What personal data we collect and why we collect it
In order to provide our services, we need to collect personal information such as:
- your physical address, email, and phone number
- your age and gender;
- your height and weight;
- your current health service providers, including general medical practitioner;
- your current or past symptoms, injuries, diseases, conditions or disabilities;
- past operations, treatments, received, and programs undertaken;
- medications which you are currently taking or have taken;
- information about your family medical history where relevant to your own condition;
- information about your personal nutrition; and
- information about your lifestyle.
We use your Information to:
- process the registration of your online account and maintain your online account;
- process and complete orders you place via our website;
- provide our services to you;
- process and deal with any complaints or enquiries made by you;
- monitor, develop and improve our website and your experience;
- investigate any suspected breach of the Terms and Conditions and/or Acceptable Use Policy as relevant;
- if approved by you, refer you to a physical consultation
- send you emails with information about YourPhysio.online if you opt-in
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
When you contact us through our contact form, the emails are kept on our email server for communication purposes. No information that is sent through the form is shared with third parties or used for marketing purposes.
We use reCAPTCHA provided by Google Inc. (Google) to protect the submissions to our contact forms. This plugin checks if you are a person in order to prevent certain website functions from being (ab)used by spam bots. This plugin query includes the sending of the IP address and possibly other data required by Google for the Google reCAPTCHA service. For this purpose your input will be communicated to and used by Google. However, your IP address is previously truncated by Google within member states of the European Union or in other states which are party to the agreement on the European Economic Area and is, as such, anonymized. Only in exceptional cases is a full IP address transmitted to a Google server in the United States and truncated there. On behalf to the operator of this website, Google will use this information to evaluate your use of this service. The IP address provided by reCAPTCHA form your browser shall not be merged with any other data from Google.
By using the reCAPTCHA service, you consent to the processing of data about you by Google in the manner and for the purposes set above.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for seven days. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
This site might be using cookies on the admin side for establishing connections with third-party vendors for sending and receiving backups. These vendors include Google Drive, Dropbox, Amazon S3 and phpseclib for FTP accounts. Additionally, cookies may be set for potentially fixing cron requests at erratic servers. These cookies will last for 14 days.
When checking out on our site, the following cookies are used:
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
Who we share your data with
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes. You can send an email to email@example.com
Where we send your data
Visitor comments may be checked through an automated spam detection service.
Your contact information
Your contact information is exclusively used for contacting you with regards to the appointments you make with our therapists unless we explicitly ask to use it for marketing purposes.
How we protect your data
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
What data breach procedures we have in place
Our website employs data protection plugins that automatically notify us about potential data/security breaches.
This site may be using a third-party to store backups of its files and database where personal information is collected. These services include Google Drive, Dropbox, Amazon S3, FTP/SFTP for other servers and WPMU DEV cloud storage.
This site may be using WPMU DEV third-party cloud storage to store backups of its audit logs where personal information is collected.
This site gives the option to its administrators to set up third-party destinations for sending and receiving backups. To create these destinations, personal data is stored. This data includes the administrator’s name, email, UID and country for Dropbox accounts and credentials for FTP accounts.
This site creates and stores an activity log that capture the IP address, username, email address and tracks user activity (like when a user makes a comment). Information will be stored locally for 30 days and remotely for 1 year. Information on remote logs cannot be cleared for security purposes.
Legal Basis for Processing Personal Data under the General Data Protection Regulation (GDPR)
YourPhysio.online may process your Personal Data because:
- We need to perform a contract with you
- You have given us permission to do so
- The processing is in our legitimate interests and it is not overridden by your rights
- For payment processing purposes
- To comply with the law
Retention of Data
YourPhysio.online will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer periods.
Transfer of Data
Your information, including Personal Data, may be transferred to – and maintained on – computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction.
If you are located outside Netherlands and choose to provide information to us, please note that we transfer the data, including Personal Data, to Netherlands and process it there.
Disclosure of Data
YourPhysio.online may disclose your Personal Data in the good faith belief that such action is necessary to:
- To comply with a legal obligation
- To protect and defend the rights or property of YourPhysio.online
- To prevent or investigate possible wrongdoing in connection with the Service
- To protect the personal safety of users of the Service or the public
- To protect against legal liability
Security of Data
The security of your data is important to us but remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.
Your Data Protection Rights under the General Data Protection Regulation (GDPR)
If you are a resident of the European Economic Area (EEA), you have certain data protection rights. YourPhysio.online aims to take reasonable steps to allow you to correct, amend, delete or limit the use of your Personal Data.
If you wish to be informed about what Personal Data we hold about you and if you want it to be removed from our systems, please contact us.
In certain circumstances, you have the following data protection rights:
The right to access, update or delete the information we have on you. Whenever made possible, you can access, update or request deletion of your Personal Data directly within your account settings section. If you are unable to perform these actions yourself, please contact us to assist you.
The right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete.
The right to object. You have the right to object to our processing of your Personal Data.
The right of restriction. You have the right to request that we restrict the processing of your personal information.
The right to data portability. You have the right to be provided with a copy of the information we have on you in a structured, machine-readable and commonly used format.
The right to withdraw consent. You also have the right to withdraw your consent at any time where YourPhysio.online relied on your consent to process your personal information.
Please note that we may ask you to verify your identity before responding to such requests.
You have the right to complain to a Data Protection Authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority in the European Economic Area (EEA).
We may employ third party companies and individuals to facilitate our Service (“Service Providers”), provide the Service on our behalf, perform Service-related services or assist us in analysing how our Service is used.
These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
Facebook remarketing service is provided by Facebook Inc.
You can learn more about interest-based advertising from Facebook by visiting this page: https://www.facebook.com/help/164968693837950
To opt-out from Facebook’s interest-based ads, follow these instructions from Facebook: https://www.facebook.com/help/568137493302217
Facebook adheres to the Self-Regulatory Principles for Online Behavioural Advertising established by the Digital Advertising Alliance. You can also opt-out from Facebook and other participating companies through the Digital Advertising Alliance in the USA http://www.aboutads.info/choices/, the Digital Advertising Alliance of Canada in Canada http://youradchoices.ca/ or the European Interactive Digital Advertising Alliance in Europe http://www.youronlinechoices.eu/, or opt-out using your mobile device settings.
For more information on the privacy practices of Facebook, please visit Facebook’s Data Policy: https://www.facebook.com/privacy/explanation