What Are Cookies
For more general information on cookies see the Wikipedia article on HTTP Cookies.
You can prevent the setting of cookies by adjusting the settings on your browser (see your browser Help for how to do this). Be aware that disabling cookies will affect the functionality of this and many other websites that you visit. Disabling cookies will usually result in also disabling certain functionality and features of this site. Therefore it is recommended that you do not disable cookies.
The Cookies We Set
Account related cookies
Log-in related cookies
Email newsletter related cookies
This site offers newsletter or email subscription services and cookies may be used to remember if you are already registered and whether to show certain notifications which might only be valid to subscribed/unsubscribed users.
Surveys related cookies
Forms related cookies
When you submit data to through a form such as those found on contact pages or comment forms cookies may be set to remember your user details for future correspondence.
Site preferences cookies
In order to provide you with a great experience on this site, we provide the functionality to set your preferences for how this site runs when you use it. In order to remember your preferences, we need to set cookies so that this information can be called whenever you interact with a page is affected by your preferences.
Third Party Cookies
This site uses Google Analytics which is one of the most widespread and trusted analytics solution on the web for helping us to understand how you use the site and ways that we can improve your experience. These cookies may track things such as how long you spend on the site and the pages that you visit so we can continue to produce engaging content.
For more information on Google Analytics cookies, see the official Google Analytics page.
Third party analytics are used to track and measure usage of this site so that we can continue to produce engaging content. These cookies may track things such as how long you spend on the site or pages you visit which helps us to understand how we can improve the site for you.
From time to time we test new features and make subtle changes to the way that the site is delivered. When we are still testing new features these cookies may be used to ensure that you receive a consistent experience whilst on the site whilst ensuring we understand which optimisations our users appreciate the most.
As we sell products it’s important for us to understand statistics about how many of the visitors to our site actually make a purchase and as such this is the kind of data that these cookies will track. This is important to you as it means that we can accurately make business predictions that allow us to monitor our advertising and product costs to ensure the best possible price.
We also use social media buttons and/or plugins on this site that allow you to connect with your social network in various ways. For these to work the following social media sites including; Facebook Twitter Instagram Linked In will set cookies through our site, which may be used to enhance your profile on their site or contribute to the data they hold for various purposes outlined in their respective privacy policies.
However if you are still looking for more information then you can contact us through one of our preferred contact methods:
Email: [email protected]
By visiting this link: www.physiomove.com Phone: 0335775663
This document sets out Papastamos Limited trading as Physiomove London Data Consent Policy. It covers the processing and sharing of personal data. If you require advice and assistance around any data protection matter please contact Papastamos Limited trading as Physiomove London Nominated Data Protection Person
The GDPR and Consent
The GDPR sets a high standard for consent. Consent means offering individuals the power to choose and take control of their data.
Genuine consent will put individuals in charge, build customer trust and engagement, and enhance Papastamos Limited trading as Physiomove London’s reputation.
The GDPR states that an indication of consent must be unambiguous and involve a clear affirmative action (an opt-in).
It specifically bans pre-ticked opt-in boxes. It also requires individual, also known as “granular”. Consent options for distinct processing operations. Consent is kept separate from other terms and conditions and should not be a precondition of signing up to a service.
The GDPR gives a specific right to withdraw consent. Papastamos Limited trading as Physiomove London will inform individuals about their right to withdraw and offer easy ways for customers to withdraw consent at any time.
Papastamos Limited trading as Physiomove London will keep clear records to demonstrate consent and regularly review existing consents and consent mechanisms that we rely upon to ensure they meet the GDPR standards.
Employees of Papastamos Limited trading as Physiomove London must have respect for privacy and people’s right to determine what happens to their personal and sensitive information.
If there is any doubt, contact the Nominated Data Protection Person
Papastamos Limited trading as Physiomove London and its employees and third-party providers have been trained, appraised and understand that:
- Individuals have the right to withdraw/withhold consent in most circumstances, and this right must be respected and recorded appropriately
- Consent must be freely given, specific and informed
- All employees must ensure they consider the safety and welfare of the individual when making decisions on whether to share information about them.
- All employees must establish the capacity of the individual’s ability to provide consent
- When requesting consent, staff must ensure that information is provided in a suitable, accessible format or language. If necessary, provide large print or Braille versions, accredited interpreters, signers, or other appropriate special communication skills.
Employees must record the decision to share personal information on an appropriate register or specific system which can be readily accessed in line with Papastamos Limited trading as Physiomove London policies and procedures on data protection.
What if there is no consent?
Papastamos Limited trading as Physiomove London acknowledges that obtaining consent is not always possible, or consent may be refused. However, not obtaining consent or the refusal to give consent may not constitute a reason for not processing or sharing information.
There are certain situations where an individual’s information can be disclosed without obtaining
Consent, if there is a lawful basis for processing without consent in place.
The lawful bases for processing are set out in Article 6 of the GDPR. At least one of these must apply. Whenever you process personal data without consent:
- Contract: the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract.
- Legal obligation: the processing is necessary for you to comply with the law (not including contractual obligations).
- Vital interests: processing is necessary to protect someone’s life.
- Public task: the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.
- Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests. (This cannot apply if you are a public authority processing data to perform your official tasks.)
Different criteria apply to sensitive personal information (now called “special categories of personal data”). This is now defined as data relating to:
- ethnic origin;
- trade union membership;
- biometrics (where used for ID purposes);
- sex life; or
- sexual orientation.
In order to process special category data legally, you must identify both a lawful basis under Article 6 and a separate condition for processing special category data under Article 9. These do not have to be linked.
In summary, these are:
- explicit consent of the person concerned
- for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection
- to protect the vital interests of the data subject or of another natural person
- processing is carried out with appropriate safeguards by a foundation, association or any other not-for-profit body with a political, philosophical, religious or trade union aim
- the processing relates to personal data which are manifestly made public by the data subject
- processing is necessary for the establishment, exercise or defence of legal claims
- processing is necessary for reasons of substantial public interest
- for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment
- for reasons of public health
- processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes.
Special Case Children
The duty of confidentiality owed to a child/young person who lacks capacity is the same as that owed to any other person. Occasionally, children/young people will lack the capacity to consent. An explicit request by a child that information should not be disclosed to parents or guardians, or indeed any third party, must be respected except where it puts the child at risk of significant harm, in which case disclosure may take place in the ‘public interest’ without consent.
The GDPR rules for sensitive (special category) data do not apply to information about criminal allegations, criminal proceedings or convictions. Instead, there are separate safeguards for personal data relating to criminal convictions and offences, or related security measures, set out in Article 10 of the GDPR.
To process personal data about criminal convictions or offences, you must have both a lawful basis under Article 6 of the GDPR and either legal authority or official authority for the processing under Article 10.
Article 10 also specifies that you can only keep a comprehensive register of criminal convictions if you are doing so under the control of the official authority.
If you are in any doubt as to how to go about handling special categories of data, such as data concerning children, sensitive data such as race and sexuality, or criminal data see the checklist at the end of this policy statement and consult Papastamos Limited trading as Physiomove London ’s Nominated Data Protection Person for further advice and guidance
Policy Breach Statement
Any breach of this Policy will be investigated and may result in disciplinary action. Serious breaches may be considered gross misconduct and result in dismissal without notice, or legal action being taken against you. Papastamos Limited trading as Physiomove London as well as those individuals affected is also at risk of financial and reputational harm. Fines of up to €20 million may be imposed on organisations for serious data breaches.
Please report any actual or potential data breaches or other concerns relating Data Protection or consent to Papastamos Limited trading as Physiomove London Nominated Data Protection Person as soon as possible, in accordance with Papastamos Limited trading as Physiomove London Data Breach Policy
Asking for consent
- We have checked that consent is the most appropriate lawful basis for processing.
- We have made the request for consent prominent and separate from our terms and conditions.
- We don’t use pre-ticked boxes or any other type of default consent
- We use clear plain language that is easy to understand.
- We specify why we want the data and what we are going to do with it.
- We name organisations and any third-party controllers who will be relying on the consent.
- We tell individuals they can withdraw their consent.
- We ensure that individuals can refuse to consent without detriment.
- We maintain a record when and how we obtained consent from the individual.
- We maintain a record of exactly what they were told at the time
- We regularly review existing consent to check that the relationship the processing and the purposes have not changed.
- We have processes in place to refresh consent at appropriate intervals including any parental consents.
- We use privacy dashboard or other preference-management tools as a matter of good practice.
- We make it easy for individuals to withdraw their consent at any time and publicise how to do so.
- We act on withdrawals of consent as soon as we can.
- We do not penalise individuals who wish to withdraw consent.