Playphysio supports individuals in keeping to their treatment routine with the ‘gamification’ of the treatment, whilst also allowing for detailed analysis of the treatment undertaken by the user. This involves the processing of personal data, and this policy sets out how we (‘Playphysio’) use personal data. Playphysio are the Controller of personal data and are registered with the Information Commissioners Office (ICO) reg. No. A8704156
Type of data
We collect data about three main sets of people:
Playphysio Users (individuals who use the Playphysio in their treatment)
This data includes:
- Name
- Date of Birth
- Gender
- Ethnicity
- Country of Residence
- Health data provided by Playphysio User or Third Party Users
- Health data captured by Playphysio
Payee Users (those who purchase the service, typically Parents of a User)
This data includes:
- Name
- Contact Details
- Address
- Country of Residence
- Payment details (managed by a third party, not held by Playphysio)
Third Party Users (those who have access to a Playphysio Users data, such as a NHS clinical staff or a family member)
- Name
- Contact Details
- Organisation (if applicable)
Purposes of Processing
We use the personal data collected for a number of purposes outlined below. In line with data protection requirements, we have also listed the lawful basis for each purpose. Under privacy law, we require an exemption to process ‘special category data’. This type of data includes data relating to health, sex and ethnicity.
Purpose | Lawful Basis (Article 6 of GDPR) | Special Category Exemption (Article 9 of GDPR) |
Provision of PlayPhysio Services which includes allowing patients to play interactive games whilst completing their physiotherapy | Consent | Explicit Consent |
Storing health data regarding the user compliance with the physiotherapy programme,which can be accessed by health professionals. | Consent | Explicit Consent |
Managing the general commercial relationship with the user, including the making of payments and managing the subscription more generally. | Legitimate Interest | None required |
Product safety monitoring, including monitoring for adverse events and side effects. | Legal Requirement (under Medical Device regulation) | |
Seeking qualitative feedback to improve services. | Legitimate Interest | None required |
Data analytics to improve the product, potentially develop new products, and show an economic benefit from increased compliance through use of the app. | Legitimate Interest | |
Conducting research on the data in partnership with third party organisations subject to required ethics approval | Consent (where not fully anonymised) | Explicit Consent (where not fully anonymised) |
You are able to withdraw your consent for any purposes relying on consent at anytime by [insert consent withdrawal process]
Sharing your data
We will only share your data with our suppliers when necessary for one of the purposes above. Our suppliers are as follows:
- Amazon Web Services – where our data is hosted.
- Payment Service – who processes payments for Playphysio.
- Distribution provider – who distribute the PhysioPal device when purchased online.
Partner Organisation
Care providers – Where the service is purchased on your behalf by an care provider, such as an NHS Organisation, the clinician involved with the care will be able to access personal data about their patients
Research partners – personal data will only be shared with research partners where explicit consent has been gained. When using for research purposes, only the minimum necessary data will be used and pseudonymised to protect your identity where possible.
Location
We will store your data in the UK if you are located in the UK. If you are located within the EEA we will store your data within the EEA.
Retention
We will hold on to your personal data for as long as you use Playphysio, as is necessary to provide you with the service. Your personal data will be deleted after 12 months of inactivity on the account. You can request to delete your data at any time.
Rights
Data protection law gives you a number of rights in relation to personal data
Right of access
You are able to request a copy of the personal data that Playphysio holds about you / your child
Right to rectification
You are able to have inaccurate about you / your child corrected
Right of erasure
You are able to request Playphysio deletes the personal data held about you / your child
Right to data portability
You are able to request Playphysio to transmit your personal data to another organisation
Right to object
You are able to object to Playphysio processing your personal data for certain purposes
Not all rights are absolute, and there are exemptions to these rights in certain circumstances.
If you wish to exercise any of these rights, or If you have any questions about how we use personal data to provide the Playphysio product, please contact will@play.physio
You have the right to contact and complain to the UK’s data protection regulator: casework@ico.org.uk