This privacy notice explains why Hobbs Rehabilitation collects information about you and how this information may be used.
1. How We Use Your Personal Information
We take your privacy very seriously and will only use your personal information to administer your account and to provide the services you have requested from us.
In order for us to provide you with our website and services we may need to collect personal information about you. We may maintain records about your health, treatment plan and any treatment or care you have received previously that is relevant to your rehabilitation (e.g. Hobbs in-patient, NHS Trust, GP surgery, etc.). These records help us to provide you with the best possible care and to facilitate treatment specifically tailored to your individual needs. The Personal Data we hold may be electronic, on paper or a mixture of both, and we use a combination of working practices and technology to ensure that your information is kept confidential and secure.
Personal Data we may hold about you can include the following information:
- Details about you, i.e. your date of birth, address, telephone number/s, email, diagnosis, emergency contact, etc.
- Any contact we have had with you, i.e. appointments, clinic visits, hydrotherapy, home visits, classes etc.
- Details about your treatment and care – past and present e.g. notes, letters and reports about your health.
- Results from other organisations e.g. orthotics, technical equipment, mobility aids etc.
- Relevant information from other health professionals, legal representatives, case managers, relatives or those who care for you.
- Information to enable us to send, receive and process invoices for services you have received such as via third-party payers e.g. health insurance companies.
Some of this information will be used for research, audit, and/or statistical purposes. Where we do this, we take strict measures to ensure that individuals cannot be identified.
Sometimes your information may be requested by us to be used for our own marketing purposes – we will always gain your consent before releasing any information gathered for this purpose.
To provide our services and website, process your request for information or your request for services, we may use your information in the following ways:
- To respond to requests for information via the “contact us” section
- To register you for attending our conferences and/or training events
- To post training events you wish to be shown on our website
- To send you marketing materials (if you have agreed to this)
- To process your booking for a conference or another event
- To process your payment
- To fulfil any contracts you have entered into with us
- To help us develop the website and make it better for all users
- To administer our website (such as troubleshooting, data analysis, and research)
We want you to use our services and website safely in the knowledge that any personal information you give us is held in accordance with the law.
2. How We Store and Secure Your Information
All personal information you provide to us is stored on our secure servers or on secure servers operated by a third party located in the EEA.
We only hold your personal information for as long as necessary for the purposes for which we collected your information.
When we have no ongoing legitimate business need to process your Personal Data, we securely delete the information or anonymize it or, if this is not possible, securely store your Personal Data and isolate it from any further processing until deletion is possible. We will delete this information at an earlier date if you so request.
If you have chosen to receive marketing communications from us, we will retain information about your marketing preferences. We retain information derived from cookies and other tracking technologies for a reasonable period of time from the date such information was created.
4. Data Protection Regulations
Every member of staff who works for and on our behalf of us has a legal obligation to keep information about you confidential.
We will only ever use or pass on information about you if others involved in your treatment have a genuine need for it and we will ask for consent prior to this.
We will not disclose your information to any third party without your permission unless there are exceptional circumstances i.e. life or death situations or where the law requires information to be passed on.
We comply with obligations under General Data Protection Regulations (GDPR) by keeping personal data up to date; storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
You will be informed if your data needs to be shared and, in most cases, you will be asked for explicit consent for this to happen.
Any external companies that we may share your data with are bound by contractual agreements to ensure your information is kept confidential and secure.
5. Access to Personal Information
You have a right under the Data Protection Act 1998/GDPR 2018 to request access to view or obtain copies of what information we hold about you and to have it amended should it be inaccurate. In order to request this, you need to do the following:
- Your request must be made in writing to us at the practice that is treating you or write to us at the registered address provided above.
- There may be a charge to have a printed copy of the information held about you.
- We are required to respond to you within 20 working days.
- You will need to give adequate information (for example full name, address, date of birth, and details of your request) so your identity can be verified and your records located.
- We are legally obliged to hold your data for 8 years (for adults) and until children reach the age of 21.
6. Changing Your Personal Details
It is important that you tell the person treating you if any of your details such as your name or address have changed or if any of your details such as your date of birth is incorrect in order for this to be amended. You have a responsibility to inform us of any changes so our records are accurate and up to date for you.
7. Removing Your Personal Data
If we have collected and processed your Personal Data with your consent, then you can withdraw your consent at any time. All processing of your personal data will cease once you have withdrawn consent but this will not affect any Personal Data that has already been processed prior to this point.
You can withdraw consent by contacting your treating therapist at Hobbs Rehabilitation or email@example.com.
We will respond to your request to delete your data within a reasonable timeframe and notify you of the action we have taken.
GDPR requires organisations to register a notification with the Information Commissioners Office to describe the purposes for which they process personal and sensitive information. This information is publicly available on the Information Commissioners Office website www.ico.org.uk We are registered with the Information Commissioners Office (ICO). The Data Controller, responsible for keeping your information secure and confidential is Hobbs Rehabilitation.
Should you have any concerns about how your information is managed by us please contact:
Jen Mellows – Operational Lead firstname.lastname@example.org | 01962 779796
If you are still unhappy following a review by us you can then complain to the Information Commissioners Office (ICO).
For more information about privacy, data protection and our terms of business, please visit the following: