Tidal Physiotherapy is committed to safeguarding the privacy of your personal data. Please read the following policy to understand how your personal data will be treated as you make full use of our services.
1. Who are ‘We’?
In this policy, the words ‘We’, ‘Us’ or ‘Our’ refer to Tidal Physiotherapy. Tidal Physiotherapy is the data controller, data processor or both data controller and data processor of your personal data that We collect from you from time to time.
It’s really important to Us that you trust Us with your personal data so We want to make sure that you understand what personal data We hold about you and how We collect, store and process it.
We will use your personal data in the way(s) set out in this policy. If you are not happy with the way that We are using your personal data, please do not provide us with your personal data (We have set out more information on how We collect your personal data below). If you have any questions about this policy, or what We do with your personal data, please contact Us using the contact details below.
You can contact Us about this policy at firstname.lastname@example.org or write to the Data Protection Officer, Tidal Physiotherapy, Stephanie Murray, 10 Summerland Close, Brixham.
2. What is personal data?
Personal data is information about you that can help Us identify you, such as your name, address, phone number or email address, or more discrete data such as the device ID of any smartphones, tablets or similar mobile devices you own.
There are also special categories of personal data that are treated by law as being particularly sensitive. This may include your racial or ethnic origin, your religious beliefs or information related to your health. We will only ever collect special categories of data where We have your explicit consent to do so, where it is in your vital interests that We do so, or to enable Us to make decisions regarding the services that We provide to you.
3. What personal data do We collect about you?
The nature and the type of personal data we collect will depend on why you are giving it to Us.
We collect personal data about you when you;
~purchase treatments. We collect information such as your name, contact details, delivery address (if applicable);
~interact with Us on Our social media pages (such as Twitter & Facebook). We collect information about you from Twitter and Facebook’s sites if the settings on your accounts or the privacy policies of those sites give Us permission to do so. This would include your name, and any direct or private messages sent to Us);
~or voluntarily provide Us with your personal data whilst completing surveys, signing up for events, or providing feedback. We collect information such as your name, email address, postal address and any additional comments or information you give to Us.
If any of your personal data changes, or you believe that any of the personal data that We hold is incorrect, please let Us know by contacting Us at tidalphysiotherapy@gmail and We will ensure that the Personal Data is up to date. We may also contact You from time to time to verify that Your Personal Data is up to date.
4. What do We use your personal data for?
When processing your personal data, We will only do so in relation to specific purposes and only after giving careful consideration to ensure that your privacy rights are not seriously impacted.
We will process the personal data that you provide to us in the following ways for the purpose of (and on the basis of) our performance of our contractual obligations to you: To provide you with the services that you have requested or purchased from Us, such as fulfilling your purchase of a ticket through our website(this may include correcting any errors that you have provided such as any typos in your postal address);
We will process the personal data that you provide to us in the following ways in order to comply with Our legal obligations:
To ensure that Our site are kept secure and to prevent crime;
For the purposes of identifying and preventing fraud;
and To comply with statutory or regulatory requirements, such as reporting requirements Health and Safety Law.
We will also process your personal data where you have given your consent to us doing so, for example:
When you have asked to receive other forms of marketing communication about Us
Where We are relying on consent to process your personal data, We will only process your personal data for the purpose that you have given Us consent for. If you would like to receive these communications but have not opted in please contact Us on email tidalphysiotherapy@gmail indicating your preferred channel to receive marketing communications from Us.
If you do not wish to receive marketing or fundraising communications from us or other charities We also suggest that you also please ensure that you register with the Fundraising Preference Service.
5. Who do We share your personal data with?
Except where We use third party services to collect information, when you are asked for personal data by Us, you are sharing that information with Us alone, unless We specifically state otherwise below. As explained above, ‘Us’ refers to Tidal Physiotherapy. We need to share data with other orginisations (Stripe, for example) in order to fulfil our contractual obligations to you, or because it is in our legitimate interests to do so.
We may also provide your personal data to third parties who may process your data as part of the services they carry out on Our behalf. In order to provide you with the services that you have requested from Us, the following third parties may also need to process your personal data:
A. any statutory, governmental or regulatory body that requests the personal data and that We are obliged (by law or by regulation) to provide;
Please be aware that advertisers or web sites that have links on Our site may collect personally identifiable information about you. This privacy statement does not cover the information practices of those web sites.
As Our requirements change, We may need to change the third parties that process your personal data to meet those requirements. We do not sell or rent your personal data to anyone, We will never provide your personal data to another company or charity for their marketing purposes without your explicit consent.
6. How do We protect your personal data?
We will always do Our best to keep your personal data secure. Steps We take in order to do this include the use of technical controls (such as encryption and network protection), limiting the number of people working for Us who have access to your data and ensuring that they are trained in protecting your personal data.
Where We use external suppliers to process your personal data, We put contracts in place to make sure that they treat it as carefully as We would and use it only in accordance with the instructions that We give to them. Where these suppliers operate outside of the European Economic Area (EEA), We will make sure that the levels of protection provided are at least equal to those required by UK law.
7. Retention of your personal data
We will only retain your personal data for as long as We need to keep it. In considering how long to retain your data we will always take into account factors such as any ongoing obligations We have to You, the nature of Our relationship with You, legal requirements (e.g. in relation to HMRC statutory retention periods) and contractual requirements. We will not keep Your data indefinitely and will always dispose of it carefully when it is no longer necessary for Us to retain it, in line with defined schedules in Our Data Retention Policy.
8. Your Rights – What are the choices available to you regarding collection, use and distribution of your personal data?
The law gives you a number of rights in relation to your personal data and Our use of it. You have the right:
A. to ask Us not to use your personal data for direct marketing purposes;
B. to ask to see what personal data We hold about You and to find out about the way that We process the data (and in some circumstances, You can ask Us to provide a copy to a third party);
C. to ask Us to correct or update any personal data which is inaccurate;
D. to ask for personal data to be deleted in some (but not all) circumstances where there is no good reason for Us to continue to process it;
E. to ask Us to temporarily stop using your data if You don’t believe that We have a right to use it, or to stop Us from using your personal data where there is no good reason for Us to continue to use it; and
F. not to be subject to decisions made solely on the basis of ‘automated processing’ (i.e. the right not to be subject to decisions made solely by algorithms or computers without input from a human) in certain circumstances.
Your Right to Lodge a Complaint
If you are unhappy with the way We have dealt with your personal data or if you have any further questions about how We process and retain personal data please contact Us in the first instance at tidalphysiotherapy@gmail or by writing to the Data Protection Officer, Tidal Physiotherapy, 10 Summerlands Close, Brixham, so that We can try to put this right.
If you are still not satisfied, you have the right to lodge a complaint with the Information Commissioner’s Office. Further information on how to do this is available on the ICO website.
9. Changing this policy
We may make changes to this policy from time to time. If We make any significant changes to this policy that impacts the way in which your personal data is treated, We will post the changes on this page or, where We feel that the changes are really significant, We may contact you directly. Changes will apply from the time We post them (either here on Our website or when We contact you). This policy was last changed on 19 October 2018.
10. How can you access, update or delete your personal data?
By contacting us by email at tidalphysiotherapy@gmail, by post to the Data Protection Officer, Tidal Physiotherapy, 10 Summerlands Close, Brixham, England.