position with us we will collect recruitment information such as your education, qualifications, identification documents and right to work confirmations
Your financial information (e.g. bank detail given to pay by direct debit; or credit or debit card details), provided when you pay by direct debit or credit or debit card, are NOT received or stored by us. This information is processed privately and securely by third-party payment processors (including ‘GoCardless’, ‘Stripe’ & ‘Elavon’ ) that we use. PhysioPilates Carlisle do not have access to this information at any time. Payment processors are prohibited from using your personal data for any other purpose than for these necessary payment services to us, and they are required to maintain the confidentiality of your personal data and payment information.
It is PhysioPilates Carlisle’s policy never to record credit card information.
Use of your information
We hold and process personal data that you provide to us in accordance with the DPA and GDPR
The information that we collect and store relating to you is primarily used to enable us to provide our services to you, and to meet our contractual commitments to you. In addition, we may use the information for the following purposed:
To send out a monthly newsletter which includes information of our next block of classes and other services we provide.
To let you know by email and text, and where you have specifically requested it, by phone about upcoming blocks of classes, course, workshops that we feel you may be interested in.
To notify you about changes to our services or websites, for example improvements or changes that may affect our service.
To send you information about products that we may feel you would be interested in – for example emailing you a links to show you where you can purchase the equipment (e.g. spiky balls) we have used in class.
Disclosure of your information
We may disclose your information to regulatory bodies where we are required to do so by law.
When you have consented for us to do so, we may provide your information to third parties, for example writing a discharge letter to your GP, or providing details of treatment to your medical insurance company.
Controlling your data
If you have given us permission to use your data for certain purposes, such as marketing, you can alter or remove that consent at any time. If you do want to remove consent, you can write to us C/O Rachel Mills at PhysioPilates Carlisle, Church Street, Carlisle, CA2 5TJ or email us at email@example.com
Where we store and transfer your data
The confidentiality and security of your information is of the utmost importance to us. We take the greatest of care when handling your personal data and ensure that we have the appropriate security measures in place to prevent unauthorised access, accidental damage, destruction or loss.
We use electronic safeguards such file encryption, password protection and firewalls. We restrict the physical access controls to our building and records to keep information safe. We have robust data protection policies which those who work in our team are trained in and expected to follow.
Personal data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (EEA). It may be processed outside the EEA by one of our service providers. When we transfer your personal data, we will ensure that there are adequate protections in place, in line with UK Data Protection Laws.
Credit card payment transactions will be processed securely by our third-party payment processors.
We will only disclose, process or share your personal information if we are required to do so by law, or in the good faith belief that such action is necessary to meet with legal requirements or legal process served on us.
The transmission of data via email or the internet is not completely secure. Although we will endeavour to protect your personal information we cannot guarantee the security of your data while you are emailing it to us, are transmitting it to our site, or in the period between us receiving your data and us processing the data and encrypting it; any such transmission is at your own risk. Once we have received your personal data we will follow a strict security procedure and encrypt all electronic data to try to prevent unauthorised access.
Where we have given you (or where you have chosen) a password so that you can access certain parts of our site, you are responsible for keeping this password confidential. You should choose a password it is not easy for someone to guess.
Third party links
There are links to third party websites on our websites. These websites should have their own privacy policies, which you should check. We do not accept any responsibility or liability for their website or their policies whatsoever as we have no control over them.
Cookies are files that are downloaded on your computer and stored on your hard drive. They gather statistical data about your computer how you use our website, and your general internet use. They do not gather any personal identifying detail.
Your website browser can be set up to decline cookies by altering its settings. However, you may find that this impacts on your user experience when navigating our website and the website of others. For more information visit www.aboutcookies.org or www.allaboutcookies.org
The DPA and GDPR give you the right to access information held about you by us. If you wish to request confirmation of what personal information we hold relating to you please write to us or contact us by email. You can write to us or email us at the address/email address detailed in clause 1.4 above. There is no charge for requesting that we provide you with details of the personal data that we hold. We will provide this information within one month of your requesting the data.
Changes to this policy
We will review this policy from time to time and update it as appropriate to reflect changes in our service, procedures, client feedback and changes in the law. Please review this policy regularly to be keep up to date in how we are protecting your personal data.