Because your data is important
Current version 1.1 – Written 28th May 2019
Who are we?
We are Complete Pilates Medical Ltd and are known to our patients and partners as Complete Pilates or simply Complete. Below we talk about us as “we”, “us” or “our”.
We are registered as a company in England and Wales which means we work under their law. Our company number is 10206019 and if you want to write to us you can at:
115 Hampstead Road
Our services focus on healthcare and rehabilitation and this is what we are talking about below. Because of this we hold sensitive information about you but are committed to protecting your privacy. Hopefully this notice will explain how we use the information we collect, protect it, and also show you how we process this data.
If you have any questions about this please contact email@example.com.
We are registered with the Information Commissioner’s Office (ICO) under the number ZA371935.
Why are we doing this?
GDPR is the latest EU General Data Protection Regulations which came out on May 25th 2018. It sets out how we are allowed to use your data as well as store it. It deals with “sensitive information” which is basically anything that makes someone identifiable.
The new laws on how we store this information is very strict and we have to let you know exactly what we are doing with it.
The scope of this policy and our services
This policy applies to anyone who asks about us, comes to any appointments or buys anything from us. We offer services which include:
- Movement and manual therapy including equipment Pilates and sports rehab
The information that we keep
We keep information which is submitted through the app or website when you sign up. When you download the app or book through our website, you have to provide your full name, email address and phone number. You can check everything we ask for on our registration form. We need this to let you book an appointment and so we know who is coming!
If you are coming from a consultant or other medical practitioner, we also keep information about your injuries. This might include clinic letters or encrypted email handovers, images or medical tests, and information on your sex life if you are seeing one of our pelvic health specialists.
We also keep:
- Details on any sessions you have had and what you have done in them.
- Cookie information which you can read about here.
- Credit or debit card details for you to pay for the appointments. We don’t store these ourselves, but they are in your MindBody account if you save them.
If we don’t have full information on your past and present medical condition, it makes it really difficult for us to do our jobs and help you with your rehab.
How we make sure people in our company use the information properly
We have put into place lots of things which try to protect your data. This includes:
- Training our entire team, both admin and clinical, in how they should handle your personal information.
- We always lock computer screens if we are not around them and make sure all our IT is up to date.
- We use something called ‘two factor authentication’ when we can. This means that we have to give a password but also input a code which is sent to our phone to make sure it is us logging on.
- We don’t use any personal systems like Gmail personal, Dropbox personal or Hotmail.
- We have an encryption software which works with our emails so that we can send you any handovers or reports. This is free for you to sign up to and once you have given us permission, we also use it to contact any other people involved in your rehab.
- Everyone we work with, including MindBody and those that link into our website, have also all proved to be compliant with the new laws.
How we use your information
The information we collect helps us give you the best rehab possible. We use it to:
- Talk to other people involved in your care to make sure we are all working towards the same thing.
- Analyse and improve the services we give you and other patients.
If you are a physio or rehab patient it is part of our law that we keep detailed notes about your care. This is so we can act in your best interest. We also email you information and appointment reminders to make sure you don’t miss appointments as this is key if you want to recover.
If there are any major changes to the clinic you are coming to for your rehab, we will also send you emails about what is happening. This is only if it affects your care. If you have asked us not to send you newsletters or marketing, then we won’t.
Who we share it with
Sometimes we need to share your personal information with other instructors or medical practitioners who are working with us on your rehab. We always ask your permission first and only tell them what is necessary. If we are talking to a consultant, then normally their secretaries will also see letters.
We also share it with your parents or guardian if you are under 18.
Where we store your data
Most of our data is stored somewhere within the European Economic Area (EEA). We do transfer and store some information outside of this area and these people might also process your data. We only share this information with people that the European Commission say have adequate data protection and companies we have agreed data protection clauses with.
How long we keep it
We keep all your data for as long as you are seeing us at Complete. If you are doing rehab with us, the NHS have set us guidelines for how long we need to store your information for after you have finished your treatment. Normally this is 8 years.
Sometimes we may need to keep this data for longer if there are any legal claims or the law says that we have to.
You have the right to:
- Get a copy of or access any of the personal information we store about you.
- Ask us to change anything that is not right.
- Ask us to delete your data, although sometimes for legal reasons this may not be allowed.
- Ask us how we are using and storing your data.
- Object to us sending you direct marketing like newsletters or discount offers.
- Remove consent that you have previously given us.
If you want to make a complaint
If you want to complain then please email us on firstname.lastname@example.org. We try our best to fix any problems but if you are still not happy you can contact the ICO directly.
Changes to this policy
We might make changes to the policy, but you can always see old versions on the website as well.