The type of personal data we collect
We collect certain types of personal information about visitors and users of the site and services. Most commonly, this might include things like:
- Names, telephone numbers and email addresses, when someone makes a general enquiry by telephone, email or via the website contact form.
- Names, telephone numbers and email addresses; diagnosis, other personal data such as date of birth and GP or Consultant name when someone visits our website.
- General queries via the contact form on the website.
- Basic contact details when someone interacts with a post on our social media pages and profiles.
- Names, telephone numbers and email addresses; diagnosis, other personal data such as date of birth and GP or Consultant name given by the client when completing a hard-copy registration form.
- Hand-written clinical notes taken during consultations in accordance with confidentiality, best practice, guidance and regulations.
- Contact and identifying details contained within patient letters.
How we collect personal information
We collect personal information directly when you provide it to us in person or via the website, or when you interact with a social media posting.
How we use personal information
We will use your personal information:
- To fulfil a contract, or take steps linked to a contract: in particular, in carrying out Hand Therapy services.
- To create and send invoices for contracted work completed to our clients.
Where this is necessary for purposes which are in our legitimate interests. These interests include:
- operating our website;
- providing you with services described on the website;
- updating you with operational news and information about our website and services e.g. to notify you about changes to our website or services, website disruptions or security updates;
- carrying out technical analysis to determine how to improve our website and the services we provide;
- monitoring activity on our website, in order to identify potential fraudulent activity and prevent spam and ‘hacking’, and to ensure compliance with the user terms that apply to this website;
- managing our relationship with you, e.g. by responding to your comments or queries submitted to us on our website or asking for your feedback.
- managing our legal and operational affairs (including, managing risks relating to content and fraud matters);
- improving our products and services; and providing general administrative and performance functions and activities.
Where you give us consent:
- providing you with important information about products and services which we feel may interest you; and
- providing you with forthcoming holiday dates and emergency contact procedures; and
For purposes which are required by law.
- For the purpose of responding to requests by government, a court of law, or law enforcement authorities conducting an investigation.
- When we disclose your personal information
We do not usually need to disclose your personal information to any third party in order to deliver our services.
There may be certain circumstances in which we need to disclose your personal information, for example:
- To regulators and government authorities in connection with our compliance procedures and obligations;
- a purchaser or prospective purchaser of all or part of our assets or our business, and their professional advisers, in connection with the purchase;
- a third party to respond to requests relating to a criminal investigation or alleged or suspected illegal activity;
- a third party, in order to enforce or defend our rights, or to address financial or reputational risks;
- a rights holder in relation to an allegation of intellectual property infringement or any other infringement; and
- the recipients where we are authorised or required by law to do so.
How we keep your personal information secure
Most of our information is kept in digital form. All digital personal information (including names, addresses, telephone numbers and email addresses) is stored on a protected local computer network, to which only people engaged in activities directly relating to the business have access. The internet connection, local area network (LAN), computer terminals and documents containing personal data are all password protected and never routinely shared via email or stored on ‘cloud’ services, with the exception of patient letters and records, which are sometimes shared via iCloud and or Google Drive, and any personal information sent and received via email when therapists communicate with each other or with the client’s GP.
Some information is stored in hard-copy form (mainly Registration forms and patient notes) and these are kept in a locked filing cabinet onsite at the medical clinic or hospital that the patient is attending, and to which only people engaged in Hand Therapy Specialists services have access.
Hard copy patient notes are destroyed by confidential waste disposal after 7 years. We retain digital records within our billing software.
How you can access your personal information
You have the right to:
- request access to the personal data we hold about you.
- request corrections of any errors in that data.
- request erasure of the personal data we hold about you.
To make any of these requests, please contact us by email.
Information you make public or give to others
How long we keep your personal information