Privacy Policy

Hi there, we are Hand Therapy Specialists of Nuffield Hospital, Kingswood Road, Tunbridge Wells, Kent TN2 4UL.

This is our updated Privacy Policy, which sets out how we handle your personal information if you’re a Hand Therapy Specialists client or visitor to our website, in accordance with the latest EU General Data Protection Regulations.

When we say ‘we’, ‘us’ or ‘Hand Therapy Specialists it’s because that’s who we are and we own and run this business and website.

If we say ‘policy’ we’re talking about this Privacy Policy. If we say ‘user terms’ we’re talking about the rules for using this website. If we say ‘client’, we any person or company who uses our services. Our services include Hand Therapy, Hand Occupational Therapy, Hand Physiotherapy and Consultation services.

The type of personal information we collect

We collect certain personal information about visitors and users of our site and services.
The most common types of information we collect include things like:

  • Names, telephone numbers and email addresses, when someone makes a general enquiry by phone, email or via our website General enquiries contact form.
  • Names, telephone numbers and email addresses; diagnosis, other personal data such as date of birth and GP or Consultant name when someone submits an Online Self-Referral form on our website.
  • IP addresses, location (by country), browser type and other web analytics data when someone visits our website.
  • General queries via a general contact form on our website.
  • Basic contact details when someone interacts with a post on our social media pages and profiles.
  • Names, telephone numbers and email addresses; diagnosis, other personal data such as date of birth and GP or Consultant name given by the client when completing a hard-copy Registration form on arrival.
  • Hand-written clinical notes taken during consultations in accordance with confidentiality best practice, guidance and regulations.
  • Contact and identifying details contained within patient letters.

How we collect personal information

We collect personal information directly when you provide it to us, automatically as you navigate through the website, or when you interact with a social media posting.

Personal information we collect about you from others

Although we generally collect personal information directly from you, on occasion we also collect certain categories of personal information about you from other sources. In particular:
Third party service providers (like Google and Facebook) who are located in the US, which may provide basic browsing information as you navigate through our site, or other information when you interact with our social media profiles. This information varies and is controlled by that service provider or as authorized by you via your privacy settings at that service provider.

How we use personal information

We will use your personal information:

  • To fulfil a contract, or take steps linked to a contract: in particular, in carrying out Hand Therapy services.
  • To create and send invoices for contracted work completed to our clients.

Where this is necessary for purposes which are in our legitimate interests. These interests include:

  • operating our website;
  • providing you with services described on the website;
  • updating you with operational news and information about our website and services e.g. to notify you about changes to our website or services, website disruptions or security updates;
  • carrying out technical analysis to determine how to improve our website and the services we provide;
  • monitoring activity on our website, in order to identify potential fraudulent activity and prevent spam and ‘hacking’, and to ensure compliance with the user terms that apply to this website;
  • managing our relationship with you, e.g. by responding to your comments or queries submitted to us on our website or asking for your feedback.
  • managing our legal and operational affairs (including, managing risks relating to content and fraud matters);
  • improving our products and services; and providing general administrative and performance functions and activities.

Where you give us consent:

  • providing you with important information about products and services which we feel may interest you; and
  • providing you with forthcoming holiday dates and emergency contact procedures; and

For purposes which are required by law.

  • For the purpose of responding to requests by government, a court of law, or law enforcement authorities conducting an investigation.
  • When we disclose your personal information

We do not usually need to disclose your personal information to any third party in order to deliver our services.
There may be certain circumstances in which we need to disclose your personal information, for example:

  • To regulators and government authorities in connection with our compliance procedures and obligations;
  • a purchaser or prospective purchaser of all or part of our assets or our business, and their professional advisers, in connection with the purchase;
  • a third party to respond to requests relating to a criminal investigation or alleged or suspected illegal activity;
  • a third party, in order to enforce or defend our rights, or to address financial or reputational risks;
  • a rights holder in relation to an allegation of intellectual property infringement or any other infringement; and
  • ther recipients where we are authorised or required by law to do so.

Where we transfer and/or store your personal information

We are based in the United Kingdom, and your data is processed and stored in the United Kingdom.

How we keep your personal information secure

Most of our information is kept in digital form. All digital personal information (including names, addresses, telephone numbers and email addresses) is stored on a protected local computer network, to which only people engaged in activities directly relating to the business have access. The internet connection, local area network (LAN), computer terminals and documents containing personal data are all password protected and never routinely shared via email or stored on ‘cloud’ services, with the exception of patient letters and records, which are sometimes shared via iCloud and or Google Drive, and any personal information sent and received via email when therapists communicate with each other or with the client’s GP. You can read the iCloud Privacy Policy here, and the Google Drive Privacy Policy here.

Some information is stored in hard-copy form (mainly Registration forms and patient notes) and these are kept in a locked filing cabinet onsite at the medical clinic or hospital that the patient is attending, and to which only people engaged in Hand Therapy Specialists services have access.

Hard copy patient notes are destroyed by confidential waste disposal after 7 years. We retain digital records within our billing software.

Our website is secured by an SSL Certificate which uses end to end encryption on every page and a website security package which includes a firewall, ‘brute force’ attack protection, file system and database enhanced security and reCaptcha fields to minimise automated spam.

Third Party Services

We use some third party services, some of which have access to your personal information – either provided by us or by you.
These third parties include:

  • 20i – hosting provider and domain registrar. We will provide personal data (including name, address and telephone number) as required by UK and international law for domain registration purposes only. We do not need to provide personal information for web hosting services. Clients may collect, process and store their own and their customers’/clients’ personal information on our 20i servers, which are located in the UK. You can read the 20i Privacy Policy here.
  • Fredd Design – This company is our web design, development and hosting provider. You can read their Privacy Policy here.
  • AwStats – website analytics application. AwStats is an open source log file analyser, which operates on the website server, collecting and logging website traffic information. It does not use cookies, or any kind of tracking code, and collects anonymous data which helps us to monitor visitor traffic to our website, such as:
    • your IP address or proxy server IP address;
    • the domain name you requested;
    • the name of your internet service provider is sometimes captured depending on the configuration of your ISP connection;
    • the date and time of your visit to the website;
    • the length of your session;
    • the pages which you have accessed;
    • the number of times you access our site within any month;
    • the file URL you look at and information relating to it;
    • the website which referred you to our Sites; and
    • the operating system which your computer uses.
  • Trust Health Ltd – A billing service. You can read their Privacy Policy here.

How you can access your personal information

You have the right to:

  • request access to the personal data we hold about you.
  • request corrections of any errors in that data.
  • request erasure of the personal data we hold about you.

To make any of these requests, please contact us by email here or by post at the above address.

Communications Choices regarding your personal information

Where we have your consent to do so (ie. if you have subscribed to one of our e-mail newsletter lists or have indicated that you are interested in receiving offers or information from us), we send you marketing communications by email about products and services that we feel may be of interest to you. You can ‘opt-out’ of such communications if you would prefer not to receive them in the future by using the “unsubscribe” facility provided at the bottom of the communication itself.

You also have choices about cookies, as described below. By modifying your browser preferences, you have the choice to accept all cookies, to be notified when a cookie is set, or to reject all cookies. If you choose to reject cookies some parts of our sites may not work properly in your case.

Cookies and web analytics

We currently use any cookies on our website or may do so in the future. We therefore include of a ‘Cookies Declaration’ (in accordance with the PECR 2011).

Information About Children

Our website and services are not suitable for children under the age of 16 years, so if you are under 16 we ask that you do not use our website or give us your personal information.
If you are from 16 to 18 years, you can browse our site but you’ll need the supervision of a parent or guardian to request a quotation or become a client. It’s the responsibility of parents or guardians to monitor their children’s use of our website.

Information you make public or give to others

If you make your personal information available to other people, we can’t control or accept responsibility for the way they will use or manage that data. There are lots of ways that you can find yourself providing information to other people, like when you post a public message on a forum thread, share information via social media, or make contact with another user (such as a third party author) whether via our website or directly via email. Before making your information publicly available or giving your information to anyone else, think carefully. If you’re sharing information via another website, check the privacy policy for that site to understand its information management practices as this privacy policy will not apply.

How long we keep your personal information

We retain your personal information for as long as is necessary to provide the services to you and others, and to comply with our legal obligations. If you no longer want us to use your personal information or to provide you with our services, you can request that we erase your personal information and close your Hand Therapy Specialists account. Please note that if you request the erasure of your personal information we will retain information from deleted accounts as necessary for our legitimate business interests, to comply with the law, prevent fraud, collect fees, resolve disputes, troubleshoot problems, assist with investigations, enforce the terms of service and take other actions permitted by law. The information we retain will be handled in accordance with this Privacy Policy.

When we need to update this policy

We will need to change this policy from time to time in order to make sure it stays up to date with the latest legal requirements and any changes to our privacy management practices.
When we do change the policy, we’ll make sure to notify you about such changes, where required. A copy of the latest version of this policy will always be available on this page.

How you can contact us

If you have any questions about our privacy practices or the way in which we have been managing your personal information, please contact us.

If you’re a user or visitor in the European Economic Area these rights also apply to you:

For the purposes of applicable EU data protection law (including the General Data Protection Regulation 2016/679 (the “GDPR”), we are a ‘data controller’ of your personal information.

How you can access your personal information

You are also entitled to ask us to port your personal information (i.e. to transfer in a structured, commonly used and machine-readable format, to you), to erase it, or restrict its processing. You also have rights to object to some processing that is based on our legitimate interests, and, where we have asked for your consent to process your data, to withdraw this consent.

Where we require your personal information to comply with legal or contractual obligations, then provision of such data is mandatory: if such data is not provided, then we will not be able to manage our contractual relationship with you, or to meet obligations placed on us. In all other cases, provision of requested personal information is optional.

If you have unresolved concerns you also have the right to complain to data protection authorities. In the UK, the relevant authority is the Information Commissioner’s Office.

Both personal information and personal data have the same meaning in the context of this Privacy Policy.