This Privacy Notice tells you what to expect when Edge Physio collects your personal data.
We are committed to compliance with data protection legislation, as well as your rights to
confidentiality and respect for privacy. The Company will ensure that it keeps your personal data accurate and secure to provide you with efficient services.
We will only use the data it holds about you in accordance with the law. We will also only collect
the minimum data necessary, and when it no longer has a need to keep your data, it will be
disposed of in a secure manner.
Edge Physio will ensure we respect your rights and comply with the law. If you have any
concerns about how we look after your personal data please contact Scott Baxter at
firstname.lastname@example.org by calling 07894542953
Do you know what personal data is?
Personal data is any information that relates to an identifiable living individual directly or
indirectly. This includes data that when combined with other data can then identify a person. For example, your name and contact details.
Do you know that some of your personal data is considered as ‘special’?
Some data is considered to be special and needs more protection and safeguards due to its
sensitivity. It is often data that is very personal to you, that you wouldn’t expect or want to be
widely known. This will include anything that can reveal your:
• Sexuality or sexual health
• Religious or philosophical beliefs
• Physical or mental health
• Trade union membership
• Political opinion
• Genetic or biometric data
• Criminal history
Why do we need your personal data?
We may need to use some information about you to:
• Deliver physio services and support to you
• Manage those services we provide to you
• Train and manage our employees who provide those services
• Investigate any complaints or concerns you have about our services
• Keep track of our spending
• Monitor the quality of our services
• Research and plan for new services or changes to current services
When processing your personal data we must have legal reason to do so. Generally we collect and use your personal data where:
• You, or your legal representative, have given consent
• You have entered into a contract or are taking steps to enter into a contract with us
• It is necessary to perform our statutory duties
• It is necessary to protect someone in an emergency
• It is required by law
• It is necessary for employment purposes
• It is necessary to deliver health or social care services
• It is necessary for legal cases
• It is in the public interest and to the benefit of society as a whole
• It is necessary to protect public health
• It is necessary for historic, research or statistical purposes
At the time of collecting your data, Edge Physio will inform you:-
• Why and how we will be processing your data
• Our legal basis for processing the data
• If the information will be shared with any 3rd parties
• If the information will be transferred to a third country (outside the European Economic
Area) including the safeguards in place to protect your data
• How long the information will be kept for
• Your individual rights, including accessing your data
• Your right to withdraw consent at any time, where relevant
• Your right to lodge a complaint with the Information Commissioners Office
• The possible consequences of failing to provide your data
• If an automated decision or profiling will be made using your data
Who do we share your information with?
We use a range of organisations to help us deliver our services, where we have these
arrangements there is always an agreement in place to make sure that those organisations
comply with data protection law.
We sometimes have a legal duty to share personal data with other organisations. This is often at the request of the courts when:
• When we are required to do so by law.
• We are ordered by the courts to provide the information
• Someone is taken into care, or a service is being delivered
We may need to share your personal data when we feel there’s a reason that’s more important than protecting your privacy:
• In order to detect and prevent crime
• If there are serious risks to members of the public, our staff or to other professionals
• To protect a child or adult who are thought to be at risk
For all the reasons above, the risk must be serious before we can override your right to privacy.
Transferring data outside the European Economic Area (EEA)
Edge Physio will only transfer personal data outside of the EEA in compliance with Chapter V of
the UK General Data Protection Regulation. Transfers may be made where the Commission has
decided that a third country (a country outside the EEA), a territory or one or more specific
sectors in the third country, or an international organisation ensures and can demonstrate that
individual’s rights are protected by adequate safeguards.
How does the Edge Physio keep your personal data secure?
Edge Physio secures your personal information from unauthorised access, use or disclosure.
Edge Physio secures the personal data you provide on computer servers/Laptops in a controlled, secure environment, protected from unauthorised access, use or disclosure.
Retention and Destruction of your records
Your records are only kept as long as necessary for the length of your care/treatment and for a
period of time after. Edge Physio for the purposes of consistency follow the guidance issued by
the NHS Records Management Code of Practice 2020. Records no longer required will be
destroyed using secure shredding.
We may store your personal information using European Union based cloud providers, but only
where a data processing agreement is in place that complies with obligations equivalent to those of the UK General Data Protection Regulation.
Individuals have certain rights in respect of their own personal data.
1. The right to be informed – This emphasises the need for transparency over how Edge
Physio uses your personal data, this will be done typically through a privacy notice at the
time your data is obtained.
2. The right of access – Individuals have the right to obtain confirmation that their data is
being processed and access to their personal data held by Edge Physio
3. The right to rectification – Individuals are entitled to have personal data rectified if it is
inaccurate or incomplete.
4. The right to erasure – The right to erasure is also known as ‘the right to be forgotten’.
This enables an individual to request that Edge Physio deletes or removes their personal
data where there is no compelling reason for its continued processing.
5. The right to restrict processing – Individuals have the right to block or supress
processing of personal data where there is no compelling reason for the processing.
When processing is restricted the council will be permitted to store the personal data, but
not further process it, and will retain just enough data about you to ensure that the
restriction is respected in future.
6. The right to data portability – Individuals have the right to obtain and reuse their
personal data for their own purposes across different services. It allows them to move,
copy or transfer personal data easily from one IT environment to another in a safe and
secure way, without hindrance to usability.
7. The right to object– Individuals have the right to object to processing based on
legitimate interests or the performance of a task in the public interest/exercises of official
authority, direct marketing (including profiling) and processing for purposes of
scientific/historical research and statistics.
8. Rights in relation to automated decision making and profiling – This provides
safeguards for individuals against the risk that a potentially damaging decision is taken
without human intervention.
For further information on the use of your data including how to make a request under your
individual rights above please contact our Director, Scott Baxter using the details below:-
Address: Edge Physio Limited, 10 North Street Parade, Sudbury, Suffolk, CO10 1GL
If you remain dissatisfied with how Edge Physio has handled your personal data you may wish to
contact the Information Commissioner’s Office by:-
• Post: Customer Contact, Information Commissioner’s Office, Wycliffe House, Water
Lane, Wilmslow, Cheshire, SK9 5AF,
• Phone - 0303 123 1113,
• Email - email@example.com
• Or by visiting the ICO website - www.ico.org.uk