Privacy
Policy

Our Contact Details

Name: Upper Limb and Hand Ltd T/A The Hand Therapist
Company number: 15663192
Registered office: 128 City Road, London EC1V 2NX
Phone: 028 9099 3464
Email: [email protected]

About our Privacy Notice

Upper Limb and Hand Rehab Ltd T/A The Hand Therapist is committed to protecting your privacy and legal rights when dealing with your personal information.

This Privacy Notice provides clear and understandable details about the information we collect about you (or anyone you have provided us with information about, for example your child or ward), how we use and protect it, and your rights in relation to the data we process.

If you have any queries about this Privacy Notice, if you are unsure what something means or if you wish to contact us about personal information we hold, please email us at [email protected].

Upper Limb and Hand Rehab Ltd is registered with the Information Commissioner's Office, registration number: ZB741744.

The Right to Object

You have the right to object to processing of your data if processing is based on legitimate interests or if processing is being used for direct marketing. Please contact us in the first instance if you wish to object.

Definitions

'We', 'our', 'us' and 'company' refer to Upper Limb and Hand Rehab Ltd.

'Services' means healthcare related services provided by us, as defined in 'Scope of Healthcare Services'.

GDPR means EU General Data Protection Regulations that came into force on 25 May 2018.

ICO means the Information Commissioner's Office and any successor to it as the UK data protection authority.

Data Protection Laws means the Act, GDPR, the Regulation of Investigatory Powers Act 2000, the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000 (SI 2000/2699), the Electronic Communications Data Protection Directive (2002/58/EC), the Privacy and Electronic Communications (EC Directive) Regulations 2003 (SI 2426/2003) and all applicable laws and regulations relating to the processing of personal data and privacy.

Data Controller, Data Processor, Data Subject and Personal Data all have the meaning given to them in the Act and GDPR.

'Website' or 'site' means the company's website at https://www.thehandtherapist.co.uk/

'Patient', 'patients', 'client' or 'clients' means people who attend our clinic or intend to use our services.

'Personal information' means either Personal Data or Special Category data, as defined by the GDPR.

Privacy Notice Scope

This Privacy Notice applies to any person (also known as a 'data subject') who enquires about, uses or purchases our services. It also applies if you communicate with us in any manner for the purpose of discussing current or past use of our services.

You may be reading a printed version of this Privacy Notice, which may not be the latest version. Please view the current version on our website or contact us to request a copy in PDF format.

Scope of Healthcare Services

Upper Limb and Hand Rehab Ltd provides the following healthcare services:

• Occupational Therapy
• Hand Therapy

Securing Your Personal Information

Data protection laws require us to take appropriate technical and organisational measures to prevent unlawful access or processing of personal information. The following measures are in place:

• Our clinicians and administrative staff are trained in the appropriate handling of personal information and how to respond to a data breach
• We practice common sense cybersecurity requirements such as locking screens when away from them and ensuring operating system updates are installed promptly
• Where possible, we use two-factor authentication for key systems
• We ensure passwords are regularly changed on our systems
• We encrypt all hardware that stores personal information using industry standard methods
• Our third-party providers are compliant with data protection laws and have effective data restore capabilities

How We Collect Personal Information

We collect personal information from you or any third parties acting on your behalf. We collect information from the following sources:

• Your parent or guardian, if you are under 18 years of age
• A family member or someone else acting on your behalf
• Your interpreter, acting on your behalf
• From yourself, either in face-to-face or telephone or virtual consultations, or via electronic communications such as email or postal communications
• When you have given explicit consent to subscribe to educational or marketing email correspondence
• Manually when you fill in referral, assessment, registration and other forms via electronic or postal communications
• From medical providers involved in your care
• From providers of medical imaging and diagnostic testing involved in your care
• From your private medical insurance provider or referring entity
• In emergency situations by social services, police or ambulance service staff

Categories of Personal Information We Process

Standard Personal Information

Standard personal information can include but is not limited to:

• Name
• Address
• Email address
• Telephone number
• Occupation
• Date of birth
• Next of kin or similar contact details
• Details of any complaints or grievances raised in relation to our services
• Financial details relating to payments for our services (note: we do not store card details)
• Account details relating to your private medical insurance provider

Special Category Personal Information

This is personal information specifically relating to your health, both physical and mental. It can include but is not limited to clinical notes, examination findings, medical imaging data, diagnostic test results and correspondence.

What We Use Your Personal Information For

Standard Personal Information

We process Standard personal information about you where:

• It is in our Legitimate Interests
• It is our Legal Obligation
• We have your Explicit Consent (this only applies when you have opted in to receive our email newsletters or marketing)

Legitimate Interests

The Legitimate Interests we have identified for processing your Standard personal information are:

• To enable us to record who you are when booking appointments
• To ensure we can email you with basic information about your appointment
• To manage our relationship with you in respect of invoices and insurer authorisation codes
• To communicate with you if we need to cancel or rearrange appointments

Legal Obligation

We process the following Standard personal information under a Legal Obligation:

• Full name
• Address
• Date of birth
• Gender
• Contact details
• Parent or legal guardian details if you are a minor

Special Category Personal Information

As a provider of healthcare services, we process Special Category personal information under a Legal Obligation. The conditions under which we process this information include:

• Processing necessary for the purposes of preventive or occupational medicine, medical diagnosis or the provision of healthcare or treatment
• Processing necessary for the establishment, exercise or defence of legal claims

We are required to comply with The Health and Social Care Act 2008 (Regulated Activities) Regulations 2014, Part 3, Section 2, Regulation 17(c), which requires us to maintain securely an accurate, complete and contemporaneous record in respect of each service user.

Sharing Your Personal Information

We may share your information with the following where necessary:

• Doctors, surgeons, clinicians and other healthcare professionals, hospitals and other healthcare providers
• Their administrative staff such as secretaries
• People or organisations we are required by law or our regulatory body to share your information with
• The police or other law enforcement agencies where required by law or court order
• A parent or legal guardian if you are a minor
• Any person you have authorised us to share information with

Transferring Information Outside the EEA

Generally, we store your personal information on secure systems within the EEA. Where we use systems outside the EEA, we ensure that suitable contractual or other safeguards are in place to protect your data, including industry standard encryption methods.

How Long We Keep Your Personal Information

We normally process or store your personal information for eight years for adults and until their 25th or 26th birthday if a child, but this can increase in specific circumstances. We will also store information to ensure we can deal with any legal claims that arise from you using our services.

Any personal information used for marketing purposes, provided via consent, will be erased in accordance with your rights if requested.

Your Rights

The Right to be Informed

You have the right to be informed about how we collect and use your personal data. This Privacy Notice is designed to fulfil that right.

The Right of Access

You have the right to confirmation that your data is being processed and to view this information (a Subject Access Request or SAR). We will respond within 30 days of identifying you, or notify you if an additional two months is required due to complexity.

The Right to Rectification

You have the right to request rectification of personal information. We consider requests to correct factual information. Clinical opinions will remain valid as they were the opinion at the time of recording.

The Right to Erasure

You have the right to request erasure of personal information. We will consider all requests in conjunction with our legal obligation to retain healthcare records. Where we cannot delete data, you have the right to request restriction of processing instead.

The Right to Restrict Processing

You can request that we restrict the processing of personal information, meaning we will stop actively processing it and it will be stored only.

The Right to Data Portability

As we do not process personal information on the basis of consent or the performance of a contract, the right to data portability does not apply. However you still have the right to request this.

The Right to Object

You have the right to object if processing is based on legitimate interests or if processing is being used for direct marketing.

Automated Decision Making and Profiling

We do not make any automated decisions or perform any profiling with your personal information.

The Right to Lodge a Complaint

We ask that you contact us first if you wish to make a complaint. You can also contact the ICO directly:

• Website: ico.org.uk/concerns
• ICO, Wycliffe House, Water Lane, Wilmslow, SK9 5AF

Cookie Notice

A cookie is a small piece of data sent from a website and stored on the user's computer by the user's web browser while the user is browsing. We have taken steps to avoid the use of cookies and analytic tracking on our site.