PURPOSE OF THIS NOTICE
This notice describes how we collect and use personal information about you, in accordance with the General Data Protection Regulation (GDPR), the Data Protection Act 2018 and any other national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK (“Data Protection Legislation”).
Lindsay Montgomery trading as Koromiko Physiotherapy.
Business Address: 1 Forest Hall Rd, Newcastle upon Tyne NE12 7AU
HOW WE COLLECT YOUR PERSONAL INFORMATION
We collect only the personal information necessary in the fulfilment of legal, accounting, taxation and contractual requirements necessary to provide our services to you under the terms of our engagement. We obtain personal information about you e.g. when:
you request a proposal from us in respect of the services we provide;
you engage us to provide our services and also during the provision of those
you contact us by email, telephone or post; or
We may also collect personal information from third parties and/or publicly available resources e.g. HM Revenue & Customs or Companies House.
WHAT PERSONAL INFORMATION WE HOLD ABOUT YOU
The information we hold about you may include the following:
your personal details e.g. your name, address, telephone number;
details of any services you have received from us;
our correspondence and communications with you;
information about any complaints and enquiries you make to us;
information we receive from other sources e.g. publicly available information.
HOW WE USE PERSONAL INFORMATION WE HOLD ABOUT YOU
We may process your personal information for purposes necessary for the performance of our contract with you and to comply with our legal obligations. This may include processing your personal information where you are an employee, subcontractor or supplier. We may process your personal information for the purposes of our own legitimate interests provided that those interests do not override any of your own interests, rights and freedoms which require the protection of personal information.
The purposes for which personal information is processed may also include any or all of the following (the list is non-exhaustive):
deliver services and meet legal responsibilities;
verify identity where this is required;
communication by post, email, ShareFile and telephone;
understand needs and how they may be met;
process financial transactions;
prevent and detect crime, fraud or corruption.
If you do not provide your personal information
Under these circumstances, we may not be able to provide our services to you.
Retention of personal information
We will only retain your personal information for as long as is necessary to fulfil the purposes for which it is collected. When assessing what retention period is appropriate for your personal data, we take into consideration:
the requirements of our business and the services provided;
any statutory or legal obligations;
the purposes for which we originally collected the personal information;
the lawful grounds on which we based our processing;
the types of personal information we have collected; and
the amount and categories of personal information.
Change of purpose
Where we need to use your personal information for another reason, other than for the reason we collected it, we will only use your personal information where that reason is compatible with the original purpose. Should it be necessary to use your personal information for a new purpose, we will notify you and communicate the legal basis which allows us to do so before starting any new processing.
SHARING PERSONAL INFORMATION
We will share our personal information with third parties where we are required by law, with a regulator, where it is necessary to administer the relationship between us or where we have another legitimate interest in doing so.
TRANSFERRING PERSONAL INFORMATION OUTSIDE THE EUROPEAN ECONOMIC AREA (EEA)
We will not transfer the personal information we collect about you outside the EEA.
We have put in place commercially reasonable and appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business to know. They will only process your personal information on our instructions and are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
RIGHTS OF ACCESS, CORRECTION, DELETION AND RESTRICTION Your duties to inform us of changes
It is important that the personal information we hold about you is accurate and current. Should your personal information change, please notify us of any changes which we need to be made aware of.
Your rights in connection with your personal information
Under certain circumstances, by law you have the right to:
request access to your personal information. This enables you to receive details of the personal information we hold about you and to check that we are processing it lawfully;
request correction of the personal information that we hold about you;
request deletion of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below);
object to processing your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this basis;
request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you e.g. if you want us to establish the accuracy or the reason for processing it;
request the transfer of your personal information to you or another data controller if the processing is based on consent, carried out by automated means and this is technically feasible.
You will not have to pay a fee to access your personal information (or to exercise any other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
RIGHT TO WITHDRAW CONSENT
Where you have provided your consent to the collection, processing and transfer of your personal information, you have the right to withdraw your consent at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your personal information for the purposes you originally agreed to, unless we have a legitimate basis for doing so in law.
CHANGES TO THIS NOTICE
This privacy notice was last updated on 31 January 2023.