PRIVACY NOTICE FOR GD PHYSIO

HOW WE COLLECT YOUR PERSONAL INFORMATION

You directly provide our company with most of the data we collect, which is the personal data necessary to enable physiotherapy treatment needs to be met.

⸻

HOW WE USE PERSONAL INFORMATION

PURPOSE OF THIS NOTICE

This notice describes how we collect and use personal information about you, in accordance with the General Data Protection Regulation (GDPR), the Data Protection Act 2018, and any other national implementing laws, regulations and secondary legislation, as amended or updated from time to time in the UK (“Data Protection Legislation”).

⸻ 

ABOUT US

GD Physio; Tyllwyd Farm, Tyllwyd Road, Neath, SA10 7DX. For the purpose of the Data Protection Legislation and this notice, we are the “data controller”. This means that we are responsible for deciding how we hold and use personal information about you. We are required under the Data Protection Legislation to notify you of the information contained in this privacy notice.

⸻

THE DATA WE COLLECT

• Name, address, date of birth

• Email address

• Phone numbers

• GP contact details

• Occupation

• Medical history

• Correspondence

• Details of any complaints received

We keep an inventory of personal data we hold on our patients and this is available on request.
 

⸻

INFORMATION WE HOLD ABOUT YOU

We use it to contact you and to be able to provide you with the physiotherapy service and to comply with our legal obligations.

⸻

HOW WE STORE YOUR DATA

Your data is stored securely in a locked filing cabinet. We will ask for your consent to keep the information and to contact you. Medical records will be kept for the statutory time and then destroyed. Data may be shared with third parties and we will ask you for your consent for this.

Electronic data is kept secure by a password-protected hard drive.
 

⸻

USE OF HEIDI HEALTH FOR CLINICAL NOTE-TAKING

At GD Physio, we use Heidi Health, a secure AI-powered clinical documentation tool, to assist in creating clinical notes via voice recordings made during or shortly after patient consultations. This tool is integrated with our practice management system, Cliniko, to help ensure accurate and timely record-keeping.

What This Means for You:

• Your practitioner may use voice recording during sessions to support efficient and accurate note-taking.

• These recordings are securely processed by Heidi Health to generate clinical notes.

• All generated notes are reviewed by your practitioner before being added to your official medical record in Cliniko.

• Voice recordings are not retained long-term once the notes have been created and verified.

Data Privacy and Security:

• Heidi Health adheres to strict data protection standards and is compliant with GDPR and relevant health privacy legislation.

• All information transmitted between systems is encrypted and securely stored.

• Only authorised personnel have access to the information collected and processed through Heidi Health.

If you have concerns or would prefer that this method of documentation is not used during your treatment, please speak to your physiotherapist.

⸻

RETENTION OF YOUR DATA

We will only retain your personal information for as long as is necessary to fulfil the purposes for which it is collected. When assessing what retention period is appropriate for your personal data, we take into consideration:

• The requirements of our business and the services provided;

• Any statutory or legal obligations;

• The purposes for which we originally collected the personal information;

• The lawful grounds on which we based our processing;

• The types of personal information we have collected

⸻

SHARING PERSONAL INFORMATION

We will share your personal information with third parties where we are required by law, with a regulator, with an insurer, where it is necessary to administer the relationship between us, or where we have another legitimate interest in doing so.

⸻

DATA SECURITY

We have put in place commercially reasonable and appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

In addition, we limit access to your personal information to those employees, agents, contractors, and other third parties who have a business need to know. They will only process your personal information on our instructions and are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

⸻

RIGHTS OF ACCESS, CORRECTION, DELETION AND RESTRICTION

Your duties to inform us of changes

It is important that the personal information we hold about you is accurate and current. Should your personal information change, please notify us of any changes that we need to be made aware of.

Your rights in connection with your personal information

You have a right to:

• Access and have copies of your records

• Have inaccuracies deleted

• Have information about you erased

• Object to direct marketing

• Restrict the processing of your information, including automated decision-making

• Take your data to another practice or anywhere else

Patients who wish to have inaccuracies deleted or to have information erased must speak to the physiotherapist who provided or provides their care.
 

You will not have to pay a fee to access your personal information (or to exercise any other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.