Privacy Policy

We at ReBalance Injury Clinic take your privacy seriously.
We understand that your privacy is important to you and that you care
about how your personal data is used and shared.

ReBalance Injury Clinic Privacy Policy
Effective Date: January 2025

At ReBalance Injury Clinic, we value the trust you place in us when you provide your personal and health information.

This Privacy Policy explains how we collect, use, store, and disclose your information in connection with Our services. We are committed to protecting your confidentiality and ensuring your information is handled safely and responsibly.

Please read this Privacy Policy carefully and ensure that you understand it. Your acceptance of Our Privacy Policy is deemed to occur upon your first use of Our Services and/or website.

If you do not accept and agree with this Privacy Policy, you must stop using Our Site or Services.

1. Definitions and Interpretation

In this Policy the following terms shall have the following meanings:

“personal data” means any and all data that relates to an identifiable person who can be directly or indirectly identified from that data. In this case, it means personal data that you give to Us via Our Site. This definition shall, where applicable, incorporate the definitions provided in the Data Protection Act 1998 and the General Data Protection Regulation (“GDPR”);

“We/Us/Our” means ReBalance Injury Clinic whose main trading address is ReBalance Injury Clinic, Unit 1, Pinbrook Industrial Estate, Chancel Lane, Exeter, Devon, EX4 8JU.

2. Introduction

Our Privacy Policy governs the manner in which we collect and process your personal data. We recognize that the information we retain is largely of a sensitive nature, especially your health and treatment details. We are committed to using this information solely to manage your care effectively, coordinate treatment, communicate essential information, and comply with our legal and ethical obligations.

This policy covers the collection, processing and other use of personal data under the Data Protection Act 1998 (“DPA”) and the General Data Protection Regulations (“GDPR”).

3. Information We Collect

We may collect a range of information necessary to provide you with high-quality care. This includes:

3.1 Personal Identification Information

Personal Details: Your full name, home address, postal code, telephone number, and email address, profession.
Identification Details: Date of birth, gender, and any identification numbers (such as a national health number) when required.

3.2 Medical and Health-Related Information

Medical History: Health history, current treatments, diagnostic results, clinical notes, and information from referral sources.
Treatment Records: Details of your appointments, diagnoses, treatment plans, and progress.
Sensitive Health Information: Any information regarding your physical or mental health that is necessary for your treatment.
Some treatments should not be performed under certain medical conditions, therefore, the information you provide to us should include all known medical conditions and all questions should be answered honestly. It is your responsibility to keep the therapist updated as to any changes in your medical profile and there shall be no liability on the therapist’s part should you fail to do so.

3.3 Financial and Insurance Information

Billing Details: Payment information, invoices, and transaction records.
Insurance Information: Data relating to your health insurance providers, policy numbers, and claims history.
Your payment information provided when you make a purchase through credit/debit card is not received or stored by us. That information is processed securely and privately by the third-party payment processors that we use. ReBalance Injury Clinic will not have access to that information at any time.

3.4 Other Data

Communication Records: Emails, messages, and notes from telephone conversations that pertain to your treatment.
Online Data: When you access our website, we may collect analytics data, IP addresses, cookie identifiers, web browser type and version; operating system; and usage statistics (further details on cookies are provided below).

4. How We Collect Your Information

We employ several methods to collect your data:

Directly from You: When you register as a patient, consent to treatment, or fill out forms and surveys.
During Consultations: Information collected during consultations, assessments, and treatments. We use an AI Scribe Agent that records and transcribes consultations, capturing dialogue which is converted to text using artificial intelligence. This data is processed using artificial intelligence to create a medical record of your session. We use this data to create and maintain accurate medical records.
Through Our Website: When you visit or interact with our website, we may automatically log technical data.
From Third Parties: With your consent, we may obtain necessary information from your primary care providers, specialists, or other health professionals involved in your care.
Each collection channel is designed to ensure the information we receive is accurate and handled with the confidentiality and security you expect.

5. Legal Basis for Processing

We process your personal data based on one or more of the following lawful bases:

Consent: Where you have provided explicit permission for the processing of your data.
Contractual Necessity: For the performance of a contract to which you are a party (e.g., providing treatment).
Legal Obligation: To comply with legal and regulatory obligations.
Vital Interests: To protect your vital interests or those of another person.
Legitimate Interests: As long as they do not override your fundamental rights and freedoms.

6. How We Use Your Information

All personal data is processed and stored securely, for no longer than is necessary in light of the reason(s) for which it was first collected. We will comply with Our obligations and safeguard your rights under the Data Protection Act 1998 and GDPR at all times.

The information we collect is used for the following purposes:

6.1 Provision of Healthcare Services

Diagnosis and Treatment: To understand your condition, plan your treatment, and provide the appropriate physiotherapy services.
Clinical Decisions: To enable our health professionals to make informed decisions regarding your care.

6.2 Administrative and Support Functions

Appointment Management: Scheduling, reminders, and follow-up communications.
Billing and Payments: Processing financial transactions and insurance claims.
Record Keeping: Maintaining confidential medical records in compliance with legal requirements.

6.3 Communication and Service Improvement

Patient Communication: Sending important updates related to your treatment, clinic policies, and scheduling updates.
Service Enhancement: Analysing data to improve our services through patient feedback and treatment outcome reviews.
With your permission and where permitted by law, We may use your data for marketing purposes which may include contacting you by email and/or telephone with information, news and offers on Our products and services.

6.4 Legal and Regulatory Obligations

Compliance: Meeting the requirements of healthcare regulations and data protection laws.
Audit and Investigation: Assisting in any audits, reviews, or investigations as mandated by law.

7. How and Where We Store Your Information

Your data is stored only as long as necessary for the purposes for which it was collected, or as required by law. Records relating to treatment and billing are retained in accordance with healthcare regulations and professional guidelines.
As part of the services offered to you by ReBalance Injury Clinic, the information you provide to us may be transferred to and stored in countries outside of the European Economic Area (EEA) as we use remote website server hosts to provide our clinic management software, website and some other aspects of our service, which may be based outside of the EEA, or use servers based outside of the EEA – this is generally the nature of data stored in “the Cloud”. It may also be processed by staff operating outside the EEA who work for one of our suppliers, e.g., our website server host, or work for us when temporarily outside of the EEA.
The transmission of information via the internet or email is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of data, any such transmission is at your own risk.

Once we have received any personal data, we have strict procedures and security features to try to prevent unauthorised access:

Technical Measures: Robust firewalls, end-to-end encryption, secure servers, and regular security audits.
Organizational Measures: Staff training on data protection, strict access controls, and secure disposal practices.
Data Breach Protocols: Procedures in place to immediately address and mitigate any data breach, including promptly notifying affected individuals and reporting to relevant authorities, as required by law.
Physical Security: Secure filing systems for paper records and restricted access to areas where data is stored.

8. Disclosure and Sharing of Your Information

Your confidentiality is of utmost importance. We only share your personal data under stringent conditions:

8.1 With Your Consent

Direct Sharing: Your personal data may be shared with specialists or other providers when you give explicit consent to do so.

8.2 Legal and Regulatory Requirements

Mandatory Disclosures: We may be legally obligated to disclose your information to public authorities, such as in response to a court order or a regulatory inquiry.
Public Health Purposes: In certain situations, for example in the case of an infectious disease outbreak, we may share data as part of public health initiatives while still safeguarding your anonymity when appropriate.

8.3 Third-Party Service Providers

Operational Support: We contract with third-party service providers, including AI support agents, who operate under strict agreements to protect your data. These providers only access data to perform specific tasks on our behalf and are only chosen if they adhere to data protection and GDPR laws.

Any audio recordings created by AI agents are deleted automatically 48 hours after recording, and they do not learn from use within our business.

Data Transfers: Any transfer of personal data to a third party or across borders will be protected by appropriate safeguards, ensuring compliance with data protection laws.
Your information is never sold or rented to advertisers.

9. What Happens If Our Business Changes Hands?

We may, from time to time, expand or reduce Our business and this may involve the sale and/or the transfer of control of all or part of Our business. Any personal data that you have provided will, where it is relevant to any part of Our business that is being transferred, be transferred along with that part and the new owner or newly controlling party will, under the terms of this Privacy Policy, be permitted to use that data only for the same purposes for which it was originally collected by Us.

In the event that any of your data is to be transferred in such a manner, you will not be contacted in advance and informed of the changes.

10. How To Control Your Information

In addition to your rights under the GDPR, when you submit personal data, you may be given options to restrict Our use of your data. In particular, We aim to give you strong controls on Our use of your data for direct marketing purposes (including the ability to opt-out of receiving emails from Us which you may do by unsubscribing using the links provided in Our emails and at the point of providing your details.

11. Your Rights

We respect your rights regarding your personal data. Depending on your location, these rights may include:

Access: You have the right to request details of the personal data we hold about you.
Correction: You may request that incorrect or incomplete data be corrected or updated.
Deletion: In certain circumstances, you have the right to ask us to delete your personal data.
Withdrawal of Consent: If your data is processed on the basis of consent, you can withdraw your consent at any time without affecting the lawfulness of processing based on consent before withdrawal.
Objection and Restriction: You may have the right to object to certain types of processing or request a restriction under specific conditions.
Data Portability: You may have the right, where applicable, to obtain your data in a structured, machine-readable format and transfer it to another service provider.

Requests to exercise these rights should be sent to our Data Protection Officer (or designated contact). We will respond to your requests in line with applicable legal requirements.

12. Cookies, Website Analytics, and Online Data When you visit our website, we may automatically collect certain technical information:

Cookies: Small data files that track your session on our website. These help us enhance your user experience will not identify you personally. You may manage or disable cookies via your browser settings, but doing so might affect website functionality.
Analytics: We use analytics tools to assess traffic and usage patterns to continually improve our services.
IP Addresses and Device Information: Collected for security and statistical purposes.

By using our website, you consent to the use of cookies and similar technologies as described in this policy.

You might find links to third party websites on our website. These websites should have their own privacy policies, which you should check. We do not accept any responsibility or liability for their policies whatsoever as we have no control over them. We advise you to check the privacy policies of any such websites before providing any data to them.

All computers have the ability to decline cookies. This can be done by activating the setting on your browser which enables you to decline the cookies. Please note that should you choose to decline cookies; you may be unable to access particular parts of Our Website.

13. Data Protection Officer and Contact Information

We welcome any queries, comments or requests you may have regarding this Privacy Policy. Please contact Us by email at hello@rebalanceinjuryclinic.co.uk, by telephone on 07800636101, or by post at ReBalance Injury Clinic, Unit 1, Pinbrook Industrial Estate, Chancel Lane, Exeter, Devon, EX4 8JU. Please ensure that your query is clear, particularly if it is a request for information about the data We hold about you.

We are committed to responding to your queries promptly and ensuring your concerns are addressed thoroughly.

14. Changes to Our Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or for legal and regulatory reasons. Any changes will be communicated by: