Privacy Policy

Arca Physiotherapy are committed to protecting your privacy. We will only use the information that we collect about you lawfully (in accordance with the Data Protection Act 1998) and according to the Which? web trader code of conduct. We are registered and compliant with the Information Commissioner’s Office (ICO).

Throughout the course of your treatment at Arca Physiotherapy we will need to hold some of your personal information, for example, contact details for appointment purposes. We also need to store clinical notes as a basic requirement of our clinical professional standards. This information is held on our online system, Cliniko. 

At times, Arca Physiotherapy will need to share your contact details or clinical records with a third-party contractor who provides physiotherapy services through Arca Physiotherapy, in order to allow them to provide their services to you. We will not share your details or records without your implied or express permission. Any third-party contractor acting as a physiotherapist providing services on behalf of Arca is bound by our privacy policy, as well as their professional obligations.

Outside of this exception, we will not share your contact details or clinical records unless you have given your expressed written consent.


We are fully compliant with the GDPR guidelines which were introduced on 25th May 2018.

Arca Physiotherapy is a data controller. This means we decide how your personal data is processed and for what purposes. Our contact details are: Arca Physiotherapy, Unit 20-21 Clonmel Business Park, Clonmel Road, Stirchley, Birmingham, B30 2BU.

For all data matters contact the data protection officer Gemma by email on info@arcaphysiotherapy.co.uk.

This includes any disputes or requests you may have about your data.

If this does not resolve your complaint to your satisfaction, you have the right to lodge a complaint with the Information Commissioners Office on 03031231113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, England, UK.


GDPR- Data collection and processing 

Booking an appointment

We collect information such as your name, telephone number, email, and date of birth at the time of you booking your appointment. Your details are stored at this stage on Cliniko, which is also fully GDPR compliant.  

You may also choose to book your own appointment via our online diary system on Cliniko. You are required at this point to enter your full name, DOB, address, email and contact telephone number.

Users contacting us through the website www.arcaphysiotherapy.co.uk do so at their own discretion and provide personal details at their own risk. Your personal information is kept private and stored securely until it is no longer required or has no use.

The lawful basis and legitimate reasons for processing - Your first appointment

At the time of your first appointment, you will be asked to complete a registration form which asks for further detailed information such as your DOB, address, GP and further contact numbers, alongside written consent to assessment & treatment. This information is in paper format & is stored securely until it is transferred onto Cliniko. Once this is transferred all these paper records are then securely destroyed. 

During your first appointment the physiotherapist will delve into your medical history. This is a legal requirement and is classed as sensitive data and we therefore have a lawful obligation to process and retain this information in accordance with Article 6 of the GDPR guidelines. 


This information is stored in our online system, Cliniko. As physiotherapists, we are required by law and our own professional standards to retain these details for at least 8 years (following your last visit to the clinic).

If you have been referred to us by a third party, such as insurance company, employer or solicitor, we will be sent additional information about you at the point of referral. Again, this information is stored and accessed safely and held appropriately along with your medical records. We may be required to send information back to your referrer. This will only be done with your consent and will be fully compliant with the GDPR guidelines. The referral company will also have their own GDPR privacy policy including the safe transference of information.

If you require receipts for treatment, for example, to claim back money through insurance companies, this will only be done when specifically requested by yourself & will only contain your name, dates of treatment & cost of treatment that is paid. 

GDPR- Marketing

If you are an existing client, we will have asked you to fill in a registration form. Part of this form contains a tick box with regards to you consenting to receive marketing information, news and offers from us via email. If you did tick the box and therefore consent, we will have added you to our marketing list, which is held on Mailchimp. 

 Mailchimp is a 3rd party and has its own GDPR privacy policy. We send out occasional emails via Mailchimp to inform clients (that have consented/signed up) of news and any offers/discounts. Any newsletters always contain an unsubscribe button should you wish to do this at any point and stop receiving information. 

You can also unsubscribe by emailing us at info@arcaphysiotherapy.co.uk. We will remove you from the mailing list at this point, though you will remain on our customer list for the allocated amount of time as previously stated above. 

If you unsubscribe from the mailing list, you will still receive email communications from us regarding appointments e.g., appointment reminders. If you do not wish to receive email reminders, please inform us by contacting us at info@arcaphysiotherapy.co.uk. 

From time to time, it may be necessary to contact you via email regarding your appointment, for example, if we cannot reach you on your contact number regarding any changes to your appointment. Again, if you do not wish for us to contact you in this way, please inform us on info@arcaphysiotherapy.co.uk. 

Any information collected with consent by us will only be used to send further offers or promotional items to you by Arca Physiotherapy solely, or for other legitimate purposes as previously stated in this privacy policy. Only authorised employees and contractors providing services to Arca Physiotherapy have access to this information. At all times, employees and contractors are bound by their professional obligations, and Arca’s privacy policy.

Legal rights

Right of access (Article 15)

Individuals have a right to access their personal information/data. This is referred to as subject access. This request can be done in writing and must be accompanied by proof of identification. We will respond to the request within one month and we do not have a right to charge you.

However, where the request is manifestly unfounded or excessive, we may charge a “reasonable fee” for the administrative costs of complying with the request.

We can also charge a reasonable fee where an individual requests further copies of their data following a request, based on the administrative costs of providing further copies.

Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:


Other legal right

    •    The right to request that we correct any personal data if it is found to be inaccurate or out of date; we can’t amend any medical information we hold about you once it has been written, but we can write an additional entry that is logged at the end of your medical records of any requests to amend information. We can of course amend any contact details that are no longer correct.

    •    The right to request your personal data is erased when it is no longer necessary to retain such data; in this instance this can only be done with your marketing information, as we have a legal obligation to retain your sensitive data for a specific time frame (listed above). 

    •    The right to withdraw your consent to the processing at any time. We would still need to store the information and data collected up to this point. 

    •    The right to request that we provide you with your personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), (where applicable i.e. where the processing is based on consent or is necessary for the performance of a contract with the data subject and where the data controller processes the data by automated means);

    •    The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;

    •    The right to object to the processing of personal data, (where applicable i.e. where processing is based on legitimate interests (or the performance of a task in the public interest/exercise of official authority); direct marketing and processing for the purposes of scientific/historical research and statistics).

Data Breaches

All of our staff have been trained in Data processing and have specific instructions on how to handle and process data. Should we feel any data has been breached or mishandled or a data breach is reported to us, we have strict policies in place to ensure a suitable and timely response plan. These will be dealt with by the Data Controller, and this includes notifying the ICO of a breach where relevant as well as the individual. All breaches are documented accordingly. 

Code of conduct

The Physiotherapist is registered with the Health and Care Professions Council (HCPC), The Chartered Society of Physiotherapy (CSP) and The Acupuncture Association of Chartered Physiotherapists (AACP). We abide by all professional standards of care, code of conduct and data protection. 

Cookie/Tracking Technology

The Site may use cookie and tracking technology depending on the features offered. Cookie and tracking technology are useful for gathering information such as browser type and operating system, tracking the number of visitors to the Site, and understanding how visitors use the Site. Cookies can also help customise the Site for visitors. Personal information cannot be collected via cookies and other tracking technology, however, if you previously provided personally identifiable information, cookies may be tied to such information. Aggregate cookie and tracking information may be shared with third parties. You may wish to disable cookies in your browser by following the instructions on your web browser directly.

 

Third party links outside of our control

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements.

When you leave our website, we encourage you to read the privacy notice of every website you visit.

Distribution of Information 

We may share information with governmental agencies or other companies assisting us in fraud prevention or investigation. We may do so when: (1) permitted or required by law; or, (2) trying to protect against or prevent actual or potential fraud or unauthorised transactions; or, (3) investigating fraud which has already taken place. The information is not provided to these companies for marketing purposes.

Updates to Privacy Policy

We may update this policy from time to time so please regularly review these policies to be informed of how we are protecting your personal data.