Physio First Privacy Policy

Our privacy policy has been set out to underline the rights for individuals within the laws. The Data Protection Act 1998 was replaced by the General Data Protection Regulation (GDPR) on 25 May 2018. This major change occurred to help protect and unify the way that an individual’s data is managed.

Our privacy policy is to let you know how we promise to look after your, and where appropriate your customer’s, personal data and information as Physio First treats your, and your customer’s privacy seriously.


Who are we?

Physio First is a membership organisation and trade association for self-employed private chartered physiotherapists and their employed chartered physiotherapists who choose to join. Our vision and guiding intent is to support and promote a community of quality private physiotherapists.

You can find more about us at Physio First | About Physio First If you have any questions, or want more detail on how we use your personal information please contact us on 01604 684960 or email us at [email protected]


Why do we process your personal data?

As part of Physio First membership, we must be able to identify you as one of our members or a potential member. We ask all:

  • our members to join via our online application form where we ask for data that is relevant to us
  • potential members (e.g., physiotherapy students) to simply provide us with your name and/or email address.

Under data protection law, it states that we can use and process personal information if we have an appropriate and lawful reason to do so. The law states that we must have one or more of the lawful reasons listed here:

  • If a contract is in place
  • If it is a legal obligation to do so to comply with the law
  • If we have been given clear, concise consent to process your data
  • If it is in our legitimate interests to do so.

Our join online application form automatically identifies the type of Physio First membership based upon the data given by the person applying to ensure eligibility. This enables Physio First to provide the correct services and information to each individual.

We have identified that the lawful reason for Physio First to collect and manage your personal data is because it falls within our “legitimate interests” to do so. By way of summary, we collect and manage personal data for:

Full, Affiliate Non-Practising, Deferred, Honorary (Practicing and non-practising) members and Quality Assured Clinic Participants – To manage your membership/QAC participation and to communicate:

  • information about, assistance with and in enabling our member benefits and QAC participation
  • the opportunity to attend and/or participate in our postgraduate education events
  • for accounting purposes e.g., to issue payment receipts and invoices

and, if practising, to promote your practice through our Find a Physio online directory and other online directories, who manage your data as Physio First Data Processors.

Journal subscribers, CSP visitors and potential members – To:

  • keep you informed about Physio First membership (if eligible)
  • send you clinical, marketplace and organisational information through our Journal (i.e. if a Journal subscriber)
  • offer you the opportunity to attend and/or participate in our postgraduate education events
  • process for accounting purposes e.g., to issue payment receipts and invoices.

All of which enables Physio First, a not-for-profit trade association and professional network of the Chartered Society of Physiotherapy, to achieve our:

  • Constitutional objectives which are:

2.1 To promote the highest standards of clinical practice in physiotherapy generally and

specifically in private practice

2.2 To promote the interchange of professional skills and ideas between individual Practitioners

2.3 To encourage the Continuing Professional Development (CPD) of all members, ensuring that all members who actively practice physiotherapy participate in a recognised level of CPD annually

2.4 To market the private physiotherapy services provided by members in order to increase business and profit for those members

2.5 To provide large organisational benefits to individual members including guidance, support, education and representation at a national level with commercial organisations and within the healthcare marketplace

2.6 To encourage the highest standards of professional management within the context of private practice

2.7 To act as an advisory body to which members and the public can apply for advice concerning matters specific to physiotherapy in private practice

2.8 To strengthen and maintain the direct relationship between the Organisation and The Chartered Society of Physiotherapy

For details see here

  • Strategic reason to exist which is “to support and promote a community of quality private physiotherapists”.

How we collect personal data and what we collect

Physio First collects your personal data from:

  • our online application to join Physio First
  • our website sign-up pop-up form
  • our member-only private forum
  • our practice profile survey
  • sign up for educational opportunities
  • sign up for other member benefits that require this e.g. to open an eStore.

Within our on-line application form, the areas marked with an asterisk (*) are areas where we require financial data. Financial details must be provided but only to enable a one-off or pay-as-you-go payment, which means that no financial information is saved to your record. The only financial information we keep are your bank details that are securely held on individual member records and updated upon notification of any change from you, or until you cease to be a member.

The type of data we collect is listed below:

Name and contact

Your name, preferred correspondence address, contact details. (phone number, email address, social media).

Demographic data

We collect your date of birth (DoB), age, gender, ethnicity, sexual orientation, religion and country of residence.

Special category data

Health, but only if it might affect the services we provide.

Payment data

Financial information for annual or pay-as-you-go subscriptions, event bookings and our eStore member benefit.

Communication

All correspondence is recorded between Physio First and you.

Work affiliations/interests

Membership of other professional networks, principal activities, qualifications, Physio First events attended.

Employment details

Work details e.g., address, contact details, information about your practice, employment status and year qualified.

Physio First membership data

 

CSP Membership Number; HCPC Registration Number; join date; reason for joining; source of joining; membership number; person ID (internal use); when the application was last changed and reason for change; status change, date and reason; return of mail.

History

Any history changes to data are recorded.

Practice Profile survey data

Details of your practice as collected from you in your completion of this online annual survey


We can see some data automatically like your:

  • device and the network you are using. This data comes from Google Analytics (please see their Data Privacy and Security page).
  • email open clicks, click through rates, name and email address on links on our MailChimp emails which we use to improve our communications.

Who we share your information with

We share your data with our elected, acting, appointed or seconded volunteer post holders (e.g., our Executive, Community Representatives and Education Subcommittee members) and third parties as part of Physio First’s membership benefits e.g., for online booking and promotion of your practice and for our member eStores.

We have a data processing agreement with members of our Executive and Community Representatives who are elected or ratified by members at our AGM or who are acting until they can be elected or ratified at our next available AGM or who are appointed or seconded

  • The data we share with our Community Representatives, Education Subcommittee members or appointed or seconded volunteers are the details that appear on the Find-a-Physio section of our website or, if these details do not appear there, the name, practice details, email address and practice telephone number
  • The third parties currently include Due Diligence Checking (DDC), Pixl8, University of Brighton with whom we have data processing contracts.
  • The data that we share with these third parties may include name, employment details (to promote your practice), details to add our patient online booking facility to your record, email address and membership number.

Our eStore Member Benefit

To deliver our member eStore benefit we work with the following third parties:

  • ECOMNOW LLC a company registered in the United States of America, State of Georgia under the federal ID # 46-4685286, whose registered office is at 6300 Powers Ferry Rd, STE 600-308, Atlanta, GA 30339 USA trading as eComNOW who operate the www.eComNOW.org website i.e. eComNow own and maintain the platform and
  • Peyment Solutions Limited, a company registered in the United Kingdom under the registration # 06910442, 1 Westleigh Office Part, Scirocco Close, Moulton Park, Northampton, NN3 6BW trading as eCom Now (UK) who operate the www.peyment.co.uk website and provide UK support for the eComNow platform and
  • Convera UK Financial Limited (Convera) (registered in England, Company Number 13682869, Registered Office Address: Alpha Beta Building, 14-18 Finsbury Square, London EC2A 1AH) who (i) are authorised and regulated by the Financial Conduct Authority under the Payment Services Regulations 2017 for the provision of payment services (Register Reference: 966305) (ii) operate the https://convera.com/en-gb/ website and (iii) enable Physio First to pay our participating members and vendors through our eComNow platform
  • Squareup Europe Ltd, 6th Floor, One London Wall, London, EC2Y 5EB who (i) are authorised by the Financial Conduct Authority under the Electronic Money Regulations 2011 (registered reference no. 900846) for the issuing of electronic money and provision of payment services (ii) operate the https://squareup.com website and (iii) enable our members’ patients (and members when ordering clinic consumables) to pay Physio First for the items purchased 
  • Selected vendor companies who provide products to our Custom Branded Platform

This means that if you are a:

  • member signed up to our Physio First Custom Branded Platform we will share your name, delivery address, telephone number’ email address, DOB and bank sort code/account name/account number with ECOMNOW LLC and Peyment Solutions Limited, with whom Physio First has a data sharing agreement and Convera Limited who have a Convera Global Privacy Statement 
  • member’s customer who places orders for items through a member’s eStore we will share your name, delivery address, telephone number’ and email address, DOB and bank sort code/account name/account number data to fulfil these orders with ECOMNOW LLC and Peyment Solutions Limited, with whom Physio First has a data sharing agreement, our selected Vendors with whom Physio First has a Data Processing Agreement and SquareUp who have a Privacy and Security policy https://squareup.com/help/gb/en/article/3796-privacy-and-security

with them.

The personal data collected is gathered to ensure secure ordering and to provide a more personalised shopping experience and we or they:

  • will never request a password, username, credit card information or other personal information via email
  • do not sell information to any third-party organisations.
  • will only share your information with ECOMNOW LLC, Peyment Solutions Limited, Convera UK Financial Limited, Squareup Europe Ltd and/or selected vendor companies or third parties directly involved in providing products purchased by you or your client.

We or they will only collect:

  • name, delivery address, telephone number, email address, DOB
  • bank sort code/account name/account number/debit or credit card information that will be entered onto a PCI Level 1 compliant payment page which means that your card data is encrypted to the highest security standard
  • all correspondence between Physio First, ECOMNOW LLC, Peyment Solutions Limited, Convera UK Financial Limited, Squareup Europe Ltd and/or selected vendor companies or third parties directly involved in providing products purchased by you or your client.

Our opt out and opt-in service

Physio First provides an opt-in and opt-out service. Therefore, you can:

  • opt out directly via MailChimp and/or
  • let us know whether you would like to opt-out of benefits by contacting us at [email protected].

We send your:

  • Direct Debit Instruction forms are paperless and details are set up directly with your bank/building society and only store your current bank details securely on-site. If details are no longer current, these are removed or updated upon notification of the change by you or your bank.
  • Practice information from our Practice Profile Survey to third party data analysts, with whom we have data processing contracts.
  • You can view accounts receipts or invoices on our website by logging in, selecting ‘My account in the top right hand corner and selecting ‘My events”. DP:

As regards our email service MailChimp, we have a Two-Factor Authentication login process to ensure that your data is secure – see MailChimp’s guidance on Two-Factor Authentication login here


How long do we keep your personal information?

We will keep your personal information for as long as you are a member of Physio First. If you wish to cancel your membership for any reason, we may will keep your data for up to 8 years for one of these reasons:

  • to ask you if you would like to join / re-join Physio First
  • to identify you if you have any questions or comments in the future
  • if you request to see what data we hold
  • to comply with legal obligations such as HMRC rules which could require us to keep financial records for up to 7 years.

How to get a copy of your personal information

You can have access to all information that we hold by requesting this in writing. Please either email us on [email protected] or post a letter to this address: Physio First, Victory House, 400 Pavilion Drive, Northampton Business Park, Northampton, NN4 7PA.


What do I do if my information is incorrect?

You can amend the information we hold at any time, but we may ask for proof of identity to ensure that we are communicating with you. You can also amend your personal details on our website by logging in, selecting ‘My account in the top right hand corner and selecting ‘Edit profile. To edit practice details please email us on [email protected]

If you request details of your data that we hold and wish for your data to be changed at the same time, you will receive the new and old information in our response.


What do you do if you wish us to stop using your personal information?

You have the right within GDPR to object to us using your personal information and you can ask us to delete, remove or stop using it as long as there is no other legal reason for us to keep it.

There may be a legitimate reason or legal obligation as to why we cannot remove or delete some of your personal information as we may need to keep it for you to remain a member of Physio First but if this arises, it will be fully explained within our communications with you.

Last Update 08/11/2023


Password policy

Choose a safe and strong password

Setting up a password

  • Set up a password that cannot be found under the English dictionary, avoid passwords that are easy to guess
  • Use at least 8 characters, a minimum of 6 is required
  • Mix your password using the following characters:
    • Numbers
    • Symbols e.g., %
    • Mix UPPERCASE and lowercase (remember the capitalisation you use)
  • Change your password periodically to ensure that it is kept private
  • Do not write down or store your passwords on your computer
  • The more random the better