MK1 Bike, Body & Sole complies with the General Data Protection Regulation 2016 and the Data Protection Act 2018.

Introduction

This privacy notice applies to personal information processed by, or on behalf of, the business.

The General Data Protection Regulation (GDPR) became law on 24th May 2016. This is a single EU-wide regulation on the protection of confidential and sensitive information. It enters into force in the UK on the 25th May 2018, repealing the Data Protection Act (1998).

This Notice describes how we collect, use and process your personal data, and how, in doing so, we comply with our legal obligations to you. Your privacy is important to us, and we are committed to protecting and safeguarding your data privacy rights

Information we collect. 

To aid your treatment or as part of purchasing a service from our business you will normally provide us with certain information. We will store your information in two ways: on an electronic patient record and diary system which is fully password protected and / or on a paper record which is stored in a secure locked cabinet.

We collect basic personal data about you which does not include any special types of information or location-based information. 

We will also collect sensitive confidential data known as “special category personal data”, (which is information that, on its own or when combined with other information, can be used to identify you) that you provide to us, such as your first and last name, gender, image, email address, telephone number(s), postal address, post code, age, birth date, profile, location information, activity and performance information, weight, height and emergency contact details.

We collect information you voluntarily provide, as well as information that your computer, mobile phone, tablet, console or other device (collectively, “Device”) or browser provides automatically. 

Google Analytics: We use a tool called “Google Analytics” to collect information about your internet use. For example, how often you visit our site, the pages you visit, and what other Sites you may have visited prior to coming to our site. We use Google Analytics to gain insights into how our services are used and to help us improve our products and services. Although Google Analytics plants a permanent cookie on your web browser to identify you as a unique user the next time you visit this site, the cookie cannot be used by anyone but Google. To opt-out of Google Analytics, please use Google’s opt-out tool: https://tools.google.com/dlpage/gaoptout.

How We Use Your Personal Information?
We will maintain records about your health and any treatment, care or services you have received previously at our business. These records help to provide you with the best possible experience and to ensure you receive the best possible care, your records are used to facilitate the care / service you receive, to improve your experience, and to enforce our rights.

If we do not use your details for promotional purposes, we do not require your explicit consent to contact you, as all communication is covered by the legitimate interest of both us and yourselves, being that we need to use the data you have provided in order to provide the services you have chosen to receive.

We use the Personal Information we collect about and from you if you have used / plan to use / purchased services from us 

For example:

• We send certain marketing and appointment reminder communications to you.
• If you ask us to recommend products based on your metrics, we will need to use your Personal Information to match you with products we think would work best
• We do not share your Personal Information with third parties for their direct marketing purposes.
• If you consent, We use your health information to provide you with statistics and visualisations representing key data points from your Retül Bike fit or biomechanic assessment.
• When we have a legitimate interest to do so. For example:
  • To prevent fraud and protect the security of our Services;
  • To enforce our Terms of Use;
  • To communicate updates and improvements;
  • To carry our market research;
  • To develop and optimize our products and services;
  • To help us provide and operate the Service; and
  • To comply with our legal obligations.

Marketing

From time to time we may wish to send you direct marketing material which may include product offers and newsletters. We would ask for your consent to do this indicating in what forms you would like to receive this information: we collect this information on your initial assessment form.

Information Sharing and Disclosure

Information about our patients is important to our business. We share your personal information for very limited reasons and in limited circumstances, as follows:

• Medical professionals.  With your consent we will share information with medical professionals such as your GP or consultant to allow continuity of care.
• Service providers. We engage certain trusted third parties to perform functions and provide services to our business, such as external reception services. We will share your personal information with these third parties, but only to the extent necessary to perform these services.
• Compliance with laws. We may collect, use, retain, and share your information if we are legally required to.

Data Retention

We will generally store information associated with your account until it is no longer necessary to provide the Services, until you ask us to delete it, or until your account is deleted, whichever comes first; but there are some exceptions to this general rule. We will retain information from deleted accounts to comply with the law, prevent fraud, collect fees, resolve disputes, troubleshoot problems, assist with investigations, process warranty claims, distribute important product information (such as recall information), enforce our agreements, and take other actions permitted by law.

As we see a high number of patients with a long period of time between appointments, we may retain your personal information for the full duration, this enables comparisons to be made to provide better care / services.

You have the right to be forgotten. You can ask us to delete the information we hold on you at any time and we carry this out as soon as practical, usually within 24 hours. This will also close your account.

Where do we store your information.

Your MK1 records may be electronic, on paper, or a mixture of both, and we use a combination of working practices and technology to ensure that your information is kept confidential and secure.

No third parties have access to your personal data unless the law allows them to do so and appropriate safeguards have been put in place. 

We maintain a private database on our servers for the storage of all information collected through our Services. It is our practice to use encryption and password protection whenever we receive or transmit sensitive data.  We will take reasonable measures which we believe are appropriate to protect your information from loss, misuse, alteration or destruction

We use a variety of current technologies and processes and maintain physical, technical and administrative safeguards for the protection of our customer data. Although we will use all reasonable efforts to safeguard the confidentiality of your Personal Information, we cannot guarantee that these measures will always be 100% effective.

Email is not a secure form of communication. 

Your Rights

You have a number of rights in relation to your personal information. While some of these rights apply generally, certain rights apply only in certain limited cases. We describe these rights below:

• Access. You have the right to access and receive a copy of the personal information we hold about you by contacting us using the contact information below.
• Change, restrict, delete. You may also have rights to change, restrict our use of, or delete your personal information. In the case of health records these are normally exempt from change and deletion requests.
• Object. You can object to (i) our processing of some of your information based on our legitimate interests and (ii) receiving marketing messages from us after providing your express consent to receive them. In such cases, we will delete your personal information unless we have compelling and legitimate grounds to continue using that information or if it is needed for legal reasons.
• Complain. If you wish to raise a concern about our use of your information (and without prejudice to any other rights you may have), you have the right to do so with the Information Commissioner www.ico.org.uk

How can you access the personal data that you have given to us?

Data Subject Access Requests (DSAR): You have a right under the Data Protection legislation to request access to view or to obtain copies of what information the business holds about you and to have it amended should it be inaccurate. To request this, you need to do the following:

• Your request should be made to the business
• There is no charge to have a copy of the information held about you
• We are required to respond to you within one month
• You will need to give adequate information (for example full name, address, date of birth and details of your request) so that your identity can be verified, and your records located information we hold about you at any time.

Please note that we may keep a record of your communications to help us resolve any issues which you raise.

What should you do if your personal information changes?

You should tell us so that we can update our records. Please contact the business as soon as any of your details change, this is especially important for changes of address or contact details (such as your mobile phone number), the business will from time to time ask you to confirm that the information we currently hold is accurate and up-to-date.

You also have the right to be forgotten. You can ask us to delete the information we hold on you at any time and we carry this out as soon as practical, usually within 24 hours. This will also close your account.

Links

Mk1 contains links to other Web sites that may have different and even conflicting privacy policies from ours. We do our best to link to responsible sites, but we are not responsible for the privacy practices of these sites.

Children's Privacy

Although our site is a general audience web site that is not specifically designed for or targeted at children, the protection and safety of children is very important to Mk1 and we therefore encourage parents and guardians to participate in and supervise the online activities of their children.

We do not knowingly collect, use or disseminate any personally identifiable information from children under the age of 16. If, however, we become aware that personally identifiable information regarding a child under the age of 16 has been collected at our site, we will use such information for the sole purpose of contacting a parent or guardian of the child to obtain verifiable parental consent. If we cannot obtain consent after a reasonable period of time, or if when contacted a parent or guardian requests that we do not use or maintain such information, we will delete it from our records. Upon request by a parent or guardian, we will provide a description of the specific types of personal information collected from a child who is under the age of 16.

Objections / Complaints

Should you have any concerns about how your information is managed at the business, please contact the DPO. 

If you are happy for your data to be extracted and used for the purposes described in this privacy notice, then you do not need to do anything. If you have any concerns about how your data is shared, then please contact the Data Protection Officer.

Changes to our Privacy Policy

We may change our privacy practices, and we will update this page when we do. We encourage you to periodically review this page for the latest information on our privacy practices.

Data Protection Officer:

Mike Hatttan

Email: mike@mk1massage.co.uk