SimplyAthletic Limited Customer Privacy Notice
At SimplyAthletic, we are committed to protecting the privacy and confidentiality of our clients. We encourage all users to read this policy carefully because it outlines important information regarding:
Who we are
How we collect, use, store and share your personal information ,
How we protect personal and sensitive information, ensuring compliance with applicable privacy laws and regulations
Your rights in relation to your personal information
How to contact us and supervisory authorities in the event that you have a complain
Registered name: SimplyAthletic Limited
SimplyAthletic Limited (‘we’, ‘us’, ‘our’) is a Private Limited Company (company number 16063180), registered at the following address: Bishopstone, 36 Crescent Road, Worthing, West Sussex, United Kingdom, BN11 1RL.
We collect, use and are responsible for storing certain personal information about our clients and the users of the website, referenced as you (‘you’, ‘your’, ‘yours’).
This privacy notice tells you what to expect us to do with your personal information.
What information we collect, use, and why
Lawful bases and data protection rights
Where we get personal information from
Contact details
Stuart Pearce – Director
Alexandra Sasebes – Director
Telephone +44 7821 167185
Email info@simplyathletic.co
What information we collect, use, and why
We collect or use the following information to provide sports injury rehabilitation, manual therapy and strength and conditioning services:
Name, address and contact details
· Gender
· Date of birth
· Emergency contact details
· Health information (including medical conditions, allergies, medical requirements, medical history, details of injuries, treatment plans, and progress notes)
· Test results (including MRI scans, ultrasound scans, x-rays, bloods)
· Payment details (including card or bank information for transfers and direct debits)
We also collect the following information to provide sports injury rehabilitation, manual therapy and strength and conditioning services:
· Genetic information
· Health information
We collect or use the following information for safeguarding or public protection reasons:
· Name, address and contact details
· Emergency contact details
· Health information (including medical conditions, allergies, medical requirements, medical history, details of injuries, treatment plans, and progress notes)
· Test results (including MRI scans, ultrasound scans, x-rays, bloods)
We also collect the following information for safeguarding or public protection reasons:
· Genetic information
· Health information
We collect or use the following personal information for patient app or portal functionality:
· Names and contact details
· Addresses
· Medical history
· Payment details
· Account information, including registration details
· Information used for security purposes
· Marketing preferences
We collect or use the following personal information to comply with legal requirements:
· Name
· Contact information
· Health information (including medical conditions, allergies, medical requirements, medical history, details of injuries, treatment plans, and progress notes)
We also collect the following information to comply with legal requirements:
· Genetic information
We collect or use the following personal information for information updates, marketing or market research purposes:
· Names and contact details
· Marketing preferences
· Website and app user journey information
· IP addresses
We collect or use the following personal information for dealing with queries, complaints or claims:
· Names and contact details
· Address
· Account information
· Purchase or service history
· Witness statements and contact details
· Relevant information from previous investigations
· Customer or client accounts and records
· Financial transaction information
· Correspondence
We also collect the following information for dealing with queries, complaints or claims:
Health information (including medical conditions, allergies, medical requirements, medical history, details of injuries, treatment plans, and progress notes)
Test results (including MRI scans, ultrasound scans, x-rays, bloods)
Lawful bases and data protection rights
Under UK data protection law, we must have a “lawful basis” for collecting and using your personal information. There is a list of possible lawful bases in the UK GDPR. You can find out more about lawful bases on the ICO’s website.
Which lawful basis we rely on may affect your data protection rights which are in brief set out below. You can find out more about your data protection rights and the exemptions which may apply on the ICO’s website:
· Your right of access - You have the right to ask us for copies of your personal information. You can request other information such as details about where we get personal information from and who we share personal information with. There are some exemptions which means you may not receive all the information you ask for. You can read more about this right here.
· Your right to rectification - You have the right to ask us to correct or delete personal information you think is inaccurate or incomplete. You can read more about this right here.
· Your right to erasure - You have the right to ask us to delete your personal information. You can read more about this right here.
· Your right to restriction of processing - You have the right to ask us to limit how we can use your personal information. You can read more about this right here.
· Your right to object to processing - You have the right to object to the processing of your personal data. You can read more about this right here.
· Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you. You can read more about this right here.
· Your right to withdraw consent – When we use consent as our lawful basis you have the right to withdraw your consent at any time. You can read more about this right here.
If you make a request, we must respond to you without undue delay and in any event within one month.
To make a data protection rights request, please contact us using the contact details at the top of this privacy notice.
Our lawful bases for the collection and use of your data
Our lawful bases for collecting or using personal information to provide sports injury rehabilitation, manual therapy and strength and conditioning services:
Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
· Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
· Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.
· Legitimate interest:
o This refers to our business's legitimate interest in managing and operating effectively to provide you with the best products or services and a safe experience. Before processing your personal data for these purposes, we carefully assess and balance any potential impacts on you—both positive and negative—along with your rights. We do not use your personal data in ways where our interests are outweighed by the impact on you, unless we have your consent or are required or permitted to do so by law.
Our lawful bases for collecting or using personal information for safeguarding or public protection reasons are:
· Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
· Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
· Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.
Our lawful bases for collecting or using personal information for patient app or portal functionality are:
· Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
· Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
· Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:
o This refers to our business's legitimate interest in managing and operating effectively to provide you with the best products or services and a safe experience. Before processing your personal data for these purposes, we carefully assess and balance any potential impacts on you—both positive and negative—along with your rights. We do not use your personal data in ways where our interests are outweighed by the impact on you, unless we have your consent or are required or permitted to do so by law.
Our lawful bases for collecting or using personal information to comply with legal requirements are:
· Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
· Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
· Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.
Our lawful bases for collecting or using personal information for information updates, marketing or market research purposes are:
· Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
Our lawful bases for collecting or using personal information for dealing with queries, complaints or claims are:
· Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
· Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
· Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.
· Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:
o This refers to our business's legitimate interest in managing and operating effectively to provide you with the best products or services and a safe experience. Before processing your personal data for these purposes, we carefully assess and balance any potential impacts on you—both positive and negative—along with your rights. We do not use your personal data in ways where our interests are outweighed by the impact on you, unless we have your consent or are required or permitted to do so by law.
Where we get personal information from
· Directly from you
· Family members or carers if client is under 18 years of age
· Other health and care providers
· Schools, colleges, universities or other education organisations
· Insurance companies
· Publicly available sources
· Councils and other public sector organisations
· We would obtain personal information from other healthcare providers such as imaging providers, subsequent to a referral from us, which the client would have consented for, for services such as MRI scans, X-Rays, ultrasound scans, etc.
· We would obtain personal information from other healthcare providers such as doctors, physiotherapists, osteopaths, manual therapist upon a client referral for our services. The client would have had to consent for their personal information being shared with SimplyAthletic.
Acuity Scheduling (via website powered by Squarespace), when scheduling an appointment or call. We share this information with Squarespace, our scheduling service provider, so that they can provide online booking services to us (see Squarespace / Acuity Scheduling Privacy Policy).
Google Workspace Applications:
Note taking system for the in-person sports injury rehabilitation, manual therapy and strength and conditioning services
Medical / Performance Intake Forms
Stripe - Processing payments system (see Stripe Privacy Policy)
TeamBuildr App, the platform to access the rehabilitation and strength and conditioning plans (see TeamBuildr Privacy Policy)
Social media platforms
Voluntary filled feedback questionnaires, support requests, newsletter sign-ups, promotion sign-ups, alert sign-ups.
Children
Our website is not intended for children (anybody under the age of 18). We do not intend and do not knowingly collect personal information from children, without their parent, guardian or carer’s consent.
Failure to provide personal data
Should you refuse to provide your personal information we requested from you, in order for us to comply with the law and to fulfil the terms of a contract we have with you, we may not be able to perform the contract we have with you or are trying to enter into with you (e.g. to provide you with our services). As a result, we may have to cancel the services you have booked with us. You will always be notified should this be the case.
How long we keep information
Your personal information will only be kept for the period of time which is necessary for us to fulfil the above purposes.
We envisage that your personal information shall be retained by us as follows:
Data will only be kept as long as needed for the specific purpose it was collected for.
Financial data must be retained for a minimum of 6 year from the end of the last financial year due to tax and accounting regulations.
If data is held based on consent, it should be retained as long as consent is valid. If it is based on legitimate interest (such as for marketing), it can be retained until the individual objects to the processing.
Health-related data must be kept for a minimum of 8 years after treatment and children’s notes should be kept until the patient’s 25 birthday.
Who we share information with
Others we share personal information with
· Other health providers (eg GPs and consultants)
· Care providers
· Organisations we need to share information with for safeguarding reasons
· Emergency services
· Legal bodies or authorities
· Publicly on our website, social media or other marketing and information media upon receiving consent from the client
Duty of confidentiality
We are subject to a common law duty of confidentiality. However, there are circumstances where we will share relevant health and care information. These are where:
· you’ve provided us with your consent (we have taken it as implied to provide you with care, or you have given it explicitly for other uses);
· we have a legal requirement (including court orders) to collect, share or use the data;
· on a case-by-case basis, the public interest to collect, share and use the data overrides the public interest served by protecting the duty of confidentiality (for example sharing information with the police to support the detection or prevention of serious crime);
· If in England or Wales – the requirements of The Health Service (Control of Patient Information) Regulations 2002 are satisfied; or
· If in Scotland – we have the authority to share provided by the Chief Medical Officer for Scotland, the Chief Executive of NHS Scotland, the Public Benefit and Privacy Panel for Health and Social Care or other similar governance and scrutiny process.
Data Security
We have implemented appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
We have put in place procedures to deal with any security data breach, which shall be reported and dealt with in accordance with data protection laws and regulations. You shall also be notified of any suspected data breach concerning your personal information, where we are legally required to do so.
However, despite our extended efforts to secure your information, no electronic transmission over the internet or information storage technology could be entirely secure. We cannot always guarantee that unauthorised access will not be able to defeat our security.
Despite our best efforts to protect your personal information, transmission of personal information to and from our website is at your own risk. You should only access the website within a secure environment.
How to complain
If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice.
If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the ICO.
The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
Website: https://www.ico.org.uk/make-a-complaint
Last updated 15 December 2024