PRIVACY POLICY

Patient Privacy Notice
Executive Summary
1. As your treating physiotherapist and custodian of personal information relating to your
medical treatment, I must only use that information in accordance with all applicable law
and guidance. This Privacy Notice provides you with a detailed overview of how I will
manage your data from the point at which it is gathered and onward, and how that complies
with the law. I will use your personal information for a variety of purposes including, but not
limited to, providing you with care and treatment, sharing it with other medical
professionals if or when appropriate.
2. In addition, you have a number of rights as a data subject. You can, for instance, seek access
to your medical information, object to me using your information in particular ways, request
rectification of any information which is inaccurate or deletion of information which is no
longer required (subject to certain exceptions). This Privacy Notice also sets out your rights
in respect of your personal information, and how to exercise them.
3. For ease of reference, this Notice is broken into separate sections below with headings
which will help you to navigate through the document.
Introduction
This Privacy Notice sets out details of the information that I, as your physiotherapist responsible for
your treatment may collect from you and how that information may be used. Please take your time
to read this Privacy Notice carefully.
About me
In this Privacy Notice I use “I” or “Mine” or “my” to refer to me as the physiotherapist who is using
your personal information.
If you have any queries, comments, or concerns in respect of the manner in which I have used or
potentially will use, your personal information then you should contact me directly and I would be
happy to discuss further. PhysioByZo Physiotherapy. 9 Forge Close, Uckfield, East Sussex, TN22
5BQ. Telephone number 07774 654396. Zoemorton@acevp.uk
Your personal data
I am a Data Controller in respect of your personal information which I hold about you. This will
mainly relate to your medical treatment but will be likely to also include other information such as
financial data in relation to billing and payment. I must comply with the data protection legislation
and relevant guidance when handling your personal information and so must any secretary who
assists me in an administrative capacity. Your personal data may include any images taken in
relation to your treatment which must not only be managed in accordance with the law, this Privacy
Notice but also all applicable professional standards including guidance from the Healthcare
Professions Council (HCPC) and Chartered Society of Physiotherapy (CSP).
Your personal information will be handled in accordance with the principles set out within this
Privacy Notice. This means that whenever I use your personal data, I will only do so as set out in this
Privacy Notice.

PHYSIOBYZO PHYSIOTHERAPY

Dated – May 2024
What personal information do I collect and use from patients?
As one of my patients, I will use “special categories of personal information” (previously known as
“sensitive personal data”) about you, such as information relating to your physical and mental
health.
If you provide personal information to me about other individuals (including medical or financial
information) you should inform the individual about the contents of this Privacy Notice. I will also
process such information in accordance with this Privacy Notice.
Personal Information
Personal information that you provide when interacting with me, either online, or via email, mobile,
phone or post may include the following:
● Name
● Address
● Email
● Contact telephone numbers (including emergency contact details)
● Occupation
● Financial Information, such as credit card details used to pay me and insurance policy details.
● Background referral details.
Data From Third Parties
It may be necessary to seek information from other healthcare organisations. I may also collect
information about you from third parties when:
● You are referred to me for the provision of services.
● I liaise with your health professional or other treatment, or benefit provider.
● I liaise with your family.
● I liaise with debt collection agencies.
How will I communicate with you?
I may communicate with you in a range of ways, including by telephone, SMS, email and/or post. If
contacting you using the telephone number(s) you have provided (landline and/or mobile), and you
are not available which results in the call being directed to a voicemail or answering service, I may
leave a voice message on your voicemail and/or answering service as appropriate, and including only
sufficient basic details to enable you to identify who the call is from, very limited detail as to the
reason for the call and how to call me back.
However:
● To ensure that I provide you with timely updates and reminders in relation to your
appointments, I may communicate with you by SMS and or/unencrypted email (where you
have provided me with your SMS or email address) in each case where you have expressed
a preference in the patient registration form to be contacted by SMS and/or email.
● To provide you with your medical information and/or invoicing information, I may
communicate with you by email (which will be encrypted) where you have provided me
with your email address and have expressed a preference in the patient registration form to
be contacted by this method. The first time I send you any important encrypted email that I

PHYSIOBYZO PHYSIOTHERAPY

Dated – May 2024
am not also sending by post, or which requires action to be taken, I will endeavour to
contact you separately to ensure that you are able to access the encrypted mail you are
sent.
● Please note that although providing your mobile number and email address and stating a
preference to be communicated by a particular method will be taken as an affirmative
confirmation that you are happy for me to contact you in that manner, I am not relying on
your consent to process your personal data to correspond with you about your treatment.
As set out further below, processing your personal data for those purposes is justified on
the basis that it is necessary to provide you with the service.
What are the purposes for which your information is used?
I may ‘process’ your information for a number of different reasons. Each time I use your data I must
have a legal justification to do so. The justification will depend on the purpose of the proposed use
of your data. When the information that I process is classed as a “special category of personal
information”, I must have a specific additional legal justification to use it as proposed.
No Purpose Legal Grounds
1 To set you up as a patient Taking the necessary steps so that you can enter into a contract

with me for the delivery of Physiotherapy.

2 To provide you with
physiotherapy services

Providing you with physiotherapy services and fulling my
contract with you for the delivery of services
3 For account settlement purposes I am providing you physiotherapy services.

Fulfilling my contract with you for the delivery of Physiotherapy.
My having an appropriate business need to use your
information which does not overly prejudice you.
Your consent.

4 Communicating with you and
resolving any queries that you
might have.

Providing you with Physiotherapy services
Having an appropriate business requirement to use your
information which does not overly prejudice you.

5 Communicating with any other
individual that you ask me to
update about your care and
updating other healthcare
professionals about your care.

Providing you with Physiotherapy services
I have a legitimate interest in ensuring that other healthcare
professionals who are routinely involved in your care have a full
picture of your treatment.

6 Complying with my legal or
regulatory obligations,
defending, or exercising my
rights.

The use is necessary for me to comply with my legal obligations.

7 Managing my business
operations such as maintaining
accounting records, analysis of
financial results, audit
requirements, receiving
professional advice (e.g. tax or
legal advice)

My having an appropriate business need to use your
information which does not overly prejudice you.

9 Provide marketing information to
you (including information about
other products and services
offered by selected third
parties/partners) in accordance
with preferences you have
expressed. This will include
testimonials and would only be

My having an appropriate business need to use your
information which does not overly prejudice you.
You have provided consent.

PHYSIOBYZO PHYSIOTHERAPY

Dated – May 2024
done with explicit consent.
Who will I share your personal data with?
I may disclose your information to the third parties listed below for purposes described in this
Privacy notice. This might include.
● A doctor, or any other healthcare professional involved in your treatment.
● Anyone that you ask me to communicate with or provide as an emergency contact, for
example your next of kin or carer.
● Third parties who assist in the administration of your healthcare, such as insurance
companies.
Some of those organisations may be based in a country outside the European Economic Area or
where different data privacy laws apply. I will only transfer your personal data to that country if they
ensure an adequate level of protection of your rights and freedoms, or you have given me your
consent, or that organisation is contractually bound to meet European Economic Area data
protection laws.
What Marketing activities do I carry out?
I may also use your personal information to provide you with information about products or services
which may be of interest to you where you have provided your consent for me to do so.
If you no longer wish to receive marketing emails, you can click on the “unsubscribe” link that
appears in all my emails, otherwise you can always contact me using the details set out above to
update your contact preferences.
Automated Decision Making
An automated decision is a decision made by computer without any human input, and there will be
no automated decision-making in relation to your treatment or other decisions which will produce
legal or similarly significant effects.
How do I store your personal data?
Personal data collected and processed in accordance with this Privacy notice is stored on my secure
storage drive and in hard copy format.
I handle your personal data in accordance with adequate and reasonable procedures and
technologies to maintain and protect its security, availability, confidentiality and integrity and
prevent its unlawful or unauthorised processing, accidental or damage, from its collection until its
destruction.
Where personal data is transmitted across the internet, it will be encrypted.
How long do I keep personal information for?
I will only keep your personal information for as long as reasonably necessary to fulfil the relevant
purposes set out in this Privacy Notice and to comply with my legal and regulatory obligations.
Can you see the personal data I hold about you?

PHYSIOBYZO PHYSIOTHERAPY

Dated – May 2024
If you would like to access any information I hold about you, please email me at
Zoemorton@acevp.uk I will review your request and respond to you as quickly as possible.
Can you change or delete your personal data?
I want the data I store to be correct, so I will rectify any information that you inform me is incorrect.
You have the right to ask me to withdraw your consent or erase your personal information. Your
request will be complied with once the data is no longer required for the original purpose and if
there is no requirement for the information to be retained to comply with national law.
Can you complain about the way I process your data?
If you feel that I am not complying with the data protection legislation in how I am storing /treating
your personal data, then in the first instance please email me at Zoemorton@acevp.uk with your
concern. If your complaint is not resolved to your satisfaction, you have the right to lodge a
complaint with the Information Commissioners’ Office (ICO).
Cookies
Cookies are small pieces of text that are placed on your computer or mobile device to collect
standard internet log information and visitor behaviour information. Cookies do not provide me with
access to your computer or any information about you, other than that which you choose to share
with me.
Changes to the Privacy Notice
I may update this Privacy Notice from time to time to ensure that it remains accurate. If these
changes result in any material difference to the manner in which I process your personal data, then I
will provide you with an updated copy of the Policy.
This Privacy Notice was updated May 2024

We need your consent to load the translations

We use a third-party service to translate the website content that may collect data about your activity. Please review the details in the privacy policy and accept the service to view the translations.