Our privacy policy has been reviewed and set out to underline the new rights for individuals within the new laws. The Data Protection Act 1998 was replaced by the General Data Protection Regulation (GDPR) on 25 May 2018. This major change has occurred to help protect and unify the way that an individual’s data is managed throughout the European Union (EU).

Our privacy policy is to let you know how we promise to look after your personal data and information as Physio First treats your privacy seriously.


Who we are

Physio First is a membership organisation and trade association for self-employed private chartered physiotherapists and their employed chartered physiotherapists. Our vision and guiding intent is to champion evidence based cost effective private physiotherapy with Physio First members in the changing healthcare marketplace.

You can find more about us at http://www.physiofirst.org.uk/our-story.html If you have any questions, or want more detail on how we use your personal information please contact us on 01604 684960 or email us at minerva@physiofirst.org.uk


Why we process your personal data

As part of Physio First membership we must be able to identify you as one of our members. We ask all our members to join via our online application where we ask for data that is relevant to us.

Under the new data protection law, it states that we can use and process personal information if we have an appropriate and lawful reason to do so. The law states that we must have one or more of the lawful reasons listed here:

  • If a contract is in place
  • If it is a legal obligation to do so to comply with the law
  • If we have been given clear, concise consent to process your data
  • If it is in our legitimate interests to do so.

Our join online application form automatically identifies the type of Physio First membership based upon the data given by the person applying to ensure eligibility. This enables Physio First to provide the correct services and information to each individual.

We have identified that the lawful reason for Physio First to collect and manage your personal data is because it falls within our “legitimate interests” to do so. By way of summary, we collect and manage personal data for:

Full, Affiliate Non-Practising, Deferred and Honorary (Practicing and non-practicing) members – To manage your membership and to communicate: 

  • information about and assistance with our member benefits
  • the opportunity to attend our annual conference and periodic post-graduate education courses

and, if practicing, to promote your practice through our Find a Physio online directory and other on-line directories, who manage your data as Physio First Data Processors.

Journal subscribers and CSP visitors –  To:

  • Keep you informed about Physio First membership (if eligible)
  • Send you clinical information through our Journal (i.e. if a Journal subscriber)
  • Offer you the opportunity to attend our annual conference and periodic post-graduate education courses.

All of which enables Physio First, a not-for-profit trade association and professional network of the Chartered Society of Physiotherapy, to achieve our:

  • Constitutional objectives which are:

2.1 To promote the highest standards of clinical practice in physiotherapy generally and specifically in private practice

2.2 To promote the interchange of professional skills and ideas between individual practitioners

2.3 To encourage the Continuing Professional Development (CPD) of all members, ensuring that all members who actively practice physiotherapy participate in a recognised level of CPD annually

2.4 To market the private physiotherapy services provided by members in order to increase business and profit for those members

2.5 To provide large organisational benefits to individual members including guidance, support, education and representation at a national level with commercial organisations and within the healthcare marketplace

2.6 To encourage the highest standards of professional management within the context of private practice

2.7 To act as an advisory body to which members and the public can apply for advice concerning matters specific to physiotherapy in private practice

2.8 To strengthen and maintain the direct relationship between the Organisation and The Chartered Society of Physiotherapy

For details see here

  • Strategic reason to exist which is “to champion evidence-based cost effective private physiotherapy with Physio First members in the changing healthcare marketplace”.

How we collect personal data and what we collect

Physio First collects your personal data from:

  • Our online application to join Physio First
  • Our website sign-up pop-up form
  • Our member-only private LinkedIn closed forum
  • Our practice profile survey.

Within our on-line application form the areas marked with an asterisk (*) are areas where we require financial data.  Financial details have to be provided but only to enable a one-off payment, which means that no financial information is saved to your record. The only financial information we keep are your bank details that are stored in hard copy and held securely on-site and updated upon notification of any change from you, or until you cease to be a member.

 

The type of data we collect is listed below:

Name and contact

Your name, preferred correspondence address, contact details (phone number and email address).

Demographic data

We collect your date of birth (DoB), age, gender and country of residence.

Special category data

Health, but only if it might affect the services we provide.

Payment data

Financial information for annual subscriptions and event bookings.

Communication

All correspondence is recorded between Physio First and you.

Work affiliations/interests

Membership of other professional networks, principal activities, qualifications, Physio First events attended.

Employment details

Work details e.g. address, contact details, information about your practice, employment status and year qualified.

Physio First membership data

CSP Membership Number; HCPC Registration Number; join date; reason for joining; source of joining; membership number; person ID (internal use); when application was last changed and reason for change; status change, date and reason; return of mail.

History

Any history changes to data are recorded.

Practice Profile survey data

Details of your practice as collected from you in your completion of this on-line annual survey

 

We can see some data automatically like your:

  • Device and network you are using. This data comes from google analytics (please see their Data privacy and security page).
  • Email open clicks and click through rates on links on our emails which we use to improve our communications.

Who we share your information with

We share your data with third parties as part of Physio First’s membership benefits e.g. online booking and promotion of your practice.

  • These third parties currently include Simplyhealth, Blue Zinc, Painless Practice and Due Diligence Checking (DDC), Pixl8 with whom we have data processing contracts.
  • The data that we share with these third parties are name, employment details (to promote your practice through Simplyhealth), details to add online booking benefit to your record, email address and membership number.
  • We provide an opt-in and opt-out service. Therefore, you can let us know whether you would like to opt-out of these benefits by either contacting us (click here for contact information) or by going to the ‘Update details’ within our website to amend them.

We send your:

  • Direct Debit Instruction form directly to your bank/building society and only store your current bank details securely on-site. If details are no longer current, we securely shred upon notification of the change by you.
  • Practice information from our Practice Profile Survey to third party data analysts, with whom we have data processing contracts.

As regards our emailer service MailChimp, we have a Two-Factor Authentication login process to ensure that your data is secure – see MailChimps guidance on Two-Factor Authentication login here.


How long we keep your personal information

We will keep your personal information for as long as you are a member of Physio First. If you wish to cancel your membership for any reason we may keep your data for up to 3 years for one of these reasons:

  • To ask you if you would like to re-join Physio First
  • To identify you if you have any questions or comments in the future
  • If you request to see what data we hold
  • To comply with legal obligations such as HMRC rules which could require us to keep financial records for up to 6 years.

How to get a copy of your personal information

You can have access to all information that we hold by requesting this in writing. Please either email us on minerva@physiofirst.org.uk or post a letter to this address: Minerva House, Tithe Barn Way, Swan Valley, Northampton, Northants NN4 9BA


What do I do if my information is incorrect?

You can amend the information we hold at any time, but we may ask for proof of identity to ensure that we are communicating with you.  You can also amend your personal details on our website by logging in, selecting ‘My Physio First’ in the top right hand corner and selecting ‘Update details’.

If you request details of your data that we hold and wish for your data to be changed at the same time, you will receive the new and old information in our response.


What do you do if you wish us to stop using your personal information?

You have the right within GDPR to object to us using your personal information and you can ask us to delete, remove or stop using it as long as there is no other legal reason for us to keep it.

There may be a legitimate reason or legal obligation as to why we cannot remove or delete some of your personal information as we may need to keep it for you to remain a member of Physio First but if this arises, it will be fully explained within our communications with you.

 

Password policy

Choose a safe and strong password

Setting up a password

  • Set up a password that can not be found under the English dictionary, avoid passwords that are easy to guess
  • Use at least 8 characters, a minimum of 6 is required
  • Mix your password using the following characters:
    • Numbers
    • Symbols e.g. %
    • Mix UPPERCASE and lowercase (remember the capitalisation you use)
  • Change your password periodically to ensure that it is kept private
  • Do not write down or store your passwords on your computer
  • The more random the better

Resetting your password

If you have forgotten your password, please select ‘Forgot?’ on our login page and input your membership number and click ‘send’ which then an email will be sent to you including a link to reset it.

Please be sure that you have a preferred email address set up on your record with us otherwise this will not be sent. You can check with us by calling 01604 684960 or emailing us at minerva@physiofirst.org.uk.  

Tip: Reset your password with one that you will remember.

You can update your password under ‘Update details’ on your profile on our website so you change and update it whenever you like.