01534 733913

Privacy Policy

This privacy policy sets out how Physio.je uses and protects any information that you give Physio.je when you visit or use their website or their services.
Physio.je is committed to protecting your privacy. We will only use the information that we collect about you lawfully, in accordance with the Data Protection (Jersey) Law 2018. We are compliant with General Data Protection Regulations (GDPR) 2018 and we are registered and compliant with ICO (information Commissioner’s Office) and the Jersey Office of the Information Commissioner (JOIC). Physio.je is a data controller. This means we decide how your personal data is processed and for what purposes. Any staff /associates /contractors that are based at Physio.je are Data Processors. Our contact details are: Physio.je Indigo House, 2-8 Oxford Rd, St Helier, Jersey, JE1 4HB. If you have any queries, disputes or requests regarding your data please contact our Data Protection Officer, Alexandra Frankham at admin@physio.je or contact the clinic on 01534 733913. Physio.je may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy was last reviewed in January 2025.

GDPR- Data collection and processing

Booking an appointment

We may have already received a medical referral letter from your GP or Consultant. These letters or any other communications are sent to us via the postal service or via email. This information is securely stored until we have had contact with you via phone or email. When you are contacted to book and appointment, or you contact us, we input this information and upload any paper or electronic information we have received pertaining to you, to Cliniko, which is fully GDPR compliant. Any paper copies of data stored on Cliniko are then destroyed securely. You may also choose to book your own appointment via our online diary system on Cliniko. You are required at this point to enter your full name, DOB, address, email and contact telephone number. A member of staff will use these details to confirm the appointment with you.

The lawful basis and legitimate reasons for processing- Your first appointment

At the time of your first appointment or upon booking your appointment, you will be asked to complete a registration form which asks for further detailed information such as your date of birth, address, GP, further contact numbers and any other relevant information pertaining to the physiotherapy service we provide. The therapist you see will then undertake a medical history and assessment as part of your initial appointment. This is a legal requirement and is classed as sensitive data and we therefore have a lawful obligation to process and retain this information in accordance with Article 6 of the GDPR guidelines. All this information is secured stored either in paper format before being transferred to our online system for storage and updates (Cliniko). Any duplicate paper records are then securely destroyed. As therapists we are required by law and our own professional standards to retain these details for at least 8 years (following your last visit to the clinic). If you are pregnant we are legally obliged to retain these records for 25 years. All clients details from 2015 onwards are stored on Cliniko. Prior to this all notes and diaries are stored in a locked filing cabinet and only accessed by appropriate admin / clinical staff. The length of time we securely hold information for is different if clients are under 16 years when they first visited. If you have been referred to us by a third party, such as insurance company, employer, solicitor we will be sent additional information about you at the point of referral. This information is stored and accessed safely and held appropriately along with your medical records.
We may be required to send information back to your referrer. This will only be done with your verbal consent and will be fully compliant with the GDPR guidelines. The referring company will also have their own GDPR privacy policy including the safe transference of information.

Security

We are committed to ensuring that your information is secure. To prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online. Your data will be stored either in a lockable secure cabinet accessible only by your therapist or relevant administration staff or in a secure online cloud based software program called Cliniko and some basic, non-sensitive, data will be stored in Xero (for accounting purposes only). If you or your associated medical team contact us through the medium of email then some of your data may be periodically stored on Office 365 cloud based software. These companies comply with Jersey, UK and EU GDPR. Further information on their respective privacy policies and use of data can be found on their websites.
For more information about Cliniko, please read their Privacy Notice at: https://www.cliniko.com/policies/privacy
For more information about Xero, please read their Privacy Notice at: https://www.xero.com/uk/about/terms/privacy/
For more information about Microsoft Office 365 read their Privacy Notice at: https://privacy.microsoft.com/en-GB/privacystatement

Paying by card

If you pay for a treatment in person by credit or debit card, you will only be required to check the amount to be processed, put your card in the machine and enter your PIN information / or pay by contactless. You will be given your copy of the receipt immediately and again our copy is stored securely as mentioned above. Should you wish to use contactless we will still give you the option should you like a copy of your receipt. We retain our copy (again in a locked drawer). This copy is then held for at least 18 months and is kept securely before being destroyed.

Legal rights

Right of access (Article 15)

Individuals have a right to access their personal information/ data. This is referred to as subject access. This request can be done in writing, but it must be accompanied by proof of identification. We will respond to the request within 1 month and we do not have a right to charge you. However, where the request is manifestly unfounded or excessive we may charge a “reasonable fee” for the administrative costs of complying with the request. We can also charge a reasonable fee if an individual requests further copies of their data following a request, based on the administrative costs of providing further copies. Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:

Other legal rights

  • The right to request that we correct any personal data if it is found to be inaccurate or out of date; We can’t amend any medical information we hold about you once it has been written, but we can write an additional entry that is logged at the end of your medical records of any requests to amend information. We can amend any contact details that are no longer correct
  • The right to request your personal data is erased where it is no longer necessary to retain such data; In this instance this can only be done with your marketing information, as we have a legal obligation to retain your sensitive data for a specific time frame (listed above).
  • The right to withdraw your consent to the processing at any time. We would still need to store the information and data collected up to this point for the legally binding period.
  • The right to request that we provide you with your personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), (where applicable i.e. where the processing is based on consent or is necessary for the performance of a contract with the data subject and where the data controller processes the data by automated means);
  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing.
  • The right to object to the processing of personal data, (where applicable i.e. where processing is based on legitimate interests (or the performance of a task in the public interest/exercise of official authority); direct marketing and processing for the purposes of scientific/historical research and statistics).

Security breaches

All of our staff and associates have been trained in Data processing and have specific instructions on how to handle and process data. Should we feel any data has been breached or mishandled or a data breach is reported to us, we have strict policies in place to ensure a suitable and timely response plan. These will be dealt with by the Data Controller, Alexandra Frankham, this includes notifying the JOIC of a breach where relevant as well as the individual (s). All breaches are documented accordingly.

Code of conduct

Our team of Physiotherapists are registered with the Health and Care Professions Council (HCPC), The Chartered Society of Physiotherapy (CSP) and where applicable The Acupuncture Association of Chartered Physiotherapists (AACP). We abide by all professional standards of care, code of conduct and data protection. Physiotherapy / Physiotherapist is a protected title.

Cookie/Tracking Technology

Our website, www.physio.je heirin called ‘The Site’ may use cookies and tracking technology depending on the features offered. Cookie and tracking technology are useful for gathering information such as browser type and operating system, tracking the number of visitors to The Site, and understanding how visitors use The Site. Cookies can also help customise The Site for visitors. Personal information cannot be collected via cookies and other tracking technology, however, if you previously provided personally identifiable information, cookies may be tied to such information. Aggregate cookie and tracking information may be shared with third parties. You may wish to disable cookies in your browser by following the instructions on your web browser directly.

Third party links outside of our control

The Site may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, The Site, we encourage you to read the privacy notice of every website you visit.

Distribution of information

We may share information with governmental agencies or other companies assisting us in fraud prevention or investigation. We may do so when: (1) permitted or required by law; or, (2) trying to protect against or prevent actual or potential fraud or unauthorised transactions; or, (3) investigating fraud which has already taken. The information is not provided to these companies for marketing purposes.