Privacy policy - your privacy matters

Effective 01/01/2024

salveo forma (“we”, “us”, “our”) operate the https://www.salveo-forma.com/ website (the “service”)

Our phone number is: 07384590177

This page informs you of how we collect, use, and disclose personal data when you interact with or use our service. The page also informs you of the choices you can make regarding your personal data.

The page is broken into three sections. Initially, the terms and definitions give you descriptions of important terminology within the policy. The policy is then presented in a simplified way for convenance and ease of understanding. Finally a more detailed and comprehensive description of our policy is given for those requiring more detailed information.

Terms and definitions:

User (service user) - this is the individual using our service/you. The user is the data subject, who is the subject of personal data.

Data subject - data subject is any living individual who is the subject of the personal data

Personal data (personal information) - personal data is any information which can be used to identify a living person. Examples of personal data include, but are not limited to: email addresses, financial information, date of birth.

Usage data (website statistics) - usage data is collected automatically and is typically generated by the use of our service and how you navigate and interact with it. Examples of this is which pages you visit and how long you spend on those pages.

Cookies - cookies are small pieces of data which are stored on a users device.

Data controller - data controller is the person (this can be alone or in conjunction with, in common with, an other or other persons) who determines the purpose for which and the manner in which personal data is, or will be, processed. For the purposes of this privacy policy, we are the controller of personal data.

Data processor (or service providers) - the data processor (or service provider) is any person (other than an employee of the data controller) who processes the data on behalf of the data controller.

In simple terms:

Do we collect your data?

Yes, it is necessary for us to collect some data from you in order for us to contact you and arrange appointments. If you use our contact forms then this information will be stored for these purposes. If you call us then we will take notes to build a contact profile for you should you wish to make an appointment.

Do we share this data?

No, we only hold your data for the purpose it is intended, be that contacting you or as part of your treatment plan. We will not share this information with any third parties.

The exception to this being information which needs to be shared with another healthcare professional such as your GP. However, this will only be done with your consent.

How long will we hold your data?

Contact information will only be held as long as it is required. If you do not decide to proceed with treatments and appointments then your data will be deleted. If you do proceed then your data will be held for longer. Further information can be found below.

For physiotherapy appointments, data will be stored on a secure clinical system which is compliant with ISO27001 and has 256 bit SSL encryption. All our systems have two-factor authentication so you can be sure that your data is secure. However, you have the right to withdrawn consent to this at anytime and simply need to contact us to request this.

The finer print:

salveo forma takes your data security and our obligations under the General Data Protection Regulation (GDRP) extremely seriously. We are aware of our responsibilities to protect your data and privacy and we pride ourselves on our ability to do so.

What type of information do we collect?

Basic contact information - typically used for initial enquiries

personal identifiers: name and contact information such as email address, phone number

Customer information - typically used when you become a customer

Enhanced personal identifiers. As above plus address, date of birth, gender, martial status, next of kin (plus basic contact information for next of kin)

Medical information relevant to the condition or treatment plan which may include past medical history and other relevant data

Information from your examination and treatment, from when your treatment plan commences, and including all subsequent visits

Clinical referral letters

Special category data - data of a more sensitive nature

Certain types of sensitive date have greater protections under GDPR. This is typically data of a more sensitive nature such as, but not limited to, information about your health, physical condition, sexual orientation, religious beliefs, ethnic origin

We may use special category data to:

  • Ensure any treatments and/or care is appropriate to condition and/or beliefs

  • Determine any limitations, requirements, or adjustments which may need to be made for access to our facilities and/or treatments

    Special categories of data require your explicit consent which will be gained from you if/when required and will be documented on our consent form.

    There may be rare times when we will be required to process this data without consent. These include but are not limited to: in order to carry out our legal obligations or reasons of substantial public interest.

    You have the right to both grant and withdraw consent. Consent can be withdrawn at any time If you chose to withdraw consent there will be no consequences for this. To withdraw consent you must contact us and formally request this.

How do collect we collect data?

Data is provided to us in a number of ways, from a number of sources, and for a number of reasons. Depending on the reason the data is provided and if this is direct or indirect, the data is used and stored in different ways.

A full list of our lawful basis for processing your personal data can be found in this pdf

Why do we need to process/use data? (how do we use the data we hold?)

Data protection laws govern how we are allowed to process your data in accordance to how it will be used. This is the lawful basis. For the purposes of this service the lawful basis for collecting your data is legitimate interest, although if you chose to provide further information to commence treatments, either through our contact form or by calling or emailing us, then we ask you to provide consent for this in line with the terms of this policy. In this instance consent is given by ticking the box to confirm you have read and understood this privacy policy.

Most commonly we will use your personal information in the following circumstances:

  • To carry out the contract with you - when a service user request a service and/or treatment and/or care, and salveo forma agree to provide that service and/or treatment and/or care, it constitutes a contract. For us to complete that contract it may be required that we call them to confirm/adjust appointments, change facilities, change services. We need to hold service users data in order for us to do this

  • Recording health information - in order for us to provide each service user with the best treatment it is necessary for us to record details of those treatments and plan future treatments. This is always done in their best in interest.

  • To carry out legally required duties - in order for us to comply with request, such as those from a government appointed regulator, it may be required for us to share service user information.

  • Legitimate interest - where it is necessary for our legitimate interest and service users interest and fundamental rights do not override those interests.

  • To seek feedback - this is monitor our service in the interest of continual improvement. We may respond appropriately about the services received, although we do not routinely collect data which identifies service users for this purpose.

  • To evaluate clinical performance and the quality of treatment/care we provide - this is to ensure our we are meeting the standards we set ourselves and the expectations of our service users. This is normal completed through clinical audits where the initial collection of data will include some personal information which is then anonymised.

  • To manage incidents - we will use data to manage any incidents which occur to ensure that they do not happen again. If service users were involved then this data may also be used to contact them.

  • To ensure effective information technology and governance.

  • To investigate concerns/ complaints.

  • In the event that salveo forma are the subject of a legal action or a claim, we will share information relevant to the claim with our insurers and legal advisors to manage and defend claims.

  • We are legally required to support organisations with regulatory functions, such as the CQC. Where required and deemed appropriate we will share information about service users to evidence compliance or to report an adverse incident.

We may also use your personal data in the following rare occasions:

  • Where there is a need to protect someone else’s interests.

  • Where it is in the public interest or for official purposes.

  • Where statutory permission exists (e.g. section 251 of the NHS Act 2006), we may share data with national registries.

We may be required to share your personal data without consent. Examples include:

  • Disclosures in public interest or to protect the public in order to prevent and support detection, investigation and punishment of a serious crime or to prevent abuse/serious harm.

  • Legal disclosures for example where we have received a court order instructing us to share information.

What happens if service users choose not to provide data?

Everyone has the right to decide what happens which their data, this includes providing that data in the first instance. However, one of the reasons we required the data is to carry out our service and duties inline with our contract with service users. If that data is not provided, we will be unable to perform those services/treatments/care as we will be unable to ensure it is delivered safely and effectively and in the best interest of the service user. We may also be prevented from continuing with services/treatment/care due to our legal obligations.

Can we change the purpose of data use?

We will only use service user data for the purpose for which it was collected unless there is reasonable cause for its use in another function and that function is compatible with the original purpose. If we need to use service user information for a reason which is not compatible with its original purpose, we will notify you and explain the legal basis enable this change or purpose.

Do we use automated decision making?

We do not have any processes which include the use of automated decision making. At no point will a decision be made about a service user on the basis of automated decision making (without the involvement of a person) which has an impact on service users.

Do we share data with others?

In addition to the use of data outlined above, we may also share data with other member of the salveo forma team, but only where strictly required for them to undertake their duties. An example of this is a physiotherapist who is required to handover care to an occupational therapist in order for care to continue.

We may also be required to share information with 3rd parties outside of salveo forma in order for us to facilitate service users ongoing treatment, for example passing updates and treatment notes to a GP. This will only ever be done with a service user consent, or when in the best interest of the service user.

Do we transfer information outside the UK, or EU?

We may share service users data with parties outside the UK and European Economic Area (EU) should the need arise. This is an extremely unlikely event, but could be to share information regarding service users health conditions, treatments, or ongoing care with healthcare providers/practitioners in other countries in accordance with service users express wishes. Service user data would only be transferred under these highly unlikely circumstances if they destination country and end recipient had equivalent data security and protection laws to those of the UK and EU, and had IT systems with security standards which were comparable to our own.

What are our data security standards?

We have taken measures to ensure that service users data is secured against accidental loss, disclosure, alteration, and unauthorised access, destruction or abuse. We have processes in place to ensure data is only accessible to those that have a business need to access it, be they employees, agents, contractors or third parties. All our systems have two factor authentication as standard and our clinical systems are ISO27001 compliant and have 256 bit SSL encryption.

Where data must shared, we will ensure that the recipient of the data has equally data security measures in place in line with GRPR requirements.

Do service users have a duty to inform us of changes?

Yes, it is important that service users keep personal information and data up to date and accurate. If any information changes during a services users time receiving services/treatments/care from us, they do need to inform us so we can maintain current and accurate records.

Do service users have rights in relation to this data?

Service users have a number of rights and protections in relation to data held about them. These include:

  • The right of access - service users have the right to access any data held about them. To do so a subject access request needs to be made.

  • The right for any inaccuracies to be corrected - if a service user finds data which is inaccurate or incomplete, they are free to require us to correct this.

  • The right to be informed - we must inform service users of how their personal data is used, and of any future changes to how this data is used. This is the purpose of this privacy policy notice.

  • The right to have information deleted - a service user has the right to ask us to stop processing their data and to have this deleted if there is no reason reasonable reason to keep processing the data.

  • The right to restrict the processing of data - if a service user felt that we held inaccurate data about them, they would have he right to ask us to stop processing this data until the inaccuracies had been corrected.

  • The right to portability - service users have the right to request a transfer of data that we hold for their own purposes.

If a service user wanted to exercise any of the aforementioned rights then we ask that this request be put in writing and sent to use via our email address enquiries@salveo-forma.com

Will there be fees?

There are no fees to exercise the aforementioned rights. However, we may charge a fee should there be multiple requests, or multiple copies, or if the request for access is clearly unfounded or excessive.

Do service users have the right to withdraw consent?

All service users have the right to withdraw consent at any time. There are no consequences for this but if consent is withdrawn it may not be possible to continue to provide service/treatments/care as consent to data is a fundamental element of this. In some circumstances, where consent has been withdrawn, we may continue to process data should be have a legitimate legal reason to do so.

To withdraw consent at any time please do so in writing by emailing enquiries@salveo-forma.com

Can a service user make a complaint about this policy?

Service users have the right to make a complaint at any time. complaints can be directed in writing to enquiries@salveo-forma.com.

Service users also have the right to make a complaint directly to the supervisory authority in the UK for all data protection matters, the Information Commissioner’s Office (ICO).

The address for the ICO is:

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF