Data Protection Statement – Privacy & Cookie Policy

Your information and GDPR
West Limerick Physiotherapy collects personal details and information relating to our patients’ health. Medical information is classed as sensitive data and termed as special category data under the General Protection Data Regulations (GDPR), effective 25th May 2018.

This document advises you of our policies and procedures for dealing with your personal and medical information in our clinic.

Why do we collect your Information?
The processing of personal and medical data is necessary so that we can deliver the best quality of physiotherapy care to you, the patient:

  • Your date of birth is used as a unique identifier for your records.
  • Your postal address allows us to post invoices, receipts and statements, or other requested information to you.
  • Your email address allows us to send you confirmation of bookings, appointment reminders, invoices, receipts, statements, personalised exercise programmes or other requested information to you. You may also receive an e-surveys following completion of your treatments, and/or and e-newsletters, but only if you have subscribed to these.
  • Your telephone number allows us to send text reminders of appointments and communicate with you outside of appointment times. You may also receive SMS/text news updates should you subscribe to same.
  • Having next of kin contact details informs us of who to contact in the event of an emergency.
  • We ask you for information regarding your current and past health so that a detailed and accurate physiotherapy assessment may take place and an appropriate physiotherapy plan put into action.
  • We ask you for your occupation, as some occupational factors can contribute to musculoskeletal problems.
  • We ask you to outline your hobbies, as some physical factors can contribute to musculoskeletal problems.

Who has access to your information?
All staff members at West Limerick Physiotherapy have access to client records. All staff members at West Limerick Physiotherapy are bound by GDPR legislation, the Irish Chartered Society of Physiotherapy (ICSP) code of conduct, and the standards of conduct, performance and ethics of CORU (Regulating Health & Social Care Professionals).

Your information will not be shared with any personnel outside West Limerick Physiotherapy unless you have given consent, except when:

  • Requested by law.
  • In your best interests and in n event that you are unable to give consent.
  • In the public interest to prevent serious harm to others.

How is your information stored and protected?
West Limerick Physiotherapy has implemented appropriate operational and technical measures to safeguard your personal information:

  • We use a patient management system called TM3 to record all patients’ personal and medical information. TM3 (Blue Zinc) is GDPR-compliant and has robust access and security measures to protect against unauthorised access, alteration, interception, disclosure, loss or destruction of any personal information.
  • We use GDPR-compliant email and software packages, and our computers are fully up to date with password, firewall and antivirus protection so as to protect against unauthorised access, alteration, interception, disclosure, loss or destruction of any personal information.
  • We employ the services of a website developer, IT support provider and SEO consultant to help us operate and safeguard our website and IT systems. These providers are bound by the terms of General Data Protection Regulations (GDPR) legislation.
  • Old paper records (relating to patients who attended prior to the introduction of our electronic system) are stored in a staff-access-only room which is locked when not attended. All paper notes are destroyed when they are over 7 years old. The only exception to this rule is patients who attended when they were under the age of 18 years old. These paper notes will be kept for 25 years.
  • All staff are trained on how to safeguard our patients’ personal information.
  • In the unlikely event of a data breach, you will be notified immediately as will the Data Protection Commissioner.

Managing Your Information
West Limerick Physiotherapy is committed to maintaining the accuracy and relevance of your personal data. To this effect:

  • We will only ask for and keep information that is necessary.
  • We will endeavour to keep your information as accurate and up to-date as possible.
  • We request that you keep us informed of any changes to your contact details.
  • Please inform us of any relevant changes to your health which may impact upon your physiotherapy care (e.g. medical diagnosis, treatments, investigations etc).

Use of information for training, teaching and quality assurance
It is usual for physiotherapists to discuss patient case histories as part of their continuing clinical education or for the purpose of training physiotherapists or physiotherapy students. In these situations, the identity of the patient concerned will not be revealed.

In other situations, however, it may be beneficial for other physiotherapists within the practice to be aware of patients with particular conditions and in such cases this practice would only communicate the information necessary to provide the highest level of care to the patient.

Direct marketing
Occasionally we send out information via email to our client database regarding clinic news, events or other important information. You will only receive an e-newsletter from us if you have consented to receive same. You can easily opt out of direct marketing communications by clicking the unsubscribe email at the bottom of the correspondence, or by contacting the practice directly.

CCTV recording
24-hour CCTV is in operation in the reception area and the car park of our premises. Images are only recorded for the purposes of crime prevention and public safety. Recordings are stored for 5 days. Per GDPR legislation, any person whose image is recorded on a CCTV system has a right to seek and be supplied with a copy of their own personal data from the footage.

Your right of access to your health information
You have the right of access to all the personal information held about you by West Limerick physiotherapy. If you wish to see your records, in most cases the quickest way is to discuss this with your physiotherapist who will review the information in the record with you. You can make a formal written access request to the practice and receive a copy of your medical records. These will be provided to you within 30 days, without cost.

Your right to amend the information held
Under GDPR legislation, all individuals have the right to have incorrect information that is held about them amended. If this was to arise within the notes held by West limerick physiotherapy, the patient record would be “restricted” i.e. not used until the issue is resolved. However, if West limerick physiotherapy deems the information to be accurate then no amendment will be made.

Your right to restrict the information held
You have the right to have the information we hold restricted;

  • If you contest the accuracy,
  • You need the information to establish, defend or exercise a legal claim,
  • Or you object to the information held.

In this instance, all treatment will be stopped until the issue is resolved. You also have the right to object to West limerick physiotherapy holding your personal information on grounds relating to your particular situation and, as with restriction, all treatments will stop, and the notes will become restricted until the issue is resolved.

Data retention period
We hold onto a patient’s personal information and medical records for a period of 7 years after their last treatment, or at the date of death. In the case of minors, we hold personal data until the age of 18, and then for 25 years thereafter.

In the event that you do not consent to this policy
We require consent from the patient for us to collect and store their personal and medical data, in accordance with this Data Protection Policy. In the event that you do not wish to consent to this policy, we regret that we will be unable to provide you with physiotherapy services.

Site visitation tracking
This site uses Google Analytics to track user interaction. We use this data to determine the number of people using our site, to better understand how they find and use our web pages and to see their journey through the website.

Although Google Analytics records data such as your geographical location, device, internet browser and operating system, none of this information personally identifies you to us. Google Analytics also records your computer’s IP address which could be used to personally identify you but Google does not grant us access to this. All Round Yoga considers Google to be a third party data processor and their privacy policy can be viewed here. Google is based in the USA and is EU-U.S Privacy Shield compliant.

Google Analytics makes use of cookies, details of which can be found on Google’s developer guides.

Disabling cookies on your internet browser will stop Google Analytics from tracking any part of your visit to pages within this website.

Cookies used by Google Analytics include: utma / utmb / utmc / utmt / utmz / ga / gat / gid

Contact forms and email links
Should you choose to contact us using the contact forms on the All Round Yoga Website, none of the data that you supply will be stored by this website or passed to third parties. Instead, the data will be collated into an email and sent to us over the Simple Mail Transfer Protocol (SMTP).

WordPress
This site uses WordPress as the content management system to run the site. WordPress sets cookies which are known as “Functional Cookies”, meaning they are essential to the running of the site but do not collect any personal information. Cookies used by WordPress include;

  • wordpress_logged_in* Checks whether or not the current visitor is a logged-in WordPress.com user.
  • wp-settings-{user_id} Persists a user’s wp-admin configuration.
  • wp_sharing_{id} Tracks whether or not a user has already performed an action.

Types of Cookies

  • Strictly Necessary: These cookies are essential for websites on our services to perform their basic functions.
  • Functionality: These cookies are used to allow the general function of the website and end-user experience.
  • Security: We use these cookies to help identify and prevent potential security risks.
  • Analytics and Performance: Performance cookies collect information on how users interact with our websites, including what pages are visited most, as well as other analytical data. We use these details to improve how our websites function and to understand how users interact with them.
  • Third-Party / Embedded Content: We make use of different third-party applications and services to enhance the experience of website visitors. These include social media platforms such as Facebook and Twitter (through the use of sharing buttons), or embedded content from Youtube and Vimeo. As a result, cookies may be set by these third parties and used by them to track your online activity. We have no direct control over the information that is collected by these cookies.

Embedded content from other websites
Articles on this site may include embedded content (such as YouTube videos). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

This Websites Server
This website is hosted by Siteground within a UK data centre located in Chessington, South West London, and is run by Digital Realty.

All traffic (transferral of files) between this website and your browser is encrypted and delivered over HTTPS.

Data Breaches
In the unlikely event of a data breach, we will report any unlawful data breach of this website’s database or the database(s) of any of our third-party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.

Designated Information Officer
Contact: Fiona Noonan-Taylor
Telephone: 069 77700