At ” Corporate On-Site therapies”, we believe that the protection of our clients’/patients’ data is fundamental.
We do update this policy from time to time, so please review this Policy regularly.
For the purpose of the Data Protection Act 1998 and the General Data Protection Regulation (GDPR) of 2018, our data controller is “Corporate On-Site Therapies”. Both co-principals of Corporate Onsite Therapies are data-controller contact points for you, at email@example.com.
Information collectED WHEN YOU VISIT OUR WEBSITE
When you visit our website, we do not collect any information of any kind, including statistical data about you. We also do not install cookies on your device.
Information we collect FROM OUr CORPORATE CLIENTS
As we provide an on-site service to your company, we only handle the following information from you:
1) your first name and surname,
2) your age at the time of the first session
Please note that your personal address, email, phone number and GP’s address are purposefully not recorded as this information is already stored by your company.
Health Data is collected either in the form of a health screening questionnaire (Personal Training, Pilates, massage) and/or a case history and treatment follow up log (osteopathy, acupuncture).
The fitness program, lifestyle data
Fitness instructors may also hold a fitness program and/or a lifestyle questionnaire.
Processing Purpose OF ON-SITE DATA
The processing of your health data through a case history is necessary for the purpose of treatment, as deemed mandatory by the regulations and “code of conduct” of official national registrating bodies.
The processing of your health data through a health screening form is necessary for the purpose of training within an environment supporting a high standard of quality and safety.
This processing is carried out under the responsibility of a qualified professional subject to the obligation of professional secrecy as established by the code of conduct of his/her profession.
The professional who collects your data is a contractor to us, who is bound by a detailed contract with us.
Your data is not communicated to any other third party (including the corporate customer and his employees) or reused for any other reason than to offer a safe and legal fitness/therapeutic service.
Storing your personal data
Your health data is stored on paper only, at the premises of your company. Only the Corporate On-Site Therapies contractor team and the company´s security team have access to the storage site. The corporate customer is responsible for insuring the security of the storage site within its premises.
Data such as lifestyle questionnaires and fitness programs can be stored electronically by the contracting practitioners on their own devices, but without your name and surname. Instead, it is stored with a keyword allowing the practitioner to match the record with your Identity.
When you email us for information or for any other purpose, the transmission of information via the Internet is not completely secure, and therefore we cannot guarantee the security of data sent to us electronically and transmission of such data is therefore entirely at your own risk.
For instance, medical reports should not be sent by email to anyone in our team of contractors.
How long your personal data will be stored for
Your data records will be erased after 8 years according to the UK legislation in place for retaining health records..
Right to access, rectification or erasure of your personal data
Under the GDPR 2018, you are entitled to the following:
1. Right to access to your personal data, the reason why they are processed, the categories of personal data concerned, the recipients of your personal data.
Please note that any demand for access may be subject to payment of a fee.
2. Right to rectification which is the right to obtain without undue delay the rectification of inaccurate personal data that concerns you.
3. Right to erasure ( “right to be forgotten” ) which is the right to obtain the erasure of personal data that concerns you, where certain conditions under the GDPR are met.
4. Right to restriction of processing which is the right to obtain from RMP restriction of processing where certain conditions are met.
5. Right to data portability which is the right to receive the personal data that concerns you, in a structured, commonly used and machine-readable format and have the right to transmit this data to another controller.
6. You have the right to withdraw your consent for processing of your data where such was given without this to affect the lawfulness of processing based on consent before its withdrawal.
7. You have the right to lodge a complaint related to collection or the processing of your personal data with the relevant supervisory authority.