Privacy Statement

PhysioFit Shetland Ltd Privacy Notice

8 Hillside Brae, Gulberwick, ZE2 9FD

At PhysioFit Shetland Ltd we are committed to high standards of practice in all our activities. Physiofit Shetland Ltd is committed to protecting your personal information and this privacy policy relates to our use of your personal information collected from you either in person or information you give us by letter/self referral, or over the telephone. We do not encourage personal/sensitive information to be sent via non secure means (email/SMS/private social media) however, if we receive this, our privacy policy explains how we collect and store this information.  All personal information is collected, held and used in strict compliance with the General Data Protection Regulation (GDPR) 2018, and in accordance with the standards of the Health Care Professional Council and Chartered Society of Physiotherapy. If email/SMS/voicemail/ private social media is used by you, we will transfer the data to our paper records and delete your message.

  • ‘Personal information’ means any information that is capable of identifying you.
  • ‘Sensitive data’ is a special category of personal data which includes health conditions
  • ‘We’ means Physiofit ShetlandLtd

We collect and process data because we have a legal obligation to do so and it is adequate, relevant and limited to what is necessary.

For the purposes of the GDPR, Linda Smith and Anne Williamson (directors), trading as PhysioFit Shetland Ltd, are the 'data controllers' (i.e. The entities who are responsible for and controls the processing of your personal data.)

Information Collected

We collect and process information when you telephone to make an enquiry or appointment or when you send a self-referral form.

At the point of enquiry or booking we may ask you for your name, date of birth, address, telephone number, e-mail address, registered health centre and details regarding your problem/condition

At your appointment at the clinic, we will ask for information regarding your general health, your previous health and information regarding the condition you are seeing advice about. We will also ask for information regarding any activities you undertake, your employment and any medication you take. We will record the findings of a physical examination. We record our diagnosis, treatment plan and specific problems/goals.

Information regarding your health is collected directly from you, or may be collected from another health provider with your permission.

If you enquire but do not attend an appointment you do not become a patient with us and we will not keep your data.


We do not collect any personal information from visitors to our website other than information that is knowingly or voluntarily given. Anonymous information may be collected, such as the number of visitors to the website in a given period but is purely statistical and cannot be used to identify an individual user. Cookies are not used to collect any other information from visitors to the website. Our website contains links to external sites, but we are not responsible for these sites.

How we may use your personal data

We may use your personal data for the following purposes:

  1. To provide a legal record of any treatment or advice we provide
  2. To ensure continuity of care
  3. To contact you in regard to your ongoing treatment including sending exercises by e-mail. We use a third party for this service (Physiotec). Physiotec, the processor, are compliant with GDPR.
  4.  To contact you if new information or treatments become available that may be of benefit to you.
  5. We may pass information with your permission to other medical professionals who may be involved in your care; this may include GPs, consultants, occupational health departments or other Health and Care Professions.
  6. We may use your information for quality feedback purposes.
  7. We may use your information for audit/admin purposes.
  8. We do not pass on your information for commercial purposes.

We take all reasonable steps to ensure that our information is kept up to date and rectified if necessary. It is also your responsibility to inform us if any personal information changes.

Disclosure of your information

We may pass information with your permission to other medical professionals who may be involved in your care; this may include GPs, consultants, occupational health departments or other Health and Care Professions.

This information may be passed on in the form of a written letter which is given to you - if this is the case, the letter becomes your responsibility and the protection of its contents is your responsibility.

If the information is passed electronically by email, it will be password protected and we will take all reasonable precautions to transmit the information securely. Otherwise it will be sent via post with your consent.

In certain circumstances, the GDPR allows personal data to be disclosed to law enforcement agencies without the consent of the data subject. Under these circumstances PhysioFit Shetland Ltd will disclose requested data where it is necessary to do so. However, the data controllers, will ensure the request is legitimate, seeking assistance from legal advisers where necessary.

Data Security and Storage

We take appropriate measures to safeguard the information we hold from unauthorised access or improper use. Our database is stored in a secure, password protected location. Only users authorised by us have access to this data.

Whilst we will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data which is transferred from you or to you via the internet. For this reason we prefer more secure means of transferring data.

Paper health records are stored in secure premises in locked cabinets. If we need to transport health records, e.g. to visit you at home, these records will be transported in a locked container.

Health records of adult patients must be stored for 6 years after the time of the last consultation. Child health records must be stored until the child's 25th birthday (or 26th birthday if aged 17 at the time of treatment). Maternity records must be stored for 25 years. When health records and other data are no longer required to be stored these will be destroyed securely and permanently.

Our website contains links to external sites, these sites have their own privacy policies and we are not responsible for their content, you should check their privacy policy prior to submitting any personal information.

Your rights

Under the GDPR an individual has the right to be informed about the collection and use of their data.

The information must be clear and transparent.

We must provide individuals with information including: the purpose for processing their personal data, the retention periods for that personal data, and who it will be shared with. We call this ‘privacy information’.

The privacy policy is available in print in the waiting room, it can be sent to the patient if requested and it is on our website

The right of access

Individuals have the right to access their personal data and supplementary information (subject access request). They may also request the purpose for which it is being collected, recipients, the retention period, rights of rectification, erasure and objections.

As an individual you must:

  • Put your request in writing to: PhysioFit Shetland Ltd, 8 Hillside Brae, Gulberwick, Shetland, ZE2 9FD
  • Provide proof of your identity and address (e.g. a certified copy of driving license or passport, and one recent utility bill)
  • Specify the personal data you want access to

This will be provided within 30 days in compliance with GDPR.

We can decline subject access request if it is unreasonable.

The right of rectification

Individuals may request that a controller rectifies any errors in their personal data or completed if it is inaccurate.

The right of erasure (the right to be forgotten)

Data subjects are entitled to ask a controller to delete their personal data.

This is not an absolute right and is dependent on the legal basis for collecting the data.

Restriction of processing

Data subjects may be entitled to limit the purpose for which the controller can process the data.

This means that they can restrict the way that their data is processed.

Data portability

Data subjects have the right to transfer their personal data between controllers and to use their data for their own purposes.

Object to processing

A controller must have a lawful basis for processing personal data. If the lawful basis is ‘public interest’ or ‘legitimate interest’ these are not absolute and data subjects have the right to object.

Right not to be evaluated on the basis of automated processing

Data subjects have the right not to be evaluated in any material sense solely on the basis of automated processing of their personal data.

Customers will be notified within 72 hours with any data breaches if this is high risk to the individual.

Further information is available from the ICO on the website –

Individuals also have the right to complain to the ICO.

Changes to our privacy policy

All changes will be notified on our website

Terms and Conditions

Please also read Physiofit Shetland's Terms and Conditions for Assessment and Treatment and Terms and Conditions for Use of Physiofit Shetland's Website.

Updated 25th May 2018. Due for review 1st June 2019.