top of page

Privacy Notice

MBS Physio Privacy Notice

At MBS Physio, I am committed to protecting your personal information and respecting your privacy. This notice explains how I collect, use, store, and protect your data in accordance with UK GDPR and the Data Protection Act 2018.

 

1. Who I am

  • Data Controller/Data Protection Officer: Mark Suttie of MBS Physio

  • Contact details: Address: 135 Stanbridge Road, Leighton Buzzard, LU7 4QA Email: mark.suttie@mbsphysio.co.uk Phone: 07783 137734

  • ICO registration reference: ZB995612

 

2. What data I collect

I may collect and store the following information about you:

  • Personal details: name, address, date of birth, contact details, next of kin

  • Health information: medical history, treatment notes, GP details, referral letters, reports

  • Administrative details: appointment history, payment information

 

3. Why I collect your data (Lawful Basis)

I process your personal data and health data to:

  • Provide safe and effective physiotherapy in accordance with the HCPC standards

  • Keep accurate medical records in line with legal and professional obligations

  • Communicate with you about your care, appointments, or billing

  • With your consent, share relevant information with other healthcare professionals as required

My lawful bases for processing are:

  • Provision of healthcare (public interest in the area of public health)

  • Legal obligation (to maintain clinical records)

  • Consent (only where you have given specific permission, e.g. sharing with insurers or third parties)

 

4. How I store your data

  • No paper records are kept. If received, these will be transferred to an electronic encrypted system and then destroyed

  • Electronic records are stored securely on encrypted systems

  • Access is restricted to authorized personnel only i.e. just me

 

5. How long will I keep your data

I follow healthcare record retention guidelines:

  • Adults: 8 years after your last treatment

  • Children: until age 25 (or 26 if treated at 17)

After this period, your records will be securely destroyed.

 

6. Sharing your data

I will not share your information with third parties unless:

  • You give explicit consent (e.g. to share with your GP, consultant, insurer)

  • We ae legally required to do so

We will never sell your data.

 

7. Your rights

You have the right to:

  • Access a copy of your records

  • Request corrections to inaccurate information

  • Request erasure of your data (unless I am legally required to keep it)

  • Restrict or object to how I use your data

  • Request data portability

To exercise these rights, contact Mark Suttie at the above contact details in section 1.

 

8. Data breaches

If a data breach occurs that risks your rights or freedoms, I will inform both you and the Information Commissioner’s Office (ICO) within 72 hours, where required.

 

9. Complaints

If you are concerned about how I handle your data, please contact me first.

If you are not satisfied, you can complain directly to the ICO:

Website: www.ico.org.uk

Tel: 0303 123 1113

bottom of page