top of page

Rehaspa GDPR Privacy Policy

Effective Date: 28/08/2024

Rehaspa ("we," "us," "our") is committed to safeguarding the personal data of our clients and website visitors in compliance with the General Data Protection Regulation (GDPR). This GDPR Privacy Policy outlines how we collect, use, process, and protect your personal data. Please read this policy carefully to understand your rights and our obligations under GDPR.

1. Data Controller

Rehaspa is the data controller responsible for the processing of your personal data. If you have any questions or concerns regarding how we handle your data, please contact us at:

Rehaspa
[Insert Physical Address]
Email: [Insert Email Address]
Phone: [Insert Phone Number]

2. Personal Data We Collect

We may collect the following types of personal data from you:

  • Identity Data: Name, date of birth, gender, and other identifiers.

  • Contact Data: Address, email address, phone number, and other contact details.

  • Health Data: Medical history, treatment records, and other health-related information.

  • Financial Data: Bank account details, payment card information, and billing information.

  • Technical Data: IP address, browser type, and other data collected through cookies and similar technologies.

  • Usage Data: Information about how you use our website and services.

3. Legal Basis for Processing Personal Data

We process your personal data under the following legal bases:

  • Consent: Where you have given clear consent for us to process your personal data for specific purposes, such as receiving newsletters or marketing communications.

  • Contractual Necessity: Where processing your data is necessary for the performance of a contract with you, such as booking and providing physiotherapy services.

  • Legal Obligation: Where we are required to process your data to comply with legal obligations, such as maintaining medical records.

  • Legitimate Interests: Where processing is necessary for our legitimate interests, such as improving our services, provided these interests do not override your rights and freedoms.

4. How We Use Your Personal Data

We use your personal data for the following purposes:

  • To provide and manage our physiotherapy services.

  • To communicate with you, including scheduling appointments and responding to inquiries.

  • To process payments and manage billing.

  • To comply with legal and regulatory requirements.

  • To improve our services and user experience on our website.

  • To send you marketing communications, subject to your consent.

5. Sharing Your Personal Data

We may share your personal data with:

  • Service Providers: Third-party providers who perform services on our behalf, such as payment processors, IT service providers, and marketing agencies.

  • Healthcare Providers: With your consent, we may share your health data with other medical professionals involved in your care.

  • Legal Authorities: Where required by law, we may disclose your personal data to regulatory authorities or other third parties to comply with legal obligations.

6. International Data Transfers

Your personal data may be transferred to and processed in countries outside of the European Economic Area (EEA). When we transfer your data outside the EEA, we ensure that appropriate safeguards are in place, such as standard contractual clauses, to protect your data in accordance with GDPR.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, or reporting requirements. The retention period may vary depending on the type of data and the legal obligations we must comply with.

8. Your Rights Under GDPR

Under GDPR, you have the following rights regarding your personal data:

  • Right to Access: You have the right to request access to your personal data and obtain a copy of it.

  • Right to Rectification: You have the right to request correction of any inaccurate or incomplete data.

  • Right to Erasure: You have the right to request the deletion of your personal data under certain circumstances (right to be forgotten).

  • Right to Restrict Processing: You have the right to request the restriction of processing of your personal data under certain conditions.

  • Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to request its transfer to another data controller.

  • Right to Object: You have the right to object to the processing of your personal data based on legitimate interests, direct marketing, or profiling.

  • Right to Withdraw Consent: Where processing is based on your consent, you have the right to withdraw your consent at any time.

To exercise any of these rights, please contact us using the information provided in the "Data Controller" section above.

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our website and analyze usage patterns. You can manage your cookie preferences through your browser settings. For more information, please see our Cookie Policy.

10. Changes to This Privacy Policy

We may update this GDPR Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any significant changes by posting the updated policy on our website and updating the effective date.

bottom of page