Stepaside Physiotherapy Data Protection Policy
Stepaside Physiotherapy aims to achieve the best possible standards of protection for all the data, including personal data, which it collects and processes. It is committed to compliance with the requirements of the Data Protection Acts and the General Data Protection Regulations of May 2018.
Stepaside Physiotherapy Clinic recognises its responsibilities, and will comply with, all relevant statutory legal requirements. It recognises its obligations to manage and achieve adequate standards of Data Protection on behalf of any patients, employees or others, who provide it with Personal Data.
It recognises its responsibilities in terms of the collection of, storage of, retention of, sharing of, providing access to and the correction of inaccurate information. It recognises the rights of individual patients / data subjects to access to, to correction of, deletion of or portability of their data, and will comply with the GDPR in this regard –or will provide a full explanation where any conflict arises as set out in this policy.
It will carry out a regular audit of the types of personal data which it holds and processes. It will assess the risks associated with the data it processes and will takes the necessary measures to keep it safe and to comply with the legislation. It will provide appropriate instruction, training, information and supervision of any person who may process the data. It will provide for review periodically, in light of experience and changing circumstances in the future, but at least annually.
The legal basis for the processing of data in this clinic is by explicit consent and as a necessary requirement for the pro
vision of physiotherapy / health care, for diagnosing a condition and for the treatment of that condition. The processing may also comply with the legitimate interests of the therapist and the patient.
The purpose of collecting personal data from patients is to use this to arrive at a diagnosis and to inform the treatment plan.
The data may be stored in a variety of means as set out in this policy. All data is kept secure and considered confidential. Data may be shared with patients GP or other referring source, and will only be shared with other third parties with the written consent of the patient as set out in this
The retention period for personal data is normally 7 years (beyond the age of maturity in the case of a child) except in exceptional circumstances.