1. Legal and Privacy Statements

1.1 Corefit Physio Introduction

Privacy matters. Data should only be used when absolutely necessary. This statement includes sections on legislation and law, how data is handled or stored, and who to contact.

1.2 This statement covers the relevant laws relating to data

Please refer to the following portal for GDPR Europe:

https://gdpr-info.eu/

1.3 What data do we collect?

We collect your data by positive opt-in via contact form(s). This can include your name, email and phone number, and other details including address if included. We may also collect your data for the purpose of registration for a newsletter sign-up. Signing up for a newsletter may include a third-party marketing email service like MailChimp or iContact. These companies are covered by their own privacy statements and legislation governing email marketing companies. Any financial information, e.g. a card transaction is encrypted and data is not stored by our website. Corefitphysio commits to ongoing compliance with the PCI DSS (Payment Card Industry Data Security Standard) requirements to best avoid data compromise when payments are made via credit card.

Cliniko provides a secure backend to our website protected by two-factor authentication, advanced encryption and daily back up. Via Cliniko we manage our online diary system, accounts and paperless clinical records. All members of our team accessing Cliniko have received training on compliance with the General Data Protection Regulation and access levels are filtered according to team role.

1.4 How do we use personal information?

Information is only used through the course of usual business so we can contact you to provide a service. Your personal information is not used for any other purpose. If you have subscribed to a newsletter, then your information will be used to provide that service/information. We dislike spam as much as anyone, and will never send you inappropriate communications. You may unsubscribe at any time.

1.5 What legal basis do we have for processing your personal data?

We require your positive consent to receive and process your personal information. We only collect the minimum information to provide the service required and nothing else. You can withdraw and manage your consent for use of your personal information at any time by using the contact information at the bottom of this statement, or via the ‘unsubscribe’ link on any marketing email we send.

1.6 When do we share personal data?

We only share your personal data with designed email marketing companies like MailChimp or iContact. In addition, should this site include e-commerce functionality, then your personal information will be processed in the usual manner through payment providers, e.g. Stripe or similar. We do not share your personal information with any other company or individual.

1.7 How do we secure personal data?

Our computer systems are compliant with all the relevant legislation. We use a reputable UK-based hosting company with the appropriate security measures in place. We also have backups of any data stored securely. Access to data is also secure. The website uses encryption through a security certificate (SSL) so no data is transmitted without encryption.

1.8 How long do we keep your data?

We only keep personal information for the duration of our service to you. If you have subscribed to a newsletter, then will annually review our policy on keeping your information and delete it if it is no longer relevant.

1.9 Your rights in relation to personal data

You have many rights under GDPR EU law. At any time you can ask us what data we hold, request correction or deletion, or request restrictions on its use. Please use the contact information at the bottom of this statement.

2. Cookies and other Data

2.1 Use of cookies and other technologies

All websites use cookies. These are small pieces of information that pose no security risk. Our website may be connected to Google Analytics which uses cookies to analyse how visitors to our site use it. We include the EU cookies directive (pop-up) on our site.

2.2 Using our blog/news section if activated

If the blog/news section of this site is active, then you may be able to comment on posts. This may/may not require you to create an account on the website. To that end, we may collect your basic personal information (name/email/password) so you can participate in discussions. The use of your personal data is restricted to the blog and the website database which is secured at our hosting company.

2.3 Pseudonymisation

At this time GDPR requires pseudonymisation.  Put simply, this means that an identifier (code) is added to sections of personal information that links this information together. The pieces of information are then separated. Without the code, your personal information and identity cannot be linked together.  As stated, we do not at this time collect or store any of your personal information through our websites.

2.4 Our hosting company is as secure as it can be

For all our websites we use a reputable UK hosting company.  The company we use complies with the Data Protection Act 1998 and has numerous measures to prevent the compromise of websites and data.  Our sites are secured in a ‘container’ that includes round-the-clock protection from hackers using their customised WAF (Web Application Firewall). They also maintain up-to-date software and have closed the main routes often used by hackers. All traffic to/from our sites use encryption via https: (SSL – security certification).  No website is 100% secure, but at corefitphysio.com we endeavour to ensure that everything we do online is as secure as it can be.

2.5 Issue with Data (Breaches)

We will report any data breach relating to this website and any of the associated storage. We will report this breach to the appropriate authorities within 72 hours as is the requirement under the GDPR legislation.

2.6 Contact Information

Helen Curzon, the Director of Corefitphysio Ltd, is registered with ICO Data Protection Act and will provide you with any information Corefitphysio Ltd holds on you on your on request. If you have questions or concerns with regard to data or this policy, then please contact:

Helen Curzon
Director, Corefit Physio
t: 01306 898 627
e: westcott@corefitphysio.com