Privacy policy
Key points:
​
-
Why do we use your personal data? We typically use your personal information for purposes related to your health and to provide you with health care services.
-
We use your sensitive information: In performing our obligations, Denton Physio Technology may use information about your health, racial and ethnic origin, and sexual orientation.
-
Sharing information: We may share your information with third parties, including third-party service providers and other entities in the group and regulators if legally required.
-
Security: We respect the security of your personal information and treat it in accordance with the law.
-
International transfer: We may transfer your personal information outside the EU and, if we do, you can expect a similar degree of protection in respect of your personal information.
​
​
What is the purpose of this privacy notice?
​
-
As a health care service provider in the UK, Denton Physio Technology is subject to legal obligations when processing your personal information, which are contained in the Data Protection Act 2018, the General Data Protection Regulation 2016/679, and any local or European laws on data protection, as amended from time to time (“Data Protection Laws”).
-
The purpose of this privacy notice is to explain why we collect your personal information, how we intend to use that information, whether we will share your information with anyone else, as well as your right with regard to the information that Denton Physio Technology holds about you.
-
It is important that you read this statement so that you know how and why we use your personal information. It is also important that you inform Denton Physio Technology of any changes to your personal information during the provision of health care services to you by Denton Physio Technology, to ensure that the information which we hold about you is accurate and current.
-
This statement applies to all current and former patients of Denton Physio Technology.
-
We keep our privacy notice under regular review. Any changes we may make to our privacy policy will be posted on this page.
​
​
Who are we?
​
-
We are Denton RPA Limited, Denton RPA Limited is a company registered in England and Wales with Company Number 11735023 with the registered address 10 Heath Drive, Sutton, United Kingdom, SM2 5RP.
-
VAT No.320 3873 27
​
Our Data Protection Officer
​
-
Our Data Protection Officer is responsible for auditing our compliance with Data Protection Legislation.
-
If you have any concerns or questions about our use of your personal information, you can contact our Data Protection Officer by writing at hello@dentonrpa.com or alternatively by writing at the following address:
Data Protection Officer
Denton RPA Limited
10 Heath Drive, Sutton
United Kingdom
SM2 5RP
​
​
Who has access to my personal information?
​
The following Denton Physio Technology legal entities and health care providers may process your personal information if necessary, for a specified legal purpose and subject to the necessary safeguards being in place:
​
-
Denton Physio Technology;
-
Kineto Tech Rehab SRL, with the registered address Constantin Balacecsu Nr. 15, Sector 1, 010917, Bucharest, Romania and registered trade under number J40/9490/2015 and RO34842046.
-
The National Health Services (“NHS”);
-
Clinical Commissioning Groups (“CCGs”) are clinically-led statutory NHS bodies responsible for the planning and commissioning of health care services for their local area.
​
​
What type of information do we hold about you?
​
The personal information we may hold about you may include the following:
​
-
Name;
-
DOB:
-
Contact details, such as postal address, email address and telephone number;
-
Financial information, such as debut and credit card details used to pay us;
-
Occupation;
-
Background referral details.
We may also process the following more sensitive category of personal data:
​
-
Details of your current or former physical or mental health. This may include information about any healthcare you have received (both from Denton Physio Technology directly and other healthcare providers such as GPs, dentists or hospitals (private and/or NHS)) or need, including about clinic and hospital visits and medicines administered;
-
Details of services you have received from us;
-
Details of your nationality, race and/or ethnicity;
-
Details of your religion;
-
Details of any genetic data or biometric data relating to you;
-
Data concerning your sex life and/or sexual orientation.
​
​
How we collect your personal information
​
We may collect your personal information including sensitive personal information in a number of different ways, including:
​
Directly from you
​
-
When you complete an enquiry form on the Denton Physio Technology website;
-
When you submit a query to us either through our website, by email or by social media;
-
When you correspond with us by letter, email, telephone or social media, including where you reference Denton Physio Technology in a public social media post;
-
When you use our healthcare services and agree to treatment.
​
Other healthcare providers
​
We may collect medical records from the persons and bodies below for the purpose of your direct care. These records may include diagnosis, treatment, hospital visits and medication administered information.
-
Your general practitioner;
-
Your dentist;
-
Other hospitals or treatment facilities you may have been treated at, both NHS and Private;
-
Consultants working for Denton Physio Technology or third parties, or their medical secretaries;
-
Commissioners of healthcare services and regulators.
​
Other third parties
​
-
Family members or next of kin, with your consent;
-
Credit reference agencies;
-
Debt collection agencies;
-
Your private medical insurance policy provider;
-
NHS health service providers;
-
CCGs;
-
Government agencies and regulatory bodies including but not limited to HM Revenue and Customs (“HMRC”), Ministry of defence, and The Home Office.
​
The purpose for which we process your personal information
​
We may 'process' your personal information for a number of different purposes and each time we use your information we must have a legal justification to do so.
​
Denton Physio Technology may process your personal information only if it can rely on one of the grounds listed in column a.
​
In order to process your “sensitive” personal information, as detailed above, Denton Physio Technology may only do so if it can rely on one of the grounds listed in ‘column a’, and one of the additional grounds to process your sensitive personal information listed in ‘column b’.
​
We have set out the legal grounds for the various reasons we may process your information in the table below:
Why we need to process your personal information
​
Please note that failure to provide us with your personal information (including your sensitive information) may mean that we are unable to set you up as a patient, provide you with the required treatment or facilitate the provision of your healthcare.
​
​
How we communicate with you
​
In order to provide you with accurate and timely information about your appointments and treatment with us, we will need to contact you, and ensuring we use the best method of communication is vital.
If you have provided a mobile telephone number, you will receive a SMS reminder regarding your upcoming appointments. You are able to ‘opt out’ of this service by following the instructions on your message.
All other communication channels will be available, and you will be asked to provide your preferences, most likely during your first attendance or via our online registration tool.
In accordance with the preferences, you have communicated to us, we may need to contact you to:
​
-
ensure that we provide you with updates and/or reminders regarding your appointment
-
provide you with your medical information (including test results and other clinical updates) and/or invoicing information;
-
respond to email enquiries;
-
respond to telephone enquiries;
​
How long do we keep your personal information and where it is stored?
Our retention policy is in line with the Records Management Code of Practice for Health and Social Care 2016, and applicable laws as amended from time to time.
All non-medical records we hold about you will be kept in compliance with applicable legal obligations.
The information we collect and hold about you is held securely within the United Kingdom & United States and stored in either paper format or held on our secure servers.
Records that have completed the specified retention period will be destroyed in line with the British Standard Code of Practice for the Secure Destruction of Confidential Material (BS EN 15713:2009).
​
​
Sharing of your personal information with third parties
​
Third parties we contract with are under an obligation to comply with Data Protection Legislation at all times. We take steps to ensure that any third parties who handle your information comply with Data Protection Legislation and protect your information to the same extent as we do.
​
In some circumstances we are legally obliged to share information. For example, under a court order or where a regulatory body has requested access to certain information under statutory powers as part of their duties to investigate complaints, accidents or health professionals’ fitness to practise. We might share information with regulatory bodies in order to further their, or our, objectives. In any scenario, we’ll satisfy ourselves that we have a lawful basis on which to share the information and document our decision making.
​
We may also share your personal information with data processors who are third parties who provide elements of services for us. We will only disclose personal information that is necessary for them to provide the service that they are undertaking on our behalf. We have contracts in place with our data processors, to ensure that they only handle your information in accordance with our instruction. They will hold it securely and retain it for the period we instruct.
We will share your personal information with third parties when it is appropriate and necessary to do so only, including the following:
​
-
Your consultant (including their medical secretaries), nurse, carer or any other healthcare professional involved in your treatment;
-
Receptionists and, porters;
-
Your emergency contact, for example your next of kin or carer;
-
NHS organisations and the Department of Health;
-
Clinical Commissioning Groups;
-
Other private sector healthcare providers;
-
Your general practitioner;
-
Your dentist;
-
Third parties who assist in the administration of your healthcare, such as private medical insurers, NHS funding bodies;
-
Private Healthcare Information Network (“PHIN”)
-
National and other professional research/audit programmes and registries
-
Government bodies, including the Ministry of Defence, the Home Office and HMRC
-
Regulators, including but not limited to the Care Quality Commission (“CQC”), Health Inspectorate Wales and Healthcare Improvement Scotland, Medicines and Healthcare products Regulatory Agency (“MHRA”).
-
The police and other third parties where reasonably necessary for the prevention or detection of crime
-
Private medical insurers
-
Debt collection agencies
-
Credit referencing agencies
-
Suppliers of medical devices
-
Third party service providers such as IT suppliers , auditors, lawyers, marketing agencies, document management providers and tax advisers; and
-
Selected third parties in connection with any sale, transfer or disposal of our business.
​
​
Transfers to third parties outside EEA
​
Your personal information may be held outside of the European Economic Area (“EEA”) where the organisation paying for your treatment is based outside the EEA. You will in that case be subject to the privacy policy of that third party.
​
We may have a legitimate interest to send your personal information to a supplier based outside of the EEA, subject to reasonable steps to ensure the security of your personal information in accordance with Data Protection Legislation.
​
External Parties
​
Consultants may make decisions about what information is collected about you and may maintain their own set of medical records in relation to the treatment that they provide. They are a Data Controller in respect of your personal information which they hold within those records, meaning that they must comply with the Data Protection Legislation when handling your personal information. Your Consultant may also contract with their own data processors, i.e., external medical secretaries, or external parties that provide billing services, and they will remain responsible for your personal information obtained in respect of those services.
​
Your consultant will have their own privacy notice in place to which you will be subject. We would therefore recommend that you consult their privacy notice before or when starting your treatment with them.
​
We further recommend that you read the privacy notice of any external parties that handle your personal information.
​
Your rights regarding your personal information
​
You have certain rights in relation to the personal information that we hold about you under Data Protection Legislation. You may exercise these rights at any time by contacting us using the details set out at the beginning of this privacy notice.
​
Reasonable requests are free of charge. Requests will usually be processed within one calendar month of receipt, unless it is a complex request. We may require more information from you to answer your request or to identify you and we will wait until we have the necessary information before dealing with your request.
​
Denton Physio Technology, as a healthcare provider, is subject to legal and regulatory obligations which may limit or restrict the enforcement of your rights on some occasions, as stated below.
Your rights include:
​
a) The right to request access your personal information (also known as ‘Subject Access Request’)
​
Denton Physio Technology is committed to facilitate the exercise of your rights as data subjects. You can find out if we hold any of your personal information by making a ‘Subject Access Request’ (“SAR”). You can make a SAR either verbally or in writing. It is recommended that you make your request in writing directly to the Hospital/facility holding your records and clearly set out what data you wish to access. Please include the following information when making your request:
​
-
Your name and preferred contact details
-
Your ID number and/or your DOB
-
Any details relating to your request
-
​
You may also make a request directly to our Data Protection Officer.
​
b) The right to rectification
You may ask us to rectify any personal information we hold about you if your circumstances have changed or the information is no longer valid.
​
c) The right to erasure (also known as the right to be forgotten)
​
You may ask us to delete some personal information we hold about you, but this will be subject to any legal obligations we need to comply with in terms of retention period, public interest, public health, or for the purposes of establishing, exercise or defending legal claims.
​
d) The right to restriction of processing
​
We may amend the scope of the processing of your personal information upon your request, unless we need to keep your personal information in order to perform tasks which are in the public interest, including but not limited to public health, or for the purposes of establishing, exercise or defending legal claims.
​
e) The right to data portability
​
You may ask us to transfer personal information that you have provided to us to you or (if this is technically feasible) another individual / organisation of your choice.
​
f) The right to object
​
This includes the right to object to Denton Physio Technology using your personal information in a particular way (such as sharing that information with third parties), and we must stop using it in that way unless specific we need to retain that information to defend a legal claim brought against us or is otherwise necessary for the purposes of your ongoing treatment.
​
If you wish to be removed from our marketing emails, you can do this by either contacting the Data Protection Officer, (contact details provided at the beginning of this privacy notice). If you receive marketing information by email you may click on the ‘unsubscribe’ link embedded within the email sent to you.
​
g) The right not to be subject to automatic decisions (i.e., decisions that are made about you by computer alone)
We do not use profiling and/or make decisions about you based on wholly automated processing of your personal information.
​
h) The right to withdraw consent
​
When we rely on your consent to process your personal information, you have the right to withdraw your consent to further use of your personal information. You can do this by contacting our Data Protection Officer.
​
i) The right to complain to the Information Commissioner's Office
​
You may complain to the Information Commissioner's Office (“ICO”) if you have any concerns about the way that we have dealt with a request from you to exercise any of these rights, or if you think we are not compliant with Data Protection Laws. Making a complaint will not affect any other legal rights or remedies that you have.
You may contact the ICO here https://ico.org.uk/make-a-complaint/
​
​
Data Security measures
​
Denton Physio Technology is committed to ensuring the privacy and confidentiality of your personal information within its control. We use technologies and processes such as access control procedures, network firewalls, encryption and physical security to protect the privacy of information. Although the transmission of information via the internet is never completely secure, we will use our best endeavours to protect your information from loss, misuse or alteration when it is within our control in compliance with all applicable and Data Protection Legislation.
​
This Privacy Notice was last updated on the 06 February 2021.