Privacy Policy

Introduction

Genesis Pilates gathers, uses and stores your personal information in accordance with this privacy notice and in compliance with the
relevant data protection regulation and laws (GDPR). This notice provides you with the necessary information regarding your rights and our
obligations, and explains how, why and when we process your personal data.

Genesis Pilates and Cliniko

Genesis Pilates is registered with Cliniko – a database service provider where any information you share is saved and stored securely with
end to end encryption. Cliniko is monitored 24 hours a day, 7 days a week, 365 days of the year. Cliniko’s hosting partner, Amazon Web
Services (AWS), has achieved the following accreditations and certifications: PCI DSS Level 1 (Payment Card Industry Data Security Standard), ISO 27001 (Information Security Management System), FIPS 140-2 (United States Federal Information Processing Standard). As a result, Genesis Pilates is exempt from registration with the Information Commissioners Office (ICO) register as Genesis Pilates does not act as the
data controller when processing your data and Cliniko meets or exceeds all regulations of the Australian Privacy Principles, GDPR, PIPEDA,
and HIPAA.

How your personal data is used at Genesis Pilates

The purposes and reasons for processing your personal data are detailed below:

• To provide you with the most effective assessment, diagnosis and treatment as well as to enable effective client accounting functions.
• To fulfil our obligations with any healthcare insurer you have that is contributing to the cost of your care.
• To organise and remind you of upcoming booked appointments and to inform you of any necessary changes that need to be made
  regarding booked appointments.
• To gain feedback about the services we have provided for you or to clarify / update any recent medical details.
• To comply with our legal obligations with regards to record keeping and to respond to any queries where we are legally required to do so.
• With your consent, to send you your individually tailored exercise programmes, guidance handouts and appropriate patient questionnaires via email.

Special Category Data

To deliver the best possible healthcare, Genesis Pilates will need to collect some more sensitive personal information (known as special
category data) from you such as your medical history, medications that you take etc. Where Genesis Pilates collects such information,
Genesis Pilates will only request and process the minimum necessary for the purpose of delivering safe, physiotherapy led, Pilates activities.

Your Rights

You have the right to access any personal information that Genesis Pilates processes about you and to request information about the
personal data and categories of information Genesis Pilates holds, how the data is stored and the recipients to whom the personal data
has/will be disclosed.

If you believe that Genesis Pilates holds any incomplete or inaccurate data about you, you have the right to ask for us to correct and/or
complete the information and Genesis Pilates will strive to do so as quickly as possible; unless there is a valid reason for not doing so, at
which point you will be notified.

You also have the right to request erasure of your personal data or to restrict processing (where applicable) in accordance with the data
protection laws; as well as to object to any direct marketing from Genesis Pilates. Where applicable, you have the right to data portability of
your information and the right to be informed about any automated decision-making Genesis may use.

If Genesis Pilates receives a request from you to exercise any of the above rights, Genesis Pilates may ask you to verify your identity before
acting on the request; this is to ensure that your data is protected and kept secure.

Sharing and Disclosing Your Personal Information

Genesis will not share or disclose any of your personal information without your consent, unless there is a legal or contractual requirement
to do so such as with your healthcare insurer. If the Physiotherapist feels that it would be beneficial for your care to liaise with other health
professionals such as GP’s, hospital consultants or therapists, Genesis Pilates will ask you to sign a separate consent disclosure form which
will detail the specific information and with whom it will be shared.

Transfers Outside the EU

Genesis Pilates Physiotherapist uses a company called Physiotec to help design a tailored exercise programme which is then emailed directly
to the client. This company is based outside of the EU and therefore your consent is required to use this facility.

The only shared information is your name and email address so that your individual exercise programme can be emailed directly to you.
Physiotec does not share, disclose or use your email address for any other reason.

Safeguarding Measures

We take your privacy seriously and take every reasonable measure and precaution to protect and secure your personal data. For this reason,
Genesis Pilates is a paperless company and all your information is stored online with database servers and clouds providing the most
current security. At Genesis Pilates your information will only ever be taken and viewed by the Physiotherapist at Genesis Pilates and
therefore this eliminates any unauthorised access, alteration, disclosure or destruction. All data is password protected and is kept and
stored in line with national guidance.

Consequences of Not Providing Your Data

You are not obligated to provide your personal information to Genesis Pilates, however, as this information is required to provide you with
a service, Genesis Pilates will not be able to offer some/all our services without it.

Data Retention Period

Genesis Pilates only ever retains personal information for as long as is necessary. We are required to keep your clinical information and basic
personal data for a minimum of 8 years after your last treatment. After this time, it will be erased from the system.

Where you have consented to us using your contact details for direct marketing, we will keep such data until you notify us otherwise and/or
withdraw your consent.