Privacy Policy
Last Updated: May 20, 2024
Privacy Statement Summary:
This Privacy Policy ("Policy") details how Fix Health ("we", "us", "our") collects, uses, and shares your information. It governs the handling of personal data for which we are the Data Controller, determining how data related to our website visitors, service users, clients, and partners, among others, is processed.
Who will use my data? | - Fix Health, a leading physiotherapy provider based in India is the main provider of quality physiotherapy services.
- Physiotherapy Partners, a network of professionals working with us to deliver services.
- Carefully Selected Third Parties, including healthcare platforms, referral systems, and service enhancement tools that align with our commitment to quality care.
|
What for? | - To provide and enhance our physiotherapy services and products, ensuring they meet your needs and preferences. This encompasses booking appointments, managing treatment plans, and facilitating healthcare services.
- Information and Updates: Upon contacting us, we may send information relevant to your interests, including updates, related healthcare products, services, and educational content.
- Legal and Regulatory Compliance: Sharing necessary details with authorities and organizations as mandated by law.
|
What will happen if I contact you? | - Response to Inquiries: Utilizing your data to address the queries or requests you've made
- Information and Engagement: Sending tailored information, healthcare tips, updates on services, and opportunities we believe will interest you, enhancing your healthcare journey with us.
|
What data will be stored? | - Personal and Health Information: Including contact details, health history, treatment records, and in some cases, financial information, to administer our services effectively.
- Engagement Records: Documentation of interactions, preferences, and feedback, facilitating personalized care and continuous improvement.
- Online identifiers, cookies, IP addresses, and your interaction history with our website.
|
What data will be shared? | - With Partners and Providers: To facilitate comprehensive healthcare services, subject to strict confidentiality and security measures.
- For Retargeting Ads: Sharing certain information with digital advertising networks, like Google and Facebook, for more effective retargeting.
- Regulatory and Legal Obligations: Only as required by law, ensuring transparency and accountability.
- International Transfers: When necessary, with robust security and compliance measures in place, including adherence to international data protection standards and agreements.
|
How long? | Your data will be retained for up to 7 years following our last interaction, in line with our Data Retention Policy. After this period, your information will be securely deleted unless further retention is required by law. |
Who can access my data? | Access is strictly limited to authorized personnel within Fix Health and selected partners who adhere to our privacy and security standards. Your data is never sold, shared, or distributed without your explicit consent. |
How is my data kept secure? | Secure Storage: On protected servers, employing industry-standard protocols and technology to safeguard your information against unauthorized access, disclosure, or misuse. |
Who are the third parties involved in the processing of my data? | Fix Health collaborates with a range of third parties to enhance our physiotherapy services. These include: - Service Providers and Partners: For appointment scheduling and electronic health records.
- Healthcare Platforms: To offer telehealth services and improve accessibility.
- Referral Systems: Connecting patients with the care they need efficiently.
- Marketing and Advertising Platforms: Collaborating with external platforms for through cookies and tracking technologies to better align our services with your interests.
- Legal and Compliance Authorities: Sharing data as required by law for regulatory compliance.
All third-party interactions are governed by strict data protection agreements to ensure your information is handled securely. |
How does Fix Health use WhatsApp for communication? | Fix Health utilizes WhatsApp as a key communication tool for: - Direct Communication: Scheduling and reminding about appointments, and answering patient inquiries.
- Information Sharing: Providing health tips, service updates, and personalized educational content.
Communications through WhatsApp are secured with end-to-end encryption, ensuring privacy and compliance with data protection laws. Your explicit consent is obtained before communication is initiated, and you have full control over your participation and data shared through WhatsApp. |
About This Privacy Policy
This policy sets out how we will collect, store and process the information that you provide to us, information we collect as a result of our interaction, the information we collect about you from other sources, or information we service about you by using the information we hold.
The General Data Protection Regulation (GDPR) describes how organisations must collect, handle, process, and store personal information. These rules apply regardless of whether data is stored electronically, on paper or on other materials. To comply with the law, personal information must be collected and used fairly, stored safely and not disclosed unlawfully. GDPR is underpinned by eight important principles. These say that personal data must:
- Be processed fairly and lawfully;
- Be obtained only for specific, lawful purposes;
- Be adequate, relevant, and not excessive;
- Be accurate and kept up to date;
- Not be held for any longer than is necessary;
- Processed in accordance with the rights of the data subjects;
- Be protected in appropriate ways;
- Not be transferred outside the UK, unless that country or territory also ensures an adequate level of protection.
We take these responsibilities seriously; this document describes our approach to data protection.
This policy helps to protect us from data security risks, including:
- Breaches of confidentiality. For instance, information being given out inappropriately;
- Failing to offer choice. For instance, all individuals should be free to choose how the company uses data relating to them;
- Reputational damage. For instance, the company could suffer if hackers successfully gained access to sensitive data;
- Any other risks inherent in the collection, storage, or processing of your data.
Who We Are And How To Contact Us
Fix Health is registered in India as Epione HealthCare Private Limited, previously known as Your Physio. The Data Protection Lead information is below -
Data Protection Lead - Ashhar Akhlaque
Company name: FixHealth
Contact: ashhar.akhlaque@yourphysio.in / contact@fixhealth.com
OUR ARTICLE 27 REPRESENTATIVE
We have appointed EU and UK Representatives under Article 27 of the EU GDPR and UK GDPR respectively. Our appointed representatives are:
Our UK Representative:
Under Article 27 of the UK Data Privacy Act, we have appointed a UK Representative to act as our data protection agent. Our nominated UK Representative is:
Dhiraj Kewalram Kapgate
+44-7768052989
kapgatedhiraj@gmail.com
34 Sunningdale Avenue, East Acton, W3 7NS
Who this privacy policy applies to
This privacy policy is dedicated to individuals interacting with Fix Health, encompassing clients, patients, physiotherapists, suppliers, partners, employees, and all other individuals whose personal data may be processed by us.
The necessity to process your data emerges from our commitment to providing you with premier physiotherapy services and ensuring the seamless operation of our business. This policy extends to all personal data held by Fix Health pertaining to identifiable individuals, regardless of whether that information technically falls outside the scope of the General Data Protection Regulation (GDPR). Such data includes, but is not limited to:
- Names of Individuals: Ensuring personal and direct communication, essential for creating a personalized healthcare experience.
- Contact Details: Vital for maintaining an open line of communication for appointments, services, updates, and necessary information sharing.
- Email Addresses: Crucial for electronic communication, including service notifications, health tips, and updates on our offerings.
- Telephone Numbers: Allows us to contact you directly for appointment scheduling, follow-ups, and to offer support as needed.
- Health Information: Including health history, treatment plans, and progress notes, essential for providing tailored physiotherapy services.
- Financial Information: For processing payments, billing, and managing transactions related to our services.
This list is not exhaustive, and additional information may be collected and processed as required to fulfill our service commitments to you and ensure the effective management of our business operations. Our dedication to your privacy and the protection of your data is unwavering, and this policy serves to affirm our commitment to data protection principles and regulatory compliance.
What this policy applies to
This section outlines the lawful basis for processing your data at Fix Health and encompasses the various types of information about you that you either directly provide to us or permit us to collect. This includes but is not limited to:
- Information You Provide Directly: This covers data shared when you reach out to us with inquiries, during the process of registering for our services, or through any form of communication with our team.
- Engagement with Our Services: Data provided when you engage with us to use our physiotherapy services, including any preliminary discussions about the nature and scope of the services you require.
- Website Usage Data: Information we gather about how you interact with our website, which helps us improve user experience and tailor our online services to better meet your needs.
- Service-Related Information: Includes all personal and financial details necessary to facilitate the provision of our services to you, manage transactions, billing, and to ensure the fulfillment of our contractual obligations.
- Ongoing Relationship Data: Information stored and managed as part of our continuous relationship, facilitating a seamless healthcare service experience.
- Interactions and Communications: Data collected through our interactions, whether for scheduling appointments, providing healthcare advice, or managing your care.
- Utilization for Service Enhancement: Leveraging the data we hold and collect from feedback and surveys to improve the services offered to you, ensuring they are tailored to your health needs and preferences.
- Retargeting and Marketing Data: Use of data to understand your preferences and history with our services to provide targeted advertisements across various platforms helping us to better align our marketing efforts with your interests.
How your information will be used
At Fix Health, we are committed to using your personal information responsibly and transparently, ensuring it's processed for specific purposes based on a lawful basis. Here’s how we plan to use your data:
Purpose/Activity | Type of data | Lawful basis for processing |
---|
To register you as a new patient | Identity, Contact | Performance of a contract with you, Consent |
To provide personalized physiotherapy services and manage appointments | Identity, Contact, Health, Other related data | Performance of a contract with you, Necessary for our legitimate interests in providing tailored healthcare services, Explicit consent for processing special category data (health) |
To process payments for our services | Identity, Contact, Financial, Transaction | Performance of a contract with you, Necessary for our legitimate interests to recover debts owed to us |
To communicate with you about your treatment plan, changes to our terms, services, or privacy policy | Identity, Contact, Health, Marketing and Communications | Necessary to comply with a legal obligation, Necessary for our legitimate interests to keep our records updated and to study how patients use our services, Consent |
To ensure the security and functionality of our website and IT systems | Identity, Contact, And Other related data | Necessary for our legitimate interests for running our business, provision of administration and IT services, network security, to prevent fraud |
To analyze how our services are used to improve patient experience | Technical, Usage | Necessary for our legitimate interests for running our business, provision of administration and IT services, network security, to prevent fraud |
To inform you about other health-related services and products that may interest you | Identity, Contact, Profile | Necessary for our legitimate interests to develop our services and grow our business, Consent |
To enable personalized marketing and retargeting | Identity, Contact | To enhance your experience by displaying tailored advertising based on your prior interactions with our services, so you are informed about treatments and offers that may interest you. |
Additional Information We Collect:
- Demographic Information: Including gender, age, and occupation to tailor and improve our healthcare services.
- Health Information: Critical for providing personalized physiotherapy services. We process this data based on explicit consent.
- Device Information: IP addresses, browser types, and operating systems are collected to enhance system administration and user experience.
- Feedback and Survey Responses: To gather insights for service improvement and to better engage with our patients.
Your personal data will be stored securely and will only be shared as described in our privacy policy, ensuring it is protected and treated lawfully. We respect your privacy rights and provide clear options for controlling your information, including the right to access, correct, or delete your data.
Sources of Personal Information:
At Fix Health, we gather personal information through various means to ensure the provision of our physiotherapy services is both efficient and tailored to your needs. Here’s how we collect your data:
- Direct Interactions: Your data is collected when you sign up for our services, engage in treatment programs, or communicate directly with us through various channels, including in-person consultations, phone calls, and digital communications.
- Automated Technologies: As you navigate through our website, we collect information about your interactions and the resources you use, utilizing cookies and similar technologies to enhance your online experience and service personalization.
Use of Your Data:
We are committed to using your personal information responsibly. Primarily, your data is used for the purpose it was collected for, such as providing you with our healthcare services. Additionally, where we have your consent or another lawful basis, we may use your information to send you marketing materials about services, promotions, and offers that might interest you.
This document outlines how you can manage your preferences regarding the receipt of marketing information. It’s important to note that, irrespective of your marketing preferences, we may still send you essential communications related to the services you receive from us.
Marketing Communications:
You may receive marketing communications from us if:
- You have explicitly requested information from us.
- At the point of providing your details, you opted-in to receive marketing communications from us.
- You have not opted out of receiving marketing materials.
- We have a lawful basis to send you marketing communications.
- You have provided consent for retargeting campaigns, which utilize your previous interaction data to offer you personalized advertising.
Third-Party Marketing:
Before sharing your personal data with any external third party for marketing purposes, we will obtain your explicit opt-in consent. Your privacy is our priority, and you have the right to withdraw your consent at any time, either by contacting us directly or through the preference settings on your account.
How to change your preferences
We operate in line with the GDPR data protection guidelines. We respect your rights and will respond to any request for access to personal information and requests to delete, rectify, transfer, data and to stop processing. We will also advise you on how to complain to the relevant authorities. Wherever possible any requests or objections should be made in writing to the Data Controller, or you can visit our website, call, or email us to contact us to exercise your rights, make a complaint, or change your preferences at any time.
Opting out at a later date
Where you give your consent for us to process your data, for example when you agree to us sending you marketing information or where you agree to us processing financial data, you can contact us to amend or withdraw your consent at any time. You can also choose to object to processing and request deletion of your data. We respect all user rights as defined in GDPR. If you have any comments or wish to complain please contact us.
How we store and process your data
At Fix Health, safeguarding your personal data is our top priority. Below are the practices we adhere to in storing and processing your information:
Secure Collection, Storage, and Processing
- Data Storage Location: Your personal data is primarily stored in India. Additionally, we utilize various processors located in other countries to support our services.
- International Transfers: For data transferred internationally, we ensure robust protections are in place. This is achieved through Data Processing Agreements (DPAs) and other appropriate mechanisms(TOMS) with all our processors, regardless of their location, to secure your data in accordance with global data protection standards.
- Security Measures: We implement advanced security measures to protect your data against unauthorised access or disclosure, loss, or destruction. These include encryption, access control, and secure data transfer protocols.
Data Retention
Retention Period: We retain personal data for up to 7 years to comply with our legal obligations, manage our operations effectively, and protect both our interests and those of our patients. This duration allows us to fulfill healthcare regulations and address any legal matters efficiently.
Purpose and Use of Data
- Specified Purposes: Your personal data is processed exclusively for the purposes for which it was collected, such as delivering physiotherapy services, administrative tasks, and improving patient care.
- Adapting to New Purposes: Should there be a need to process your data for a new, yet compatible purpose, we will inform you, clarifying the legal basis and how it aligns with the original purpose of collection. For any concerns or questions, please do not hesitate to contact us.
- Handling Unrelated Purposes: If it becomes necessary to use your data for an unrelated purpose, we will provide prior notification and explain the legal justification for such processing.
Legal Disclosure and Obligations
- Compulsory Disclosure: There may be legal requirements that compel us to disclose your data without advance notice, such as in response to legal proceedings or to protect our legal rights.
- Protection and Compliance: Our commitment to protecting your data extends to ensuring compliance with legal requests that are justified and reasonable, always under the premise of lawful requirements.
Our obligations
As Fix Health, we hold the role of a Data Controller. This means we are legally accountable for the handling of the information you entrust to us. We adhere strictly to the General Data Protection Regulation (GDPR) and other relevant data protection laws in managing and sharing your personal data. Our commitment to these standards ensures that your data is treated with the utmost care and respect.
Your Rights Under Data Protection Laws
You have several rights under data protection laws concerning your personal data. These rights empower you to maintain control over your information:
- Access: You can request a copy of the personal data we hold about you.
- Correction: If any data we hold is incorrect or incomplete, you have the right to have it corrected.
- Erasure: You can ask us to delete or remove your personal data under certain circumstances.
- Objection: You have the right to object to the processing of your personal data in specific cases.
- Restriction: You can request that we restrict the processing of your personal data.
- Transfer: You have the right to request the transfer of your personal data to you or another party.
- Withdraw Consent: Where we rely on consent to process your personal data, you have the right to withdraw that consent at any time.
Making a Request
- No Fees Generally Required: Accessing your personal data or exercising your rights doesn’t usually incur a fee. However, we reserve the right to charge a reasonable fee or refuse a request if it is clearly unfounded, repetitive, or excessive.
- Verification of Identity: To protect your data, we may ask for specific information to verify your identity when you make a request. This ensures that your data is not disclosed to anyone who does not have the right to receive it.
- Response Time: We aim to respond to all valid requests within one month. For complex or multiple requests, this period may extend beyond a month. We will inform you in such instances and keep you updated on the progress.
Third Parties
We may have to share your personal data with selected third parties in order to meet our obligations to you and for the purposes described in this document:
- IT and System Administration Services Providers: AWS is used for hosting, and for comprehensive cloud computing solutions. Including AWS S3 and MongoDb for secure cloud data storage.
- Customer Relationship Management (CRM) and Communication Tools: We use LeadSquared for CRM purposes, and WhatsApp for direct communication with our patients, ensuring efficient and timely interactions.
- Form and Data Collection Tools: JotForm is utilized for online form submissions, gathering feedback, and collecting necessary patient information securely
- Data Processors and Analytics Services: Google Analytics helps us analyze website traffic and user interactions, enabling us to improve our online services and marketing strategies.
- Social Media Platforms: We engage with platforms like Google, Facebook and Twitter for marketing purposes, targeted advertising, and facilitating social media interactions.
- Project Management and Organization Tools: Airtable is used for organizing patient information, scheduling, and task management, enhancing operational efficiency.
- Video Recording and Storage Solutions: For video consultations and storing diagnostic images, we use secure video services and cloud storage solutions, ensuring that sensitive health data is handled with the utmost care and confidentiality.
- And, other similar software products we may use from time to time to offer our services.
- Professional Advisers: Our network includes legal and financial advisers, auditors, and insurers who provide essential services such as legal advice, fraud protection, and financial auditing.
- Healthcare Professionals and Equipment Providers: To deliver comprehensive physiotherapy services, we collaborate with a wide range of healthcare professionals and equipment suppliers.
- Regulatory Authorities: Where necessary, we disclose information to government organizations, regulatory bodies, and legal authorities in compliance with legal obligations.
- Corporate Group: Data may be shared within our group of companies for internal administrative purposes, subject to strict data protection measures.
- Business Transfers: In the event of a merger, acquisition, or asset sale, personal data may be part of the transferred assets.
We require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions.
Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know such data. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
Where required under GDPR will report any breaches or potential breaches to the appropriate authorities within 24 hours and to anyone affected by a breach within 72 hours. If you have any queries or concerns about your data usage, please contact us.
Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
Cookies
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added, and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences. We use traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
As well as your ability to accept or reject cookies, we also require your permission to store cookies on your machine, which is why when you visit our site, you are presented with the ability to accept our terms of use, including the storage of cookies on your machine.
Contacting us, exercising your information rights and Complaints
If you have any questions or comments about this Privacy Policy, wish to exercise your information rights in connection with the personal data you have shared with us or wish to complain, please contact: Ashhar Akhlaque(ashhar.akhlaque@yourphysio.in), Fix Health. We aim to process data protection requests within 30 days, SAR responses are usually free, but we reserve the right to charge for excessive or unfounded requests. We fully comply with Data Protection legislation and will assist in any investigation or request made by the appropriate authorities.
If you remain dissatisfied, then you have the right to apply directly to your local data protection authority. You can find the list at:
https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm