UK GDPR (United Kingdom General Data Protection Regulation) came into force at 11pm on 31st December 2020, replacing GDPR which had been in force from 25th May 2018; We have put together this privacy statement to give our clients more information about what we do with your personal data and the rights you have as an individual in relation to the data that we hold for you.
This policy will explain what data we hold, how we use your data, and how we take measures to ensure the data held is kept securely and safely.
Balanced Bodies will ensure that it treats personal information lawfully and correctly. To this end, we fully endorse and adhere to the principles and your rights as set out in the UK GDPR as outlined below:
- Your personal data shall be processed fairly and lawfully and shall not be processed unless specific conditions are met.
- Your personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
- Personal data collected shall be adequate, relevant and not excessive in relation to the purpose or purposes for which it is processed.
- Personal data shall be accurate and, where necessary, kept up to date.
- Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes (see Retention Periods later in this statement for details).
- Personal data shall be processed in accordance with the rights of data subjects under UK GDPR, GDPR and the Data Protection Act 2018.
- Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
- Personal data shall not be transferred to a country or territory outside of the UK unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data or contractual clauses are in place to ensure that data is stored with a level of protection at least equal to that provided under UK GDPR.
Furthermore, under the UK General Data Protection Regulations (UK GDPR) you have the right to:
- The right to be informed about what data is being held about you and how it is processed and managed which has been clearly outlined within this privacy statement.
- The right of access to data that is held about you and you can do this by contacting us. We may request that you provide identification documents to confirm you are the data subject.
- The right to rectification if the data that is held about you is inaccurate or incomplete and you can request this to be undertaken by contacting us.
- The right to request the erasure of the data we hold for you, which is also known as the right to be forgotten. To request the right of erasure please contact us. If there are legal or professional reasons why data needs to be retained, it may not be possible for us to erase your data. If this is the case, we will write to you to let you know.
- The right to restrict the processing of the data we hold upon you. This means not deleting the data we hold upon you but placing certain restrictions or total restrictions on how we process it. To request the restriction of processing please contact us.
- The right to data portability to receive the data we hold on you in an open-source format such as in a CSV format. To request the data we hold in such a format, please contact us via email.
- The right to object to the way your data is being held, processed or managed and you can do so by contacting us.
- Rights in relation to automated decision making and profiling to be outlined to you. Currently, Balanced Bodies does not undertake any form of automated decision making.
What Data Is Held
Balanced Bodies holds the following data for legitimate client communication regarding booking initial / follow up appointments and to comply with the current legislation.
- First name
- Last Name
- Email address and/or telephone number
- Address where applicable
- Date of Birth
- Medical History / Medical Records as shared by you the client.
Balanced Bodies holds the following data for invoicing purposes:
- First name
- Last Name
- Email address and/or telephone number
- Address where applicable.
Data Storage and Data Sharing
Balanced Bodies takes the security of your information seriously. Only your Therapist and / or instructor will have access to your data for the purposes specified in this privacy statement. Your data may sometimes be shared with third parties such as other health care professional’s e.g. referrals to a GP or a consultant for further imaging or investigation, which would be always be discussed primarily with you before doing so.
Any data collected will be clearly outlined to clients at the point of data collection and will only be kept in locations for the length of time required to process such information for its intended purpose. Any handwritten notes are stored and used in a confidential manner and confidentially disposed of after the intended purpose.
Balanced Bodies uses the following UK GDPR compliant systems to store and / or process data:
- Gmail for email correspondence, calendar and contact software.
- Sports Injury Fix and Cliniko for patient notes storage, calendar and contact software.
- Zoom and YouTube for recordings of OnDemand sessions.
- Cliniko for patient notes storage, calendar and contact software.
- GymCatch for class participant notes storage, calendar and contact software.
- Rehab my Patient for client rehabilitation programmes, contact software, email correspondence.
- Mail Chimp for managing newsletters.
- Instagram, LinkedIn, Whats App, SMS and Facebook for marketing & communications purposes.
- Stripe to process online payments.
- Zoom, Whats App, Face Time and Facebook for video conversations.
- Eventbrite for ticket handling for events.
Medical/Health records are retained by Balanced Bodies for 7 years to meet requirements set by HMRC and to comply with our insurance (Balens / SST). Handwritten notes are retained and stored securely for a maximum of 12 months.
Should you have a complaint about the management of your data or any further questions regarding anything in the policy above please contact Balanced Bodies
Should you be dissatisfied with the way your complaint is handled, you can make a complaint or raise a concern to the Information Commissioner’s Office. You can contact the Information Commissioner’s Office on 0303 123 1113 or go online to the ICO.
This policy was last updated on 28th January 2021