Privacy Notice
Tendon Recovery Clinic is the data controller, under data protection law, referred to in this document, as “we”, “our”, or “us”. We have appointed Rocco Profeta to be our representative in the UK. If you have any questions, comments or requests regarding this notice or about how we process your personal information, you can contact our representative by email at info@tendonrecovery.co.uk or by phone at +447908 386395.
Tendon Recovery Clinic LTD
3rd Floor, 86-90 Paul Street
London EC2A 4NE
United Kingdom
What information do we collect?
At Tendon Recovery Clinic, we collect various types of personal data to ensure the efficient provision of our healthcare and rehabilitation services. The data we may collect includes, but is not limited to:
Personal information: This may include your name, address, contact details (email, phone numbers, postal address), date of birth, and health-related information essential for your treatment.
Sensitive information: When necessary, with your consent or as otherwise permitted by applicable law, we may process health data in order to undergo our services in an effective and safe way.
Health insurance details: If you're using health insurance to cover your treatment, we'll collect the relevant policy information for billing purposes.
Payment information: We collect necessary data to process your payment if you make purchases on our website, such as your payment instrument number, and the security code associated with your payment instrument. All payment data is stored by Wix.com and SquareUp You may find their privacy notice link(s) here: https://www.wix.com/about/privacy and here: https://squareup.com/gb/en/legal/general/privacy.
Social Media Login Data: We may provide you with the option to register with us using your existing social media account details. If you choose to register in this way, we will collect the information described in the section called “How do we handle your social logins?”
Automatically collected information: Some information such as your Internet Protocol (IP) address and/or browser and device characteristics is collected when you visit our website. We automatically collect certain information when you visit, use or navigate our website. This information is anonymous and is primarily needed to maintain the security and operation of our services and for our internal analytics and reporting purposes.
How do we collect and process your information?
We process your information to provide, improve and administer our healthcare services and treatments, communicate with you, for security and fraud prevention, and to comply with the law. We may also process your information for other purposes with your consent. We process your information only when we have a valid legal reason to do so.
We collect your data through our patient registration process, health information provided to the practitioner, and on occasion from third-party agents referrals, for example through your insurance, general practitioner or consultant.
What legal bases do we rely on to process your information?
The General Data Protection Regulation (GDPR) and the UK GDPR require us to explain the valid legal bases we rely on in order to process your personal information. As such we may rely on the following legal bases to process your personal information:
Consent: For certain processing activities, such as marketing communications, we may seek your explicit consent. Consent can be taken via verbal, written or in an opt-in format. You have the right to opt-out of these activities at any time.
Performance of a Contract: Processing is necessary for the administration of pre-contract and contractual relationships between Tendon Recovery Clinic and our patients, related to the fulfilment of our healthcare services.
Legitimate Interests: We process personal data with a legitimate interest in providing clinic updates, sharing expert articles, and informing you about upcoming events. This processing is conducted to enhance the quality of patient care.
When and with whom do we share your personal information?
We only share your personal data with third parties when you explicitly consent to such sharing. This consent may apply when we collaborate with other healthcare professionals or interact with insurers.
In exceptional cases, we may process and share information where it is required to comply with the law, such as to cooperate with a law enforcement body or regulatory agency, or with solicitors who may legally request specific information or treatment notes.
Do we use cookies and other tracking technologies?
We may use cookies and other tracking technologies (like web beacons and pixels) to collect and store your information to improve your experience while visiting our website. These cookies are primarily used for analytical purposes to enhance the quality and efficiency of our website.
How do we handle your social logins?
We offer the option for social logins as a convenience for our users using our website. You can choose to log in using your social media accounts, but we ensure that your data and privacy remain protected during this process. We do not access or store any additional personal information beyond what is necessary for your authentication and access to our services. Your privacy and data security are important to us, and we take the necessary measures to safeguard your information.
How long do we keep your information?
In accordance with the Osteopathic Practice Standard D5 (3) we keep patient records for a minimum of eight years after their last consultation. If the patient is under 18 years of age, the records will be kept until they turn 25 years of age. After this, you can request for us to delete your records by contacting us via email or phone. Alternatively we may retain your records indefinitely in order to ensure the best possible care should you need our services in the future.
How do we keep your information safe?
We have implemented appropriate and reasonable technical and organisational security measures designed to protect the security of any personal information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the internet or information storage technology can be guaranteed 100% secure, so we cannot promise or guarantee that hackers, cybercriminals or other unauthorised third parties will not be able to defeat our security and improperly collect, access, steal or modify your information. While we cannot guarantee 100% security, we are committed to maintaining a strong level of data security and continuously reviewing and enhancing our security practices to mitigate potential risks. In the unlikely event of a data breach or loss involving your information, we will inform you without delay, providing details of the breach's nature and the individual responsible for managing the breach. Your privacy and the security of your data are of utmost importance to us, and we work diligently to ensure its protection.
​How do we collect information from minors?
We collect and process personal data from minors in full accordance with applicable laws, with parental or guardian consent where necessary.
What are your privacy rights?
As a patient, you possess several privacy rights, including:
-
The right to be informed
-
The right of access
-
The right of rectification
-
The right of erasure
-
The right to restrict and object to processing
-
The right to data portability
To exercise any of these rights, kindly contact us directly using the provided contact details.
Consent-based processing
For Consent-based processing, you have the right to withdraw consent at any time. You can withdraw your consent by opting out or by contacting us in the contact details provided.
Controls for do-not-track features
Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track (‘DNT’) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage no uniform technology standard for recognising and implementing DNT signals has been finalised. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. IF a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this privacy notice.
Do we make updates to this notice?
We may update this privacy notice from time to time. The updated version will be indicated by an updated ‘Revised’ date and the updated version will be effective as soon as it is accessible. If we make significant changes to this privacy policy, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification.