Active Solutions Ascot Logo
Book Online

PRIVACY POLICY

Privacy Policy – Active Solutions (Sports Physios Ltd.)

1 Introduction

Sports Physios Ltd. (trading as Active Solutions) is committed to protecting and respecting your privacy. Throughout this notice “we”, “us” and “our” refer to Sports Physios Ltd., registered at 6 Crossways, London Road, Ascot, Berkshire SL5 0PL (registered in England number 4288558). We appreciate that personal data is entrusted to us and recognise the importance of protecting and respecting your privacy. We comply fully with applicable UK data protection laws, including the UK GDPR and Data Protection Act 2018, and with applicable clinical confidentiality guidelines issued by the General Medical Council (GMC) and the Nursing and Midwifery Council (NMC). This notice explains how we collect, use, store and disclose personal data, the lawful bases we rely on, how long we keep data, and your rights. By providing your personal data or using our services, website or digital platforms, you accept the practices described here.

2 What personal data we collect

Personal data means information that identifies you as an individual or could do so. We collect:

  • Identity and contact data: name, postal address, phone numbers, email address, date of birth and (if applicable) next of kin details.
  • Medical and treatment data: notes and reports about your health, medical history, current and previous treatment and care, clinic and hospital visits, medications administered, body site of injury or pain, clinical assessment notes and social history such as occupation. We may also gather patient feedback and treatment outcomes.
  • Referral and correspondence data: details of referrals, quotes, authorisation codes, complaints and incidents, and records of contact and correspondence.
  • Payment data: financial or credit card information when you make a payment.
  • Survey and feedback data: information provided when completing customer surveys or competitions or when you provide feedback.
  • Website and technical data: when you visit our websites, we automatically collect technical information (IP address, browser type, plug in types, time zone, operating system, platform) and information about your visit (pages visited, response times, download errors, length of visits, interaction information). We collect cookie data – see section 18.
  • Recordings: calls to or from us may be recorded for training and quality purposes. Many premises use CCTV for security and health and safety; images are retained for 30 days.
  • Third party data: we may receive personal data from your GP, NHS, insurers or employers for continuity of care (see section 17). We may receive data from business partners, advertising networks and analytics providers.

Special category data includes information about racial or ethnic origin, religious or philosophical beliefs, genetic or biometric data, sex life or orientation, and details of your physical or mental health. We only collect such data where necessary for your care or as required by law. Where you provide someone else’s personal data (e.g. a next of kin), please ensure they are aware of this notice.

3 When we collect your personal data

We may collect personal data when you:

  • Visit our website or interact with our digital platforms.
  • Enquire about services or treatments.
  • Register as a customer or patient or book an appointment.
  • Complete a form, survey, competition or promotion.
  • Contact us by email, phone or social media.
  • Participate in interactive features on our website.

For training and continual improvement, calls may be monitored or recorded.

4 Booking and assessment data

4.1 Booking your appointment

We collect information to book your physiotherapy assessment. Depending on whether you book via our website, through our booking agents, directly at a clinic, through your insurer, employer or the NHS, we may collect:

  • Standard booking data: name, postal address, phone number, email and date of birth.
  • Additional data: body site of injury or pain, employer or insurer details and policy or referral/authorisation codes, and maximum session number or value allowed under an insurer policy.

4.2 Initial assessment

At your first appointment we confirm your name, date of birth and address and undertake a clinical assessment. This includes details of your present condition, past medical history, social history (such as occupation), previous treatment and the questions necessary to determine the best course of treatment.

4.3 Sources of information

We may receive information:

  • Directly from you.
  • From other health professionals working for or outside Active Solutions.
  • From previous treatments you have received through Active Solutions.
  • From your insurer or employer.
  • From NHS records if the appointment is booked via your GP or if we are working with the NHS to provide you with services.
5 Why we need your information and how we use it.

We collect and process personal data only where it is necessary and lawful. Uses include:

  • Identity verification: verifying who we are speaking to when you contact us.
  • Providing services: booking and confirming appointments, designing treatment plans, monitoring outcomes, providing clinical care and coordinating with other healthcare professionals.
  • Billing and administration: sharing relevant information with the bill payer (insurer, employer or you) to arrange payment, including confirming clinical necessity and treatment outcomes; managing payments and finances.
  • Communication and marketing: contacting you about appointments, services, offers, surveys, competitions or promotions (with appropriate consent where required). We may send service communications such as booking confirmations regardless of marketing preferences.
  • Quality, training and safety: monitoring calls and collecting feedback to improve services; investigating complaints or incidents; ensuring health and safety (including CCTV).
  • Legal, compliance and security: satisfying regulatory requirements, defending legal claims, detecting and preventing fraud or misuse of our websites, and maintaining site security.

We will only process your data for the purposes for which it was collected unless we reasonably consider we need to use it for another compatible purpose. If we need to use your personal data for an unrelated purpose, we will notify you and explain the legal basis.

6 Our lawful basis for processing

We rely on several lawful bases under Article 6 of the UK GDPR when processing personal data:

  • Contractual necessity (Art. 6(1)(b)): processing is necessary to perform a contract with you or to take steps at your request before entering into a contract. Without certain data we may be unable to provide physiotherapy services.
  • Legitimate interests (Art. 6(1)(f)): processing is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override them. Our legitimate interests include providing and managing healthcare services, ensuring safety and quality of care, preventing fraud, maintaining accurate business records, improving our services and communicating with patients. We only rely on legitimate interests after careful consideration and provide an opt out where applicable (see your rights).
  • Legal obligations (Art. 6(1)(c)): processing is necessary to comply with our legal obligations (e.g. record keeping, tax, regulatory requirements).
  • Vital interests (Art. 6(1)(d)): processing may be necessary to protect someone’s life or health (e.g. in medical emergencies).

For special category data, such as health information, we rely on Article 9(2)(h) (necessary for preventive or occupational medicine, medical diagnosis, provision or management of health or social care), Article 9(2)(f) (necessary for the establishment, exercise or defence of legal claims) or your explicit consent, where required. We may also process special category data to comply with employment law or for reasons of substantial public interest.

We may use consent as a basis in limited circumstances (e.g. to share information with a third party where there is no other lawful basis). Where we rely on consent you can withdraw it at any time using the contact details below.

7 Sharing your personal data

We share personal data only when necessary and with appropriate safeguards. Depending on who pays for your treatment and your circumstances, data may be shared with:

  • Healthcare professionals involved in your care: other physiotherapists, GPs, consultants and specialists to ensure continuity of care. We will seek your consent before sharing information unless there is a legal obligation or an emergency.
  • Insurers and employers: if your treatment is funded by an insurer or employer, we share only the minimum information necessary to obtain payment and authorisation. You may need to contact your insurer/employer to understand their privacy practices.
  • NHS: when we provide services on behalf of the NHS, we share relevant data with the NHS body that referred you.
  • Compliance and investigative bodies: our compliance team, senior management or regulatory bodies (e.g. Care Quality Commission (CQC), General Medical Council (GMC), Nursing and Midwifery Council (NMC), Health and Care Professions Council (HCPC), Information Commissioner’s Office (ICO)) may review data in order to investigate concerns, audits or regulatory issues.
  • Business partners and suppliers: service providers such as IT system hosts, call centre providers, billing and debt collection agencies, secure storage and disposal services, marketing providers and transport/delivery companies. All are subject to contractual obligations of confidentiality and compliance with data protection laws.
  • Authorities or third parties: where required by law or court order, or to protect someone’s vital interests, or in connection with the sale or restructuring of our business.

We do not transfer personal data outside the UK or European Economic Area unless safeguards compliant with UK GDPR are in place (for example, adequacy regulations or standard contractual clauses). We will inform you if international transfers occur and describe the safeguards.

8 Billing, authorisation and occupational health

If your treatment is covered by an insurer or employer, we need to provide information about the clinical necessity, cost and outcomes of your treatment so that they can authorise and pay for it. Where an occupational health assessment is requested by your employer, we will share a report with them only after you have seen the report and consented to it being sent.

9 Investigations and complaints

We strive to provide high quality services, but if a concern arises we may need to share data with our compliance team, senior leaders, insurers or regulators to investigate and resolve the issue. We will share only as much information as is necessary. If the concern comes via a third party (e.g. a regulator, solicitor or insurer) we may disclose data to them to defend or investigate a claim.

10 National Data Opt Out and research

Some NHS data may be used for research and planning under the National Data Opt Out. You have the right to opt out of your confidential patient information being used for research or planning in certain circumstances. More details are available at https://digital.nhs.uk/services/national-data-opt-out-programme.

11 How long we keep your personal data

We retain personal data only for as long as necessary. We follow the NHS Records Management Code of Practice. In general:

  • Adult health records: kept for at least eight years after the end of treatment.
  • Children’s health records: kept until the patient’s 25th birthday (or 26th if they were 17 when treatment ended)
  • Complaints and incidents: kept for the time needed to investigate and resolve, and then retained to comply with legal requirements.
  • Call recordings: kept for a limited period for training and monitoring purposes.
  • CCTV: images and videos are retained for 30 days (in line with ICO guidelines).
  • Other data: we keep data while we have a business need (e.g. managing our relationship with you) and for as long as claims could be brought against us, and as required by legal or regulatory obligations.

If we no longer have a valid reason to keep data, it will be securely deleted. You can contact us to request earlier deletion (see Your Rights below).

12 Your rights

Under the UK GDPR and Data Protection Act 2018, you have rights regarding the personal data we hold about you. These include:

  • Access: you can request a copy of your personal data and information about how it is processed (known as a Data Subject Access Request).
  • Rectification: you can ask us to correct inaccurate or incomplete data.
  • Erasure: in some circumstances you can ask us to delete data (“right to be forgotten”), although this does not apply where we have a lawful reason to keep the data.
  • Restriction: you can ask us to restrict how we process your data, for example while its accuracy is being checked.
  • Portability: you can request a copy of data you have provided to us in a structured, commonly used format and have it transferred to another organisation, where technically feasible.
  • Objection: you can object to processing based on legitimate interests or to direct marketing. We will stop processing unless we have compelling legitimate grounds or we need to continue for legal claims.
  • Withdraw consent: where we rely on consent, you can withdraw it at any time.
  • Automated decisions: you have the right to know if decisions are made solely by automated means. Active Solutions does not make automated decisions in relation to physiotherapy.

To exercise these rights please contact our Data Protection Officer (details below). We may need to verify your identity before responding. You also have the right to lodge a complaint with the ICO (0303 123 1113 or https://ico.org.uk).

13 Deleting your account and data

If you wish to delete your Active Solutions account, please email info@activeascot.com.  We will disable your account within 30 days.  We may retain certain data to comply with legal obligations or to resolve disputes.

14 Security and CCTV

We employ technical and organisational measures to safeguard personal data, including secure IT systems and restricted access.  We use CCTV in some locations to ensure the security and safety of staff, patients and visitors.  CCTV images are retained for 30 days and may be shared with law‑enforcement where necessary.

15 Changes to this policy

We may update this notice to reflect changes in our practices or legal requirements.  The latest version will be available on our website.  Please review it regularly.  This policy was last updated in May 2022.

16 Contact

If you have questions about this notice or wish to exercise your rights, please contact:

Data Protection Officer

Active Solutions
6 Crossways, London Road, Ascot, Berkshire SL5 0PL
Email: info@activeascot.com
Telephone: 03001 236 200

If you remain dissatisfied, you can contact the Information Commissioner’s Office (ICO) on 0303 123 1113 or visit https://ico.org.uk.

17 Personal data from third parties

We may receive personal data from your GP or other NHS services when we provide NHS‑commissioned care, or from insurers for patients making a claim requiring medical treatment.  This data may include your name, date of birth, address, contact details and information on the type of procedure or treatment required.  We process this data to provide care, obtain authorisation and comply with legal obligations, and we handle it in accordance with this notice.

18 Website, cookies and similar technologies

We use cookies and similar technologies on our websites to distinguish you from other users, improve site performance and personalise your experience.  Cookies are small text files stored on your device.  We use:

  • Necessary cookies: essential for moving around our website and accessing secure areas.  Without them, services you request cannot be provided.  Consent is not required for these cookies.
  • Analytics cookies: collect information about how visitors use our site (e.g. pages visited, errors).  This data is aggregated and anonymous and helps us improve how the site works.
  • Experience cookies: remember your choices (such as user name, language or region) and provide enhanced, personalised features.  They may also remember changes you make to fonts and text size.
  • Advertising cookies: deliver adverts more relevant to you and limit how often you see ads.  These may be set by advertising networks and used to build a profile of your interests.  We may also use social‑media cookies to target our advertising at users of those platforms.

Most web browsers allow some control of cookies through browser settings.  You can block cookies by activating settings that refuse all or some cookies, but doing so may affect site functionality.  For more information about cookies and how to manage them, see the ICO’s guidance at https://ico.org.uk/for-the-public/online/cookies/.  For specific cookie preferences, please refer to the cookie settings or contact Active Solutions Digital Marketing Team at our main address.

Book Online