GDPR Privacy Statement
South Coast Rx Ltd is committed to protecting and respecting your privacy. This Privacy Statement outlines how we collect, use, and protect your personal data in compliance with the General Data Protection Regulation (GDPR).
1. Data Controller
The data controller responsible for your personal data is South Coast Rx Ltd, located at the Ravelin Sports Centre, Cambridge Road, Portsmouth PO1 2SE. If you have any questions regarding this privacy policy, please contact us at info@SouthCoastRxPhysiotherapy.co.uk
2. Personal Data We Collect
We may collect and process the following types of personal data:
Identity Data: Name, date of birth, gender, and other identifiers.
Contact Data: Address, email address, phone number.
Health Data: Medical history, treatment records, anthropometric data and other health-related information necessary for providing physiotherapy and sports therapy services.
Financial Data: Payment details, insurance information, and billing data where indicated.
Usage Data: Information on how you use our website, services, and products.
Why do we need it?
We need this personal data about you for the purpose of assessment, treatment and provision of other healthcare and performance related services. If you do not provide this information, then it may affect whether you are appropriate to engage with our services. We will not collect any personal data from you that we do not need.
3. How We Use Your Data
We use your personal data for the following purposes:
To provide healthcare services tailored to your individual needs.
To communicate with you regarding appointments, treatment plans, and other relevant information.
To manage billing and payment processing.
To comply with legal obligations and professional standards.
To improve our services and the overall patient experience.
4. Legal Basis for Processing
We process your personal data based on the following legal grounds:
Consent: Where you have provided explicit consent for the processing of your personal data.
Contractual Necessity: Where the processing is necessary for the performance of a contract with you.
Legal Obligations: Where we are required to process your data to comply with legal or regulatory obligations.
Legitimate Interests: Where the processing is necessary for our legitimate interests, provided that your rights and freedoms are not overridden.
5. Data Sharing
We do not share your personal data with third parties except in the following circumstances:
With healthcare professionals involved in your treatment.
Other key stakeholders regarding your care such as employers or teachers.
With insurance companies for billing purposes.
With regulatory bodies if required by law.
With service providers who assist us in running our business, such as IT support and billing services.
All third parties with whom we share your data are required to comply with GDPR and to safeguard your personal information.
6. Data Retention
We will retain your personal data for as long as necessary to fulfill the purposes outlined in this Privacy Statement, unless a longer retention period is required or permitted by law. Health records will be retained for 7 years in-line with the standards of practice outlined by the Chartered Society of Physiotherapy and Health & Care Professions Council.
7. Your Rights
Under the GDPR, you have the following rights regarding your personal data:
Right to Access: You can request a copy of the personal data we hold about you.
Right to Rectification: You can ask us to correct any inaccuracies in your personal data.
Right to Erasure: You can request that we delete your personal data under certain conditions.
Right to Restrict Processing: You can ask us to limit the processing of your personal data in certain circumstances.
Right to Data Portability: You can request that we transfer your personal data to another organisation.
Right to Object: You can object to the processing of your personal data in certain