What Are Cookies
For more general information on cookies see the Wikipedia article on HTTP Cookies.
You can prevent the setting of cookies by adjusting the settings on your browser (see your browser Help for how to do this). Be aware that disabling cookies will affect the functionality of this and many other websites that you visit. Disabling cookies will usually result in also disabling certain functionality and features of this site. Therefore it is recommended that you do not disable cookies.
The Cookies We Set
Account related cookies
Log-in related cookies
Email newsletter related cookies
This site offers newsletter or email subscription services and cookies may be used to remember if you are already registered and whether to show certain notifications which might only be valid to subscribed/unsubscribed users.
Surveys related cookies
Forms related cookies
When you submit data to through a form such as those found on contact pages or comment forms cookies may be set to remember your user details for future correspondence.
Site preferences cookies
In order to provide you with a great experience on this site, we provide the functionality to set your preferences for how this site runs when you use it. In order to remember your preferences, we need to set cookies so that this information can be called whenever you interact with a page is affected by your preferences.
Third Party Cookies
This site uses Google Analytics which is one of the most widespread and trusted analytics solution on the web for helping us to understand how you use the site and ways that we can improve your experience. These cookies may track things such as how long you spend on the site and the pages that you visit so we can continue to produce engaging content.
For more information on Google Analytics cookies, see the official Google Analytics page.
Third party analytics are used to track and measure usage of this site so that we can continue to produce engaging content. These cookies may track things such as how long you spend on the site or pages you visit which helps us to understand how we can improve the site for you.
From time to time we test new features and make subtle changes to the way that the site is delivered. When we are still testing new features these cookies may be used to ensure that you receive a consistent experience whilst on the site whilst ensuring we understand which optimisations our users appreciate the most.
As we sell products it's important for us to understand statistics about how many of the visitors to our site actually make a purchase and as such this is the kind of data that these cookies will track. This is important to you as it means that we can accurately make business predictions that allow us to monitor our advertising and product costs to ensure the best possible price.
We also use social media buttons and/or plugins on this site that allow you to connect with your social network in various ways. For these to work the following social media sites including; Facebook Twitter Instagram Linked In will set cookies through our site, which may be used to enhance your profile on their site or contribute to the data they hold for various purposes outlined in their respective privacy policies.
However if you are still looking for more information then you can contact us through one of our preferred contact methods:
By visiting this link: www.physiomove.com Phone: 0335775663
This privacy notice (“Privacy Notice”) describes how Papastamos Limited trading as Physiomove London and its subsidiaries and affiliates acting in its role as data controller (“Papastamos Limited trading as Physiomove London”, “our,” “us” or “we”) may collect, use and share information relating to you as an identified or identifiable natural person (“personal data”).
Please carefully read this privacy notice in its entirety before using our websites, email notifications, mobile apps, social media apps, widgets, and other online services of Papastamos Limited trading as Physiomove London (the “Services”). This privacy notice will clarify to you what data we collect, how we use and share it, and help you understand your choices with respect to that data.
Papastamos Limited trading as Physiomove London
8 Compton Terrace, Hermitage Road, N4 1LS
If you wish to exercise your data privacy rights in line with this notice, or if you have any questions about your data privacy rights our contact information is as follows:
Nominated Data Protection Person
For individuals outside the EEA:
This Privacy Notice only governs the use of Papastamos Limited trading as Physiomove London services that specifically link to this Privacy Notice.
Personal data we collect about you when you use our services
When you use our services we may collect personal data from you including but not limited to:
We collect personal information from third parties via usage data, including but not limited to:
How we use your personal data
We may use your personal data for the following purposes, as permitted by data protection regulations and legislation:
Legal Bases for the Processing and Consequences
Papastamos Limited trading as Physiomove London rely on the following legal bases for the collection, processing, and use of your personal data:
Generally, the provision of your personal data is voluntary. However, in some cases, it is necessary in order to enter into a contract with us or to receive our products or services as explicitly requested by you.
By not providing your personal data may result in disadvantages for you. However, unless otherwise specified, by not providing your personal data will not result in legal consequences for you.
Personal data shared with third parties
We will only ever share personal data with companies, organisations and individuals outside of Papastamos Limited trading as Physiomove London as explained below.
Recipients within Papastamos Limited trading as Physiomove London and Third Parties. We may share your personal data with affiliates of Papastamos Limited trading as Physiomove London and other companies worldwide, including unaffiliated agents, suppliers or manufacturers, in order for these companies to contact you about relevant products, services or other offers that may be of interest to you. We may also share your personal data with relevant business partners.
Subject to the categories of personal data and the reasons for the collection of personal data, your data may be shared with and provided to various entities within our internal departments. For example, IT, marketing and sales departments may have access to your data, depending upon product orders. Other departments, such as finance, auditing, legal and compliance may require access to certain personal data, albeit on a “need to know” basis.
This Privacy Notice does not oversee unaffiliated third-party websites or any other website that does not link back to this Privacy Notice.
Service Providers. We share personal data with both affiliated and unaffiliated companies. These companies perform certain tasks on our behalf related to our business. These service providers include, but not limited to:
Any third-party service providers we use will receive your personal data only as necessary to perform their role and are instructed not to use your personal data for any other purposes.
We will use and disclose your personal data as permitted by data protection laws and regulations as follows:
As our business continues to develop, we may at some time sell or buy further products, brands, subsidiaries, stores or business units. In this respect, we may share or transfer personal data we hold about you with third parties as part of transactions including but not limited to company reorganisation, sale, merger, assignment, joint venture, transfer or disposition of any or all of our business, brands, subsidiaries, affiliates, or other company assets.
Customer information normally is a part of a business asset to be transferred but remains subject to any pre-existing applicable Privacy Notice.
We may share aggregated data that has been anonymised (data that is not identified) with third parties – for example, publishers, advertisers or associated websites and, accordingly, this data will be publicly available. An example of when we may do this is when we wish to share information publicly to show trends about the use of our services or products.
Our websites may provide publicly accessible blogs, message boards, and community forums. Any information provided or contributed to in these public areas may be read, commented on, collected and used by others who access them.
Links to Social Networking and other Third-Party Websites
If you have declared your consent regarding certain collecting, processing and use of your personal data you can withdraw this consent at any time with immediate effect.
Further, you have the right to object to the use of your personal data for the purposes of marketing.
Please note that the rights mentioned above and below may be subject to modification under the applicable data protection law.
For the avoidance of doubt this Privacy Notice applies only for data subjects located in the EEA:
Right to request access to your personal data
You have a right to request from us confirmation as to whether or not your personal data is being processed and, where that is the case, to request access to the personal data.
The access information includes information regarding the purposes of the processing, the categories of personal data concerned, and the recipients or categories of recipient to whom your personal data is disclosed.
You have the right to request and receive a copy of any personal data we are processing. In the case of repeated requests however, we may charge a reasonable fee based on administrative costs.
Right to request rectification
You have the right to request that we rectify inaccurate personal data concerning you.
Right to request erasure (Right to be forgotten)
You have the right, in certain circumstances, to request from us the erasure of personal data concerning you and we are obliged to erase such personal data.
Right to request processing restriction
You have the right to request that we restrict processing your personal data. In such cases.
Right to request data portability
You have the right to request and receive all personal data concerning you, which you have provided to us, in a structured, conventionally used, easy to read format. You have the right to transmit this downloaded data to another entity without obstruction from us.
Right to object
You have the right to object at any time to the processing of your personal data by us.
In this case, we can no longer process your personal data.
Such rights to object may especially apply if Papastamos Limited trading as Physiomove London collects and processes your personal data for the purposes of profiling.
You also have to right to object to the use of your data for direct marketing purposes.
If you exercise this right, your personal data will no longer be processed for such purposes by us.
If you wish to exercise this right, please contact us at Yes
Please note that this right to object may not exist if the processing of your personal data is deemed necessary to facilitate the creation of a contract between you and Papastamos Limited trading as Physiomove London or to execute a contract already concluded.
In the case where you have already provided us with your consent for direct marketing purposes, for example, you have completed an online form or actively subscribed to our newsletters, you can withdraw your consent as already explained within this Privacy Notice.
Rights in connection with automated decision-making
With respect to automated individual decision-making, you have the right to
Data Retention Periods
We retain personal data for as long as necessary to provide you with the services and products requested.
Once you have terminated your relationship with us, we will either destroy your personal data or anonymise it in line with the GDPR requirements ensuring that data can never again be identified.
There are some exceptions, where statutory retention requirements are in force for example for taxation or legal purposes.
Where you show interest in our products and services and allow us to send you marketing information, we may retain your contact details for a longer period of time.
We may also be obligated to retain your personal data after the termination of the contractual relationship if it is necessary to ensure compliance with applicable laws, or if we need to retain your personal data on the basis of establishing, exercising or defending a legal claim. However, this will be on a need to know basis. To this extent and as far as possible we will restrict any processing of your personal data to such limited purposes as required for the above and in any event, destroy personal data once any legal bases are fulfilled and terminated.
This website and our services are not intended for children and we do not knowingly collect data relating to children.
Alterations to this Privacy Notice
We may amend and update this Privacy Notice from time to time.
We will notify you of any such changes, including when any proposed changes will take place.
This policy document is compliant with the provisions of the EU General Data Protection Regulation 679/2016.
This policy document sets out the policies and procedures Papastamos Limited trading as Physiomove London will comply with when dealing with personal data.
Personal data must be protected in accordance with the provisions of the General Data Protection Regulation 679/2016. Dependence on personal data for the normal conduct of business necessitates the creation of this policy to set out the procedures and measures to protect personal data.
This policy defines rules, procedures and measure to collect, use and store personal data in a GDPR-compliant manner as well as control and prevent unauthorised access to personal data. A breach of data security can lead to regulatory fines, an inability to provide services, loss of customer confidence, and physical, financial and emotional damage to the affected persons.
This policy therefore discusses:
This policy defines the Papastamos Limited trading as Physiomove London overall data protection objectives and procedures that we endorse.
This embodies the principles of data protection as described in Article 5 of the GDPR, namely:
Breach of the policy and its consequences
A breach of this policy could have severe consequences to Papastamos Limited trading as Physiomove London, its ability to provide services, or maintain the integrity, confidentiality, or availability of services.
Intentional misuse of data resulting in a breach of any part of this policy will result in disciplinary action at the discretion of the senior management of Papastamos Limited trading as Physiomove London. Severe, deliberate or repeated breaches of the policy by any employee may be considered grounds for instant dismissal; or in the case of a Papastamos Limited trading as Physiomove London vendor, termination of their contracted services. All employees and vendors are bound by these policies and are responsible for their strict enforcement.
Scope of the Policy
This policy applies to all Papastamos Limited trading as Physiomove London and customer data assets that exist in any processing environment of Papastamos Limited trading as Physiomove London, on any media during any part if its life cycle. The following entities or users are covered by this policy:
This document forms part of our contractual agreements for vendors, suppliers, and third party processor or agents, hereafter referred to as vendors. . All parties must read this policy completely, and confirm that they understand the contents of the policy and agree to abide by it.
Data Life Cycle
The security of data can be understood through the use of a data life cycle. The typical life cycle of data is: collection/generation, use, storage and disposal. The following sections provide guidance as to the application of this policy through the different life cycle phases of data.
Users of data assets are personally responsible for complying with this policy. All users will be held accountable for the accuracy, integrity, and confidentiality of the information to which they have access. Data must only be used in a manner consistent with this policy.
Data Protection Policy Statement
This policy has been written with the following goals in mind:
Papastamos Limited trading as Physiomove London's processing environment that this policy applies to is comprised of:
The Management department is responsible for:
Other departments within Papastamos Limited trading as Physiomove London also have various responsibilities for ensuring compliance with this policy, such as:
Other departments and related entities have responsibilities to comply with this policy, such as:
All Papastamos Limited trading as Physiomove London agents, vendors, content providers, and third party providers that process customer data must have a documented data protection policy that clearly identifies those data and other resources and the controls that are being imposed upon them.
All Papastamos Limited trading as Physiomove London agents, vendors, content providers, and third party providers that access the Papastamos Limited trading as Physiomove London processing environment and its data or provide content to it must have a security policy that complies with and does not contradict the Papastamos Limited trading as Physiomove London data protection policy.
All agents, vendors, content providers, and third party providers must agree not to bypass any of our security requirements.
Data classification is necessary to enable the allocation of resources to the protection of data assets, as well as determining the potential loss or damage from the corruption, loss or disclosure of data.
To ensure the security and integrity of all data the default classification for all data not classified by its owner must be Confidential Data Policy
The Management is responsible for the classification of data.
The Management is responsible for evaluating the data classification schema and reconciling it with new data types as they enter usage. It may be necessary, as we enter new business endeavors, to develop additional data classifications.
All data found in the processing environment must fall into one of the following categorie(s):Confidential Customer Data – Confidential customer data is defined as data that only authorized internal “the company” entities or specific authorized external entities can access. The disclosure, use, or destruction of confidential customer data can have adverse effects on Papastamos Limited trading as Physiomove London and their relationship with their customers, and possibly carry significant liability for both. Confidential customer data is entrusted to and may transit or is stored by Papastamos Limited trading as Physiomove London (and others) over which they have custodial responsibility but do not have ownership.
In order to classify data, it is necessary that an owner be identified for all data assets. The owner of the data is Heba Massri.
The owner of data is responsible for classifying their data according to the classification schema noted in this policy.
The Management is responsible for developing, implementing, and maintaining procedures for identifying all data assets and associated owners.
Data will be collected in accordance with the Article 13 and 14 of the GDPR, confirming to the transparency principle and ensuring that the data protection principles are duly observed.
Data may be collected in the following ways:User generated content on the website of Papastamos Limited trading as Physiomove London.
Each mode of data collection should have a specific purpose accompanied by one or more of the legal bases as defined in the GDPR.
All users that access Papastamos Limited trading as Physiomove London or customer data for use must do so only in conformance to this policy. Uniquely identified, authenticated and authorized users must only access and use data.
Data should be used only for the stated purpose of its collection or generation. Any purpose outside the defined scope will be considered “misuse of data” and will entail consequences for the involved parties.
Each user must ensure that Papastamos Limited trading as Physiomove London data assets under their direction or control are properly labelled and safeguarded according to their sensitivity, proprietary nature, and criticality.
Access control mechanisms must also be utilised to ensure that only authorized users can access data to which they have been granted explicit access rights.
The general premise for the data storage period is:
All users that are responsible for the secure storage of Papastamos Limited trading as Physiomove London or customer data must do so only in accordance with this policy.
Access control mechanisms must also be utilised to ensure that only authorised users can access data to which they have been granted explicit access rights.
All users that access Papastamos Limited trading as Physiomove London or customer data to enable its transmission must do so only in accordance with this policy.
The media used to distribute data should be classified so that it can be identified as confidential and if the media is sent using courier or other delivery method, it should be accurately tracked.
No data can be distributed in any media from a secured area without proper management approval.
The Management must develop and implement procedures to ensure the proper disposal of various types of data. These procedures must be made available to all users with access to data that requires special disposal techniques.
Data should be disposed in a secure manner so that it is completely destroyed and no information can be obtained from the waste.
It is the responsibility of the Management to facilitate the review of this policy on a regular basis. This policy will be reviewed Annually. Senior management should, at a minimum, be included in the Annually review of this policy.
Last updated: 15-10-2019
This document sets out Papastamos Limited trading as Physiomove London Data Consent Policy. It covers the processing and sharing of personal data. If you require advice and assistance around any data protection matter please contact Papastamos Limited trading as Physiomove London Nominated Data Protection Person
The GDPR and Consent
The GDPR sets a high standard for consent. Consent means offering individuals the power to choose and take control of their data.
Genuine consent will put individuals in charge, build customer trust and engagement, and enhance Papastamos Limited trading as Physiomove London's reputation.
The GDPR states that an indication of consent must be unambiguous and involve a clear affirmative action (an opt-in).
It specifically bans pre-ticked opt-in boxes. It also requires individual, also known as “granular”. Consent options for distinct processing operations. Consent is kept separate from other terms and conditions and should not be a precondition of signing up to a service.
The GDPR gives a specific right to withdraw consent. Papastamos Limited trading as Physiomove London will inform individuals about their right to withdraw and offer easy ways for customers to withdraw consent at any time.
Papastamos Limited trading as Physiomove London will keep clear records to demonstrate consent and regularly review existing consents and consent mechanisms that we rely upon to ensure they meet the GDPR standards.
Employees of Papastamos Limited trading as Physiomove London must have respect for privacy and people's right to determine what happens to their personal and sensitive information.
If there is any doubt, contact the Nominated Data Protection Person
Papastamos Limited trading as Physiomove London and its employees and third-party providers have been trained, appraised and understand that:
Employees must record the decision to share personal information on an appropriate register or specific system which can be readily accessed in line with Papastamos Limited trading as Physiomove London policies and procedures on data protection.
What if there is no consent?
Papastamos Limited trading as Physiomove London acknowledges that obtaining consent is not always possible, or consent may be refused. However, not obtaining consent or the refusal to give consent may not constitute a reason for not processing or sharing information.
There are certain situations where an individual's information can be disclosed without obtaining
Consent, if there is a lawful basis for processing without consent in place.
The lawful bases for processing are set out in Article 6 of the GDPR. At least one of these must apply. Whenever you process personal data without consent:
Different criteria apply to sensitive personal information (now called “special categories of personal data”). This is now defined as data relating to:
In order to process special category data legally, you must identify both a lawful basis under Article 6 and a separate condition for processing special category data under Article 9. These do not have to be linked.
In summary, these are:
Special Case Children
The duty of confidentiality owed to a child/young person who lacks capacity is the same as that owed to any other person. Occasionally, children/young people will lack the capacity to consent. An explicit request by a child that information should not be disclosed to parents or guardians, or indeed any third party, must be respected except where it puts the child at risk of significant harm, in which case disclosure may take place in the 'public interest' without consent.
The GDPR rules for sensitive (special category) data do not apply to information about criminal allegations, criminal proceedings or convictions. Instead, there are separate safeguards for personal data relating to criminal convictions and offences, or related security measures, set out in Article 10 of the GDPR.
To process personal data about criminal convictions or offences, you must have both a lawful basis under Article 6 of the GDPR and either legal authority or official authority for the processing under Article 10.
Article 10 also specifies that you can only keep a comprehensive register of criminal convictions if you are doing so under the control of the official authority.
If you are in any doubt as to how to go about handling special categories of data, such as data concerning children, sensitive data such as race and sexuality, or criminal data see the checklist at the end of this policy statement and consult Papastamos Limited trading as Physiomove London ’s Nominated Data Protection Person for further advice and guidance
Policy Breach Statement
Any breach of this Policy will be investigated and may result in disciplinary action. Serious breaches may be considered gross misconduct and result in dismissal without notice, or legal action being taken against you. Papastamos Limited trading as Physiomove London as well as those individuals affected is also at risk of financial and reputational harm. Fines of up to €20 million may be imposed on organisations for serious data breaches.
Please report any actual or potential data breaches or other concerns relating Data Protection or consent to Papastamos Limited trading as Physiomove London Nominated Data Protection Person as soon as possible, in accordance with Papastamos Limited trading as Physiomove London Data Breach Policy
Asking for consent