Data Protection Statement

This page explains how we collect, use, and protect your personal information when you use Physio247.

We follow UK data protection law, including the UK GDPR and the Data Protection Act 2018.

If you have any questions, you can contact us at any time.

What Data We Collect

We may collect and process the following types of personal data:

a. General Personal Information

• Name

• Date of birth

• Contact details (email, phone number, address)

b. Medical Information (Special Category Data)

• Health records and history

• Treatment details

• Prescriptions and referrals

• Consultation notes

• Diagnostic results

c. Technical Information

• IP address

• Browser type and version

• Website usage data (cookies, analytics)

4. Purpose of Data Processing

We process your data for the following purposes:

• To provide medical and healthcare services

• For clinical assessments and consultations

• For referral and coordination with other medical professionals

• To comply with legal and regulatory obligations

• For billing and administrative purposes

• To improve our website and services (where appropriate, and anonymised)

5. Legal Basis for Processing

We process personal data based on the following legal grounds:

• Consent – where required for specific processing

• Contract – to deliver healthcare services you request

• Legal obligation – to comply with healthcare and data protection laws

• Vital interests – to protect your life or another’s in urgent situations

• Public interest – in the area of public health or provision of health care

• Legitimate interests – in improving and securing our services

For special category (medical) data, we process this under Article 9(2)(h) of the UK/EU GDPR: “processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment…”.

6. Sharing Your Data

We will only share your data when necessary, and with appropriate safeguards:

• With healthcare professionals involved in your care

• With laboratories, pharmacies, or other medical service providers

• With regulators or public health authorities, where legally required

• With data processors or IT providers (under strict contracts)

We do not sell or share your data for marketing purposes.

7. Data Security

We implement appropriate technical and organisational measures to protect your data, including:

• Encrypted storage of records

• Secure servers and firewalls

• Role-based access control

• Regular security audits and staff training

8. Data Retention

We retain your personal and medical data only as long as necessary for the purposes it was collected, and in accordance with medical and legal requirements.

[Insert your specific retention period, e.g., "We retain medical records for a minimum of 8 years after the last interaction, or until a child turns 25, whichever is longer."]

9. Your Rights

You have the following rights regarding your personal data:

• The right to be informed

• The right of access

• The right to rectification

• The right to erasure (in certain circumstances)

• The right to restrict processing

• The right to data portability

• The right to object

• The right to withdraw consent at any time

• The right to lodge a complaint with the Information Commissioner’s Office (ICO)

To exercise any of these rights, please contact us at: [your contact email]

10. International Data Transfers

If we transfer your personal data outside the UK/EU, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.

11. Updates to This Statement

We may update this Data Protection Statement from time to time. The latest version will always be available on our website with the date of last revision.