General data Protection Regulations (GDPR) POLICY STATEMENT

May 2018

At Exeter Physio we understand the importance of keeping your personal information and data safe and secure.

Collection and use of your personal information
When you visit or contact us, we will ask you to provide us with personal details for our records. This could include your name, e-mail address, and postal address, date of birth, a medical questionnaire and other information that will help us treat you and allow us to contact you when necessary. Details of any treatment / advice are also held on your record.
Any information that you give us is held safely and securely and only stored for as long as we need it. (See below)
We do not share your information unless we have your agreement to do so.
This may involve contacting your GP, Consultant or Insurance Company
We would seek your consent to receive communication from us by mobile phone, e-mail or text messages.

Access to personal information
You have the right to access your personal information and this is known as a subject access request.
If at any point you believe the information we have processed on you is incorrect, you may request that this information be corrected or deleted.

Retention of Records
Retention schedules are usually eight years from the date of the last treatment for adult records and for children, eight years after their 18th birthday or until 25 years of age

Complaints
Should you wish to raise a complaint on how we have handled your personal data, please contact our Practice Manager Tracey Hawkins who will investigate the matter.

If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the Information Commissioner’s Office (ICO).