PRIVACY POLICY

We are very pleased about your interest in Rsolved Physio, our website at www.resolvedphysio.com and our Services. Data protection is of a particularly high priority for Rsolved and the processing of your personal data when using our website is always done in accordance with the UK`s Data Protection Act (DPA), the General Data Protection Regulation (GDPR).

 As the controller, Rsolved Physio Ltd, Nick Charlish of c/o LAS Accountants LLP, No.1 Royal Exchange, London, EC3V 3DG (hereinafter “Rsolved”, “we”, “us” or “our”) has implemented numerous technical and organisational measures to ensure the most complete protection of personal data processed through this website. Nevertheless, Internet-based data transmissions can always be subject to security vulnerabilities, so that absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us by alternative means, for example by telephone.

 Principles of data processing

We process users' personal data only in compliance with the relevant data protection regulations. User data is only processed if the following legal permissions exist:

  •         in order to provide our contractual services and online services

  •         processing is required by law

  •         with your consent

·        on the basis of our legitimate interests (i.e., interest in the analysis, optimisation and economic operation and security of our online offer within the meaning of Art. 6 Para. 1 lit. f. GDPR, in particular in measuring reach, creating profiles for advertising and marketing purposes, and collecting access data and using third-party services).

 The above legal bases are set out as follows:

  •         Consent Art. 6 para. 1 lit. a. and Art. 7 GDPR

  •         Processing for the fulfilment of our services and implementation of contractual measures Art. 6 para. 1 lit. b. GDPR

  •         Processing for the fulfilment of our legal obligations Art. 6 para. 1 lit. c. GDPR

  •         Processing to protect our legitimate interests Art. 6 para. 1 lit. f. GDPR

Purposes of use of personal data and legal basis

a) Log Files

We only collect and process access data that your internet browser automatically transmits to us for technical reasons in order to provide the website. Depending on the access protocol used, the protocol data record contains general information with the following contents: Your session data (usage behaviour, length of stay, which links were clicked on, etc.), your abbreviated and unabbreviated IP address, your browser version, your operating system, your website-specific settings, your cookie IDs, your pixel IDs. This data does not allow any direct inference to your person and is processed to improve our website offer and to defend against attempted attacks on our web server. The legal basis for the processing of your personal data is Art. 6 para. 1 lit. f) GDPR. We have a legitimate interest in presenting you with a website optimised for your browser and in enabling communication between our server and your device.

b) Cookies and similar technologies

For the processing of personal data using cookies and similar technologies on our website, please refer to our Cookie Policy, which is part of this privacy policy. The legal basis for the processing of your personal data is Art. 6 para. 1 lit. f) GDPR. We have a legitimate interest in presenting you with a functional, secure and user-friendly website. As well as Art. 6 para. 1 lit. a) GDPR your consent in case you agree to our use of cookies.

c) Contact requests

Enquiries via our contact or enquiry forms may include your name, address, e-mail address, the subject of your contact and your message. We process and store the personal data provided in the contact enquiry solely for the purpose of processing and responding to your enquiry and contacting you. The legal basis for the processing of your personal data is Art. 6 para. 1 lit. b) GDPR.

d) Booking and using services

For our appointment bookings and use of our services, we obtain your Name, E-mail, Phone Number, and additional information you provide to us. The data you provide us with will also only be used for the purpose of your contact, bookings, or appointments and the services carried out. The legal basis for processing your data when booking an appointment is the preparation for a contract.

The data collected in this respect will be deleted as soon as processing is no longer necessary, or you revoke your consent. However, we must also observe retention periods under tax and commercial law.

The data collected in respect of:

i)                your bookings are processed on our behalf by Nookal (www.nookal.com).

ii)               for exercise prescription are processed on our behalf by Active Health Tech Ltd (www.trackactive.co)

iii)              for communications (via e-mail/SMS) in course of our services on our behalf by MailChimp (www.mailchimp.com)

 

The legal basis for the processing of your personal data is Art. 6 para. 1 lit. b) GDPR.

 MailChimp

This website uses the services of MailChimp for sending newsletters. The provider is Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.

MailChimp is a service with which, among other things, the sending of newsletters can be organised and analysed. When you enter data for the purpose of receiving newsletters (e.g., email address), this data is stored on MailChimp's servers in the USA.

With the help of MailChimp, we can analyse our newsletter campaigns. When you open an email sent with MailChimp, a file contained in the email (so-called web-beacon) connects to MailChimp's servers in the USA. This makes it possible to determine whether a newsletter message has been opened and which links, if any, have been clicked on. In addition, technical information is recorded (e.g., time of retrieval, IP address, browser type and operating system). This information cannot be assigned to the respective newsletter recipient. It is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients.

If you do not want any analysis by MailChimp, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. Furthermore, you can also unsubscribe directly on the website.

The data processing is based on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.

The data you provide for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the servers of MailChimp after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. email addresses for the member area) remain unaffected by this.

For more details, please refer to the privacy policy of MailChimp at: https://mailchimp.com/legal/terms/.

We have concluded a so-called "data processing agreement" with MailChimp, in which we oblige MailChimp to protect our customers' data and not to pass it on to third parties. This agreement can be viewed at the following link: https://mailchimp.com/legal/forms/data-processing-agreement/sample-agreement/.

Transfer of personal data

Rsolved will not disclose or otherwise distribute your personal data to third parties unless this is necessary for the performance of our services (legal basis for processing: Art. 6 para. 1 lit. b) GDPR), you have consented to the disclosure (legal basis for processing: Art. 6 para. 1 lit. a) GDPR) or the disclosure of data is permitted by relevant legal provisions.

Rsolved is entitled to outsource the processing of your personal data in whole or in part to external service providers acting as processors for Rsolved pursuant to Art. 4 No. 8 GDPR within the framework of the data protection provisions. External service providers support us, for example, in the technical operation and support of the website, data management, the provision and performance of services, marketing, as well as the implementation and fulfilment of reporting obligations.

The service providers commissioned by Rsolved process your data exclusively in accordance with our instructions. Rsolved remains responsible for the protection of your data, which is ensured by strict contractual regulations, technical and organisational measures and additional controls by us.

Personal data may also be disclosed to third parties if we are legally obliged to do so e.g., by court order (legal basis for processing: Art. 6 (1) (c) GDPR) or if this is necessary to support criminal or legal investigations or other legal investigations or proceedings at home or abroad or to fulfil Rsolved's legitimate interests (legal basis for processing: Art. 6 (1) (f) GDPR).

Transfer of personal data

Rsolved will not sell, rent, or otherwise transfer your personal data to third parties. We will transfer your data to third parties if you have consented to this in accordance with Art. 6 (1) (a) GDPR, or in the following cases:

Rsolved may engages other companies and individuals in certain cases to fulfil its obligations to its customers on its behalf. This may involve sharing your data with these third parties in order to provide products or services to you. Examples include customer service, payment data processing and marketing support. In these cases, data is transferred to such service providers and contractors (such as payment service providers, advertising providers, technical service providers) for the purpose of fulfilling the contract in accordance with Art. 6 (1) (b) GDPR.

It goes without saying that Rsolved ensures that the respective service provider guarantees data security before passing on personal data. Rsolved will therefore only commission companies that can guarantee secure and proper data processing based on their qualifications and their technical and organisational capabilities.

Storage and retention

Your personal data will be stored by us only for as long as is necessary to achieve the purposes for which the data was collected or - if statutory retention periods exist that go beyond this point and for the duration of the legally prescribed retention period (typically 6 years). We then delete your personal data. Only in a few exceptional cases is your data be stored beyond this period, e.g., if storage is necessary in connection with the enforcement of and defence against legal claims against us.

Rsolved is entitled to process your personal data insofar as this is necessary to fulfil legal obligations. For this purpose, Rsolved may transfer this data in particular to authorities, law enforcement agencies and courts. In this case, the transfer of your data is required by Art. 6 (1) (c) GDPR for compliance with a legal obligation to which we are subject. Rsolved is further entitled to process personal data if and to the extent necessary to detect or prevent misuse of this website or to enforce claims of Rsolved, its employees or users, whereby the data processing in these cases is necessary to protect these aforementioned legitimate interests of Rsolved pursuant to Art. 6 (1) (f) GDPR. Insofar as the disclosure of health data is necessary for the assertion of claims or the defence against claims, the related data processing is based on Art. 9 (2) f) GDPR.

When you send a data subject access request

The legal basis for the processing of your personal data in the context of handling your data subject access request is our legal obligation and the legal basis for the subsequent documentation of t data subject access request is both our legitimate interest and our legal obligation.

 

The purpose of processing your personal data in the context of processing data when you send a data subject access request is to respond to your request. The subsequent documentation of the data subject access request serves to fulfil the legally required accountability.

 

Your personal data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the processing of a data subject access request, this is three years after the end of the respective process.

 

You have the possibility at any time to object to the processing of your personal data in the context of the processing of a data subject access request for the future. In this case, however, we will not be able to further process your request. The documentation of the legally compliant processing of the respective data subject access request is mandatory. Consequently, there is no possibility for you to object.

 

Legal defence and enforcement of our rights

The legal basis for the processing of your personal data in the context of legal defence and enforcement of our rights is our legitimate interest.

The purpose of processing your personal data in the context of legal defence and enforcement of our rights is the defence against unjustified claims and the legal enforcement and assertion of claims and rights. Your personal data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected.

The processing of your personal data in the context of legal defence and enforcement is mandatory for legal defence and enforcement of our rights. Consequently, there is no possibility for you to object.

 

SSL encryption

To protect the security of your data during transmission, we use state-of-the-art encryption procedures (e.g., SSL) via HTTPS.

 

International transfers

Our main operations are based in the UK and your personal information is generally processed, stored and used within in the UK and other countries in the European Economic Area (EEA). In some instances, your personal information may be processed outside the European Economic Area. If and when this is the case, we take steps to ensure there is an appropriate level of security, so your personal information is protected in the same way as if it was being used within the UK and the EEA.

Where we need to transfer your data outside the UK or the EEA, we will use one of the following safeguards:

 

  •                     The use of approved standard contractual clauses in contracts for the transfer of personal data to third countries.

  •                    Transfers to a non-EEA country with privacy laws that give the same protection as the UK and the EEA.

 

Economic analyses and market research

For business reasons and in order to be able to recognise market trends, wishes of contractual partners and users, we analyse the data we have on business transactions, contracts, enquiries, etc., whereby the group of persons concerned may include contractual partners, interested parties and users of our online offer.

The analyses are carried out for the purpose of business evaluations, marketing, and market research (e.g., to determine customer groups with different characteristics). In doing so, we may, if available, take into account the profiles of registered users together with their details, e.g., regarding services used. The analyses serve us alone and are not disclosed externally, unless they are anonymous analyses with summarised, i.e., anonymised values. Furthermore, we take the privacy of users into consideration and process the data for analysis purposes as pseudonymously as possible and, if feasible, anonymously (e.g., as summarised data).

This website uses the "Google Analytics" service, which is provided by Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA) to analyse the use of the website by users. The service uses "cookies" - text files that are stored on your terminal device. The information collected by the cookies is usually sent to a Google server in the USA and stored there.

IP anonymisation is used on this website. The IP address of the user is shortened within the member states of the EU and the European Economic Area. This shortening eliminates the personal reference of your IP address. Under the terms of the data sharing agreement between the website operators and Google Inc., Google Inc. uses the information collected to evaluate website usage and activity and to provide services relating to internet usage.

You have the option of preventing the cookie from being stored on your device by making the appropriate settings in your browser. It is not guaranteed that you will be able to access all functions of this website without restrictions if your browser does not allow cookies.

Furthermore, you can use a browser plug-in to prevent the information collected by cookies (including your IP address) from being sent to and used by Google Inc. The following link will take you to the corresponding plugin: https://tools.google.com/dlpage/gaoptout?hl=en.

 

Automated decision-making

Automated decision-making including profiling pursuant to Art. 22 (1) and (4) GDPR does not take place on the part of Rsolved.

 

Direct marketing in the context of a customer relationship

We use the data you provide to fulfil and process our contract and to respond to your enquiries in accordance with Art. 6 (1) (b) GDPR or on the basis of your consent in accordance with Art. 6 (1) (a) GDPR. Insofar as you have also given us separate consent to process your data for consulting, and advertising purposes, Rsolved is entitled to contact you for these purposes via the communication channels you have ticked in this consent.

 

Your Rights

You have a number of ‘Data Subject Rights’ below is some information on what they are and how you can exercise them. There is more information on the Information Commissioners website (www.ico.org.uk).

  •                     information about the processing of your personal data.

  •                     obtain access to the personal data held about you.

  •                     ask for incorrect, inaccurate or incomplete personal data to be corrected.

  •                     request that personal data be erased when it’s no longer needed or if processing it is unlawful.

  •                     object to the processing of your personal data for marketing purposes or on grounds relating to your particular situation.

  •                     request the restriction of the processing of your personal data in specific cases.

  •                     receive your personal data in a machine-readable format and send it to another controller (‘data portability’).

  •                     request that decisions based on automated processing concerning you or significantly affecting you and based on your personal data are made by natural persons, not only by computers.

  •                     You also have the right in this case to express your point of view and to contest the decision

  •                     Where the processing of your personal information is based on consent, you have the right to withdraw that consent without detriment at any time through our contact form. 

The above rights may be limited in some circumstances, for example, if fulfilling your request would reveal personal information about another person, if you ask us to delete information which we are required to have by law, or if we have compelling legitimate interests to keep it.

We will let you know if that is the case and will then only use your information for these purposes. You may also be unable to continue using our services if you want us to stop processing your personal information.

We encourage you to get in touch if you have any concerns with how we collect or use your personal information. You do however also have the right to lodge a complaint directly with the ICO, their contact details can be found on their website (www.ico.org.uk).

Security and confidentiality

To ensure the security and confidentiality of the personal data we collect on the Website, we use data networks that are protected by, among other things, industry-standard firewalls and password systems. When handling your personal information, we take appropriate technical and organisational measures to protect your information from loss, misuse, unauthorised access, disclosure, alteration or destruction and to ensure its availability.

 

Online presences in social media

We maintain online presences on the basis of our legitimate interests. We maintain online presences within social networks and platforms in order to communicate with customers, interested parties and users who are active there. Unless otherwise stated in this policy, we process the data of users if they communicate with us within the social networks and platforms, e.g., write articles on our online presences or send us messages.

Personal information and children

Most of the services available on this website are aimed at people aged 18 and over. We will not knowingly collect, use or disclose personal information from minors under the age of 18 without first obtaining consent from a legal guardian through direct offline contact. The parent or guardian will be provided with (i) information about the specific type of personal information being collected from the minor, (ii) the purpose for which it will be used, and (iii) the opportunity to object to any further collection, use or storage of such information. We comply with youth protection laws.

 

Links to other website

The website may contain links to another website. We have no control over the privacy practices or the content of those other website. Therefore, we recommend that you carefully read the respective privacy policies of these other website that you visit.

 

Hosting

The services for hosting and displaying the website are partly provided by my service provider (Squarespace) as part of processing on my behalf. Unless otherwise explained in this privacy policy, all access data and all data collected in forms provided for this purpose on this website are processed on their servers. If you have any questions about my service providers and the basis of our relationship with them, please contact us.

 

Content Delivery Network

For the purpose of a shorter loading time, we use a so-called Content Delivery Network ("CDN") (Squarespace) for some offers. With this service, content, e.g., large media files, are delivered via regionally distributed servers of external CDN service providers. Therefore, access data is processed on the servers of the service providers. If you have any questions about the service providers I use and the basis of my cooperation with them, please contact us.

 

Changes

This Policy and our commitment to protecting the privacy of your personal data can result in changes to this Policy. Please regularly review this Policy to keep up to date with any changes.

 

Queries and Complaints

Any comments or queries on this policy should be directed to us using the following contact details.

Rsolved Physio Ltd, Nick Charlish

c/o LAS Accountants LLP, No.1 Royal Exchange, London, EC3V 3DG

nick@resolvedphysio.com

If you believe that we have not complied with this policy or acted otherwise than in accordance with data protection law, then you should notify us. You can also make a referral to, or lodge a complaint with, the ICO.