General Data Protection Regulation (GDPR) policy for James Whiteley Physiotherapy.
Name & Contact details: James Whiteley,
tel: 07882 508822 email:
Data Controller: James Whiteley,
Purpose of Processing: to ensure optimal care and the most accurate identification of the person
Categories of personal data: personal details such as address, phone number, date of birth, contact numbers and registered GP / Consultant will be collected. Financial data (such as bank details), will NOT be collected unless it is for arranging payment for a Physiotherapist working on behalf of James Whiteley Physiotherapy. In this case, the details will be added as soon as practicably possible onto the secure website of James Whiteley Physiotherapy's bank to enable direct bank transfers to be made, and any other copy of the details will be destroyed.
Data transfer: data will only be transferred with the person’s consent - in the form of a report - such as to another care provider to ensure the patient’s best possible care. It is unlikely for this to be to a third country but in the case that their care is managed internationally, then their full consent will again be sought. No data collected will be used on any social media platforms, or any other public platforms, but will be handled in line with the Chartered Society of Physiotherapy’s (CSP) Code of Conduct.
Retention period: data will be held for 7 years, except in the case of under 18 year olds (when it will be held until they are 25 years old), which is in line with the CSP Guidelines. After this time it will be destroyed by shredding or by incineration.
Consent withdrawal: Consent can be withdrawn at any time, where relevant. Some details may need to be held while a file is within the retention period, but this will be based upon CSP and HCPC Guidelines of Best Practice and Codes of Conduct.
Individuals’ Rights: Each individual has the right to be informed; the right to access; the right to rectification; the right to erasure; the right the restrict processing; the right to data portability; the right to object; and the right not to be subject to automated decision making (such as profiling). And each individual has the right to carry out a complaint.
Complaints: Each individual has the right to lodge a query with the data controller / business owner, or lodge a complaint directly to the ICO (ico.org.uk)