This Privacy Notice will inform you of how we collect, use and look after your personal data, as well as telling you about your privacy rights and how the law protects you.
In this privacy notice, “Data Protection Legislation” means all applicable legislation which relates to the protection of individuals with regards processing personal data, including the Data Protection Act 218 and the General Data Protection Regulation (EU) 2016/679.
- WHO WE ARE
We are what is known as the “Controller” of your personal data. When we say “Sports Medicine Centre”, “we”, “us” or “our” in this Privacy Notice, we mean THE NATIONAL STADIUM SPORTS MEDICINE CENTRE which has its registered office at Hampden Park, Glasgow G42 9ED with Company Number SC216318.
- INFORMATION THAT WE COLLECT FROM YOU
- What is personal data?
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data from which an individual can no longer be identified (anonymous data).
- What personal data do we collect from you?
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together follows:
- Identity details: full name, title, date of birth, sex and age.
- Contact details: postal address, postcode, telephone numbers (home, mobile and work), and email address.
- Payment details: your method of payment, your insurance details (where payment is being covered by insurance), and records of the payments which you have made to us.
- Technical data: including your internet protocol (IP) address and information obtained by cookies on our website (see section 11 below).
- What “Special Categories” of personal data do we collect?
“Special Categories” of personal data is information which is particularly sensitive and is afforded higher levels of protection. We need to have further justification for collecting, storing and using this type of personal data. We may collect and store the following Special Category personal data:
- Information about your injury: we will collect information about the injury for which we are providing you with treatment for, this information is collected from you, other professionals involved in your treatment, and from our own observations during the course of your treatment.
- Medical History: we will collect information about any previous injuries and medical conditions which you suffer from.
- Medical Professionals: we will collect details of any other medical professional who is involved in your care (e.g. your GP).
- Health Questionnaire Information: when we are undertaking an assessment of your health, your lifestyle, or an athlete screening assessment, we will collect information on your occupational history, marital status, smoker status, alcohol consumption, family health history, vaccination history, past medical history, details of your activity levels, medication history, general health history, and general health concerns. This information is necessary to allow us to develop a suitable health and fitness programme, and to properly treat any injury which you have.
We process your Special Category personal data in providing you with treatment for your injury. When we are processing your Special Category personal data, we are relying on the lawful basis that such processing is necessary for the purposes of medical diagnosis and the provision of healthcare.
- HOW IS YOUR PERSONAL DATA COLLECTED?
We use different methods to collect data from and about you including through:
- Direct interactions: We may receive personal data directly when you:
- attend our clinic and fill in any form and/or questionnaires which we provide to you;
- fill in any forms on our website or via email;
- book an appointment on our website;
- sign up to attend any events or training courses;
- enter a competition, promotion or survey; and/or
- give us some feedback.
- CCTV: We maintain a CCTV system in our clinic. This is primarily for reasons of public safety and for the prevention and detection of crime. Footage is always handled in accordance with the Data Protection Legislation, and in particular is only held for a limited period of time before it is automatically deleted. Where it is necessary, we may share personal data obtained by our CCTV systems with the police or other relevant organisation for the purposes of investigating crime and/or prosecuting offenders.
- Affiliated Organisations: We are affiliated to the Scottish Football Association, University of Glasgow, University of Strathclyde, and Glasgow Caledonian University and we may receive information about you from these affiliated organisations.
- Third party medical professionals: We may receive information about your injury and/or your medical history from other medical professionals (e.g. your GP) where you have given us or them your permission to share your records for the purposes of treating your injury.
If you fail to provide us with your personal data, we may be unable to properly treat your injury, or provide you with any follow up information which you have requested.
- HOW WE USE YOUR PERSONAL DATA
- What processing grounds do we rely on?
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where we need to perform the contract we are about to enter into or have entered into with you to provide medical treatment for your injury;
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; and
- Where we need to comply with a legal or regulatory obligation (for example, equal opportunities monitoring).
Where we are processing any of your “Special Category” personal data in providing you with treatment for your injury, we shall rely on the lawful basis that such processing such “Special Category” personal data is necessary for the purposes of medical diagnosis and the provision of healthcare to you.
- How do we use your information?
We use your information:
- to develop and provide healthcare treatment services to you (e.g. assessing and treating your injury, providing you with advice, developing an appropriate treatment plan for your injury, contacting your GP and/or other medical service providers for the purposes of ensuring that you receive appropriate treatment);
- to advise your GP of the details of your treatment or obtain from your GP, details relating to your physical or mental health or condition, either before the commencement of your treatment, at any time during the course of your treatment or after the end of your treatment, subject to you providing us with your consent to do so;
- to register you as a patient and administer our ongoing relationship with you;
- Health Questionnaire Information is used as necessary to assess your current state of health, and to develop a tailored health and fitness programme in connection with any occupational health programme;
- for the administration of any training courses which you have registered to receive from us (e.g. sports first aid training course);
- for payment purposes, such as processing your personal data for the purposes of receiving payment from you for our services, or to allow us to arrange for your insurance provider to make a payment to us;
- to provide you with service information (e.g. confirmation and reminders in relation to any appointments or training courses which you have booked with us, sending you follow up information in relation to your treatment, ask you for feedback on your experience, and notifying you of any changes to our terms and conditions etc.);
- for direct marketing purposes, including providing you with information about special offers, discounts, upcoming events, and competitions; and
- to allow us to improve our service which we offer to you and our website user experience.
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will explain the legal basis which allows us to do so.
We may anonymise information about your health to develop statistics relating to injury types, sports played, mode of injury and patterns of injury and these anonymous statistics will be shared with the our affiliated organisations for research purposes to aid development of preventative strategies and the development of services offered by the Sports Medicine Centre.
- DISCLOSURE OF YOUR INFORMATION
- Disclosure to selected third parties
The information you provide to us will be treated as confidential. However, we may disclose your information to other third parties who act for us for the purposes set out in this Privacy Notice or for purposes approved by you, including to suppliers who provide marketing, financial, or cloud computing services (e.g. the provider of our online appointment booking system). We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
We may also share your personal data with your other providers of medical care where you have given us your express permission to do so.
- Transferring data outside of the EEA
We may need to transfer your information outside of the European Economic Area (EEA) to service providers, agents, subcontractors and regulatory authorities in countries where data protection laws may not provide the same level of protection as those in the EEA, such as the USA.
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.
- Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
- Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield.
- DATA RETENTION
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.
We may also hold your personal information for longer where it is necessary to do so for the management of any active or potential legal proceedings, to resolve or defend claims, and for the purpose of making any necessary remediation payments.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed by unauthorised persons, altered or disclosed.
We restrict access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We may use your personal data to send you marketing emails from time to time.
You will receive marketing communications from us:
- if you have given us your express consent to receive marketing communications or
- if you have attended one of our training courses, or otherwise purchased services from us and you did not opt out at the time you provided us with your data;
You can ask us to stop sending you marketing messages at any time by following the “unsubscribe” link in any marketing message sent to you or by contacting us at any time.
Where you opt out of receiving these marketing messages, you may still receive messages from us for non-marketing purpose, for example, service messages providing important announcements regarding an upcoming booking with at our clinic, or follow up information related to your injury.
We use a third party provider, MailChimp, to deliver our newsletters, service and marketing emails. We gather statistics around email opening and clicks using industry standard technologies to help us monitor and improve our e-newsletter and marketing mails. For more information, please see MailChimp’s privacy notice.
- THIRD PARTY WEBSITES
Because we want your experience of our site to be as informative and useful as possible, we may provide links to websites operated by third parties (“Third Party Websites”). Please be aware that we do not control such Third Party Websites and that such Third Party Websites may send their own cookies to users, or otherwise collect data or solicit personal information. We assume no responsibility for the information gathering practices of Third Party Websites that you are able to access through our website, and we encourage you to review each Third Party Website’s privacy notice before disclosing any personally identifiable information.
A “cookie” is a piece of software that attaches to the hard drive of your computer and remembers information about the configuration of your computer. You can choose not to accept cookies from our website. We use a number of cookies on our website, including cookies provided by Google Analytics and Facebook.
We use the following categories of cookies on our websites:
- Strictly necessary: These cookies are essential for certain features of our websites to work (for example, when you make payments to us for purchasing goods or services). These cookies do not record identifiable personal information and we do not need your consent to place these cookies on your device. Without these cookies some services you have asked for cannot be provided.
- Performance: These cookies are used to collect anonymous information about how you use our websites. This information is used to help us improve our websites and understand how effective our adverts are. In some cases we use trusted third parties to collect this information for us but they only use the information for the purposes explained.
- Functionality: These cookies are used to provide services or remember settings to enhance your visit for example text size or other preferences. The information these cookies collect is anonymous and does not enable us to track your browsing activity on other websites.
- Targeting and Advertising: These cookies are used by trusted third parties to deliver adverts more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaign. Information contained in these cookies is anonymous and doesn’t contain your personal information. To find out more about cookies used for targeting and advertising follow youronlinechoices.com and www.networkadvertising.org or contact us for further information about the trusted third parties we use.
- Managing our cookies: If you would prefer to restrict, block or delete cookies from us and our third party advertisers, or any other website, you can use your browser to do this. Each browser is different, so check the “Help” menu of your particular browser to learn how to change your cookie preferences. If you choose to disable all cookies we cannot guarantee the performance of our websites and some features may not work as expected. Please contact us for details of the specific cookies which we use on our website.
For further information on cookies and how to disable them, please refer to www.allaboutcookies.org.
- YOUR RIGHTS
Under Data Protection Legislation, you are entitled to exercise the following rights over your personal data:
- Right to object: You can object to our processing of your information.
- Access to your personal information: You can request access to a copy of your information that we hold, along with information on what personal information we use, why we use it, who we share it with, how long we keep it for and whether it has been used for any automated decision making. You can make a request for access free of charge.
- Right to withdraw consent: If you have given us your consent to use your information to send you marketing emails, you can withdraw your consent at any time or by clicking the “unsubscribe” link in any marketing email which you receive.
- Rectification: You can ask us to change or complete any inaccurate or incomplete personal information held about you.
- Erasure: You can ask us to delete your information where it is no longer necessary for us to use it, you have withdrawn consent, or where we have no lawful basis for keeping it.
- Portability: You can ask us to provide you or a third party with some of the personal information that we hold about you in a structured, commonly used, electronic form, so it can be easily transferred.
- Restriction: You can ask us to restrict the personal information we use about you where you have asked for it to be erased or where you have objected to our use of it.
- Make a complaint: You can make a complaint about how we have used your information to us by contacting us, or to a supervisory authority - for the UK this is the Information Commissioner’s Office, at https://ico.org.uk/.
If you would like to exercise any of your rights above, please contact us by email to .
- CHANGES TO THIS NOTICE
- We may amend this Privacy Notice from time to time. If we make any substantial changes we will notify you by posting a prominent notice on our website or by email. YOUR DUTY TO INFORM US
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
- CONTACT US
If you have any questions about this privacy notice, including any requests to exercise your legal rights or making a complaint to us about how we have used your personal data, please contact us by emailing , by phone on 0141 616 6161 or by writing to us at “The National Stadium Sports Medicine Centre, Hampden Park, Glasgow, G42 9ED”.