This privacy notice was last updated on the 25th of May 2018.
We may update this Notice from time to time and you should review it whenever you visit our website or before providing us with any personal data about yourself.
Who we are
We are The Physiotherapist Company Limited trading as Sammy Margo Physiotherapy.
We are based in North & North West London and we are a team of expert chartered physiotherapy clinicians providing first class physiotherapy care and specialist treatments.
For the purpose of the General Data Protection Regulation (Regulation (EU) 2016/679) (“the GDPR”), Sammy Margo Physiotherapy is a data controller in respect of any personal data we collect.
How we collect your personal data
We will only collect and use your personal data where we have legitimate business reasons to do so. We may obtain personal data from you to provide you a service when you contact us or visit our practices or when you get in touch with us via our website. This includes personal data provided to us when you register with us to receive our services or when you enter a competition or promotion.
We also collect your data when you contact us about employment with Sammy Margo Physiotherapy, when you provide our staff with business cards or contact details, if you deal with us when we are providing services to one of our clients, when we receive referrals from other employees, clients or suppliers, when you deal with us in order to provide us with goods or services, when staff give us your details as an emergency contact or when potential employees give us your details as a referee.
We may also collect your data when we search websites where you have posted your data to be found in relation to business opportunities. We will of course let you know at the earliest opportunity when we have gathered your data in this manner.
The personal data we collect
We collect personal data in order to provide the best possible service we can or to maintain good business and client relationships. We only collect the data we need and we will ensure we have appropriate physical and technological security measures to protect your personal data.
For clients using our services or suppliers whose services we use, depending on the relevant circumstances, we may collect some or all of the following information: name, title, email address, postal address, telephone numbers and other contact numbers, bank details, health information and health insurance information. We may also collect data from medical professionals where you have given us permission to do so.
What we use your information for
Sammy Margo Physiotherapy collects and processes your personal data for legitimate Business purposes including diagnosing and administering treatment, internal record-keeping, processing financial transactions, processing instructions from clients, in connection with legal, financial and dispute management, for compliance with legal, regulatory and tax reporting obligations and releasing your personal information to regulatory or law enforcement agencies, if they require us to do so by law for the prevention, detection and investigation of crimes. We may also use your data to market our related products and services directly to you and advise you of any updates to our services; where we do so you will be able to unsubscribe at any time from receiving any further communications from us.
We may use your personal data where we deem it to be necessary for our legitimate interests or for mutually beneficial legitimate interests. These legitimate interests are explained a little further down this notice.
Sharing your personal data
Where appropriate and in accordance with local laws and regulatory obligations, we may share some of your personal data with other medical professionals, third party service providers who perform functions on our behalf including external consultants, business associates and professional advisers such as lawyers, auditors and accountants, debt collectors, technical support consultants.
If Sammy Margo Physiotherapy acquires, merges with or is acquired by another business or company in the future, (or is in meaningful discussions about such a possibility) we may share your personal data with the other business or company, subject to appropriate assurances as to the protection of your data privacy.
You have individual rights under the GDPR. You can exercise any of these rights by contacting us using our contact details at the end of this notice or by any other means. Your rights are listed and explained below. You have the right to:
be informed of what we do with your data;
ask us to share what information we hold about you;
update your data if you think it’s incorrect or insufficient;
have your personal data deleted (right to be forgotten);
ask us to stop processing your data - where consent has been given you can withdraw that consent at any time by contacting us using the details at the bottom of this notice;
have the personal data you have given us transferred to another company;
object to us processing your personal data where we do so under legitimate interests;
ask us to explain and to ask us to stopa decision made by automated means without any human involvement) (where we classify you into different groups or sectors, using algorithms and machine-learning to identify links between different behaviours and characteristics to create profiles for individuals).
Transfer of data outside the EU
Normally your data will not be transferred to a country or territory outside the EEA unless that country or territory ensures an adequate level of protection or the appropriate safeguards are in place for your rights and freedoms.
It is our policy only to keep records of your personal data for as long as required under the legal obligations of delivering a service to you, or as required by relevant authorities or other legislation, whichever requirement is longer, after which it will be deleted or destroyed.
If you are a client or a supplier we may, for regulatory reasons or to settle a dispute, keep your data for six years after the end of the engagement with us.
If you have contacted us via our website or sent us an email and we do not engage in a professional relationship with you, we will destroy your data after two years or sooner.
If you send us your CV we may keep it for a period of one year.
The GDPR states (in Article 6(1)(f)) that we can process your data where it is necessary for the purposes of the legitimate interests pursued by us except where such interests are overridden by your interests or fundamental rights or freedoms. Sammy Margo Physiotherapy think it's reasonable to expect that if we have had a professional relationship with you or you have contacted us about a job or we have been given your name as an emergency contact or as a referee, you are happy for us to use your personal data to contact you for a relevant reason. If you don’t want any further contact with us you can ask us to stop by contacting us using the details at the end of this Privacy Notice.
Cookies are small text files that are created on your device when you visit our website and we may read these text files to understand more about your on-line interaction with us. We do not store any personal data in our cookies. We use a third party service, Google Analytics, to collect this information and it is only processed in a way which does not identify you. You can use manage cookies via your browser settings or with a plugin for your browser, available here.
We are committed to ensuring that your information is protected. In order to prevent unauthorised access or disclosure, we have put in place technical and organisational measures to safeguard the information we collect. Our servers are secured in our offices or in highly secure locations within the EEA.
Links to other websites and social media
Our website contains links to other websites we think may be of interest. We do not have any control over other websites. You should read their Privacy Notice or other such statements to understand how they will collect and process your data.
To exercise any of your rights or if you have any queries or complaints please contact us using the details in our Contacts web page available here or by emailing us at firstname.lastname@example.org or calling us on +44 (0)207 435 4910.
If you wish to make a complaint about how we process your data you can contact your local supervisory authority. If you are in the UK your local Supervisory Authority is the Information Commissioners Office (ICO) and their contact details are available on their website at https://ico.org.uk/global/contact-us.
Supervisory Authorities for other countries can be found on the European Commissioners website at https://ec.europa.eu/info/index_en