Privacy Notice for the Hampshire Wellbeing Clinic
Version 1. Published 27th July 2018.
The purpose of this privacy notice is to inform you on how your personal data is used by us here at The Ageas Bowl when you receive physiotherapy treatments at the Hampshire Wellbeing Clinic.
Who collects my personal data?
Hampshire Wellbeing Centre
When you become a client of the Hampshire Wellbeing Centre, then you will complete a registration form. The Hampshire Wellbeing Centre has defined what personal data is captured during the registration process and how it gets used.
The Hampshire Wellbeing Clinic is a part of Elite International Sports Academy Ltd, which is in turn a part of The Ageas Bowl (legal entity: RB Sports & Leisure Ltd).
Therefore, under the definitions of the current Data Protection Laws*, The Ageas Bowl are the Data Controller.
You should only contact The Ageas Bowl for any queries or concerns relating to this privacy notice.
* Data Protection Act 2018 (UK-only) and the General Data Protection Regulation (or GDPR, EU-wide)
What personal information do you collect and why?
Your basic personal information, contact details, insurance details and medical history
- Your basic personal information (title, name, date of birth, occupation, gender and age), in order to:
- Provide the required clinical service
- Identify if you are a child, and that parental consent has been provided via the registration form if so
- Take payment for self-funded clients
- Your home address in order to administer your customer account and send postal communications about the service where applicable
- Optionally, your email address in order to email you news & special offers from Hampshire Wellbeing Clinic or The Ageas Bowl (more details below)
- Your mobile number in order to call you about appointments and send you SMS reminders (via a third party service, MessageBird)
- Your GP's details and presenting medical/physical problem, in order to provide the required physiotherapy service and to obtain your medical history if required
- Your insurance policy details (insurer name, policy holder's name, membership number and authorisation number), in order to receive payments for clients who are not self-funded
- Emergency contact details, in order to:
- Inform someone close to you in the event of a medical emergency
- Comply with safeguarding laws when treating children
The lawful basis for processing this personal information is contractual, according to the terms and conditions within the registration form once signed. There are two exceptions to this for marketing purposes:
- Any physio-related marketing will be conducted under the lawful basis of 'legitmate interest' for customers who have had an appointment with the last 8 years
- You will only receive marketing relating to other goods and services provided here at The Ageas Bowl, like for cricket matches and the restaurant, if you have provided opt-in consent for this purpose
- If you are referred to us via your GP or consultant, then your medicial history may need to be shared with us, in order for us to provide the correct treatment(s)
- Once treatment is complete, then any new medical history records will be communicate back to your GP or consultant via an 'End of Treatment' letter
- All transfers of your confidential medical records to and from your GP or consultant are conducted via post
- We may also need to collect your medical history directly from yourself
- In all scenarios, we collect and use your medical history under the lawful basis of legitimate interest
Do you collect child data?
Yes, with parental consent.
We will collect an additional signature from a parent or legal guardian for our clients who are under the age of 18 during the registration process. This signature is proof that parental consent has been provided for their child's personal data to be processed by Hampshire Wellbeing Centre, for the purposes describe above.
The exception here is that child data will not be used for any marketing purposes in any circumstance.
Where is my personal data stored?
In the EU only (unless you were previously a Cura Healthcare customer)
- Your registration form and any medical records will be kept securely onsite by us
- The MessageBird SMS server is based in the EU
- If you were previously a Cura Healthcare client, then:
- Your information is stored digitally in different system, Rushcliff PPS
Is my personal data shared with any other third parties?
Yes, with our marketing agency - but only if you opt-in.
- For new clients that have consented to receive marketing from The Ageas Bowl, your personal information will be sent securely (via a SFTP folder) to our marketing agency, to be included within The Ageas Bowl marketing database that they manage. This database is stored within the UK
- Our marketing agency are purely acting as a Data Processor, for specific marketing purposes defined by us here at The Ageas Bowl (as the Data Controller)
- Our marketing agency do utilise 3rd party systems and suppliers to fulfil their services for The Ageas Bowl. But they won’t pass your personal information onto third parties for any other purpose and your personal data will never leave the EU
- If you have opted into receiving marketing from The Ageas Bowl, then we may email you special offers on a club sponsor’s or partner’s behalf - but we never actually share your personal information with them.
How long do you keep my personal information for?
For 8 years after your last appointment.
- As a health provider, we are legally obliged required to preserve your information for 8 years
- After this time has elapsed, any paper or digital records held by the Hampshire Wellbeing Centre that contain your personal information will be erased
- If you have opted-in to receive marketing from The Ageas Bowl, then your personal data may stay on the active marketing database for longer than 8 years, until you opt-out
How can I get in touch regarding this privacy notice?