Privacy policy.

Introduction.

Freehab Ltd is committed to complying with all relevant data protection legislation and protecting the rights and privacy of individuals. Your privacy is important to us, and we are committed to protecting and safeguarding your data privacy rights. Freehab Ltd needs to process personal information about our potential customers, customers, employees, subcontractors, affiliates and any other people we work with in order to undertake our business. The processing of personal information (data) is regulated by data protection legislation, which sets out the responsibilities of all organisations processing personal data and provides rights to people whose data is being processed (data subjects).For the purpose of applicable data protection legislation (including but not limited to the General Data Protection Regulation (the "GDPR"), and the Data Protection Act 2018 (the “DPA”)) we (Freehab Ltd) are a 'Data Controller' under the GDPRDPA. This means that if we collect and use your personal data we must comply with the requirements set out in the GDPR and DPA.

This policy describes how we collect, use and process your personal data, and how, in doing so, we comply with our legal obligations to you.

What information does this policy apply to?

This policy applies to all Personal Data as defined by the Data Protection Legislation, in both electronic and paper form, held by Freehab Ltd, transferred to or exchanged with third parties, or held by third parties on behalf of Freehab Ltd.

  • Personal Data: personal data relates to any information relating to an identified or identifiable living individual who can be directly or indirectly identified. This may include a person’s name and address, phone number, e mail address, date of birth, IP address or next of kin.

  • Special Category Personal Data: special category data is data that relates to an individual’s health, sexual life, sexual orientation, race, ethnic origin, political opinion, religion, genetics, biometrics and trade union membership.

Data protection principles. 

Freehab Ltd processes data in accordance with the key data protection principles set out in Article 5 of the GDPR (and elsewhere in that legislation) which states that personal information must be:

  • processed fairly, lawfully and in a transparent manner;

  • processed for specified, explicit and legitimate purposes and not further processed
    in a matter that is incompatible with those purposes;

  • adequate, relevant and not excessive;

  • accurate and up-to-date;

  • not kept for longer than is necessary;

  • processed in line with the data subjects’ rights;

  • secure; and

  • not transferred to other countries without adequate protection.

We will seek to demonstrate our compliance with, and accountability for, these requirements through this policy; allied policies; our systems and processes; and through ensuring that staff receive regular and relevant training on data protection issues.


Who do we collect information about? 

In general terms, we process data about: 

  • People who use or website; 

  • Potential customers, customers and previous customers; 

  • People employed by us, or working for us and other associates with whom we work; and

  • External stakeholders and any other  third parties engaging with us about the work we do

The purpose of processing your data. 

We collect personal data for the following reasons:

  • To carry out our legitimate business interests; 

  • To engage with the public, stakeholders and any other third parties about the work that we do; and 

  • To fulfill our obligations as an employer. 

The lawful basis for processing your data. 

Freehab Ltd will only process personal data in accordance with the data protection legislation, for purposes including, but not limited to:

(a) For Freehab Ltd’s (or a third party's) legitimate interests, where that data would be used in a way that would be reasonably expected and which will have minimal or proportionate privacy impact on the data subject. For example, we may need to process personal data to provide our consultation services to clients. 

We also ask for your consent to process personal data and special category personal data. Where Freehab Ltd does obtain the consent of the data subject, we will ensure that:

  • There has been a genuine choice by the data subject;

  • The consent has been freely given by the data subject;

  • The data subject has been fully informed about the data processing to which they have
    consented;

  • The data subject has been informed of their right to withdraw consent at any time and
    there is a mechanism to withdraw their consent.

Consent will be refreshed at appropriate intervals to be determined for every instance where consent is the lawful condition for processing. Under any circumstance where activities we carry out may not be covered by the above, we will record the legal basis for processing.


Freehab Ltd  processes special category data as part of our business in providing a healthcare service. For example, information relating to clients current and previous medical history. 

In general terms, the legal bases for such processing are:

  • The processing of such data is a legal and professional requirement relating to the services provided. 

How we use your data. 

How we use your information will vary depending on your relationship with us.

If you are a potential client,  current client or previous client, Freehab Ltd will use your data to: 

  • Schedule and manage your appointments and rehabilitation as well as any other services provided. 

  • Communicate with you about our services. 

  • Comply with our legal and professional obligations. 

  • Fulfill our legitimate interests as a business in a way that would be reasonably expected. 

If you are a member of the public, or anybody communicating with Freehab Ltd: 

  • Process and manage your enquiry. 

  • Provide you with relevant information or services; investigate concerns raised by you about our organisation or employees;

  • Fulfill our legitimate interests as a business in a way that would be reasonably expected. 

Data sharing, disclosure and transfer to “third parties”

There are  occasions where it will be necessary for Freehab Ltd to share personal data collected with other organisations. We may be required to disclose personal information in response to requests from a court, tribunal, other healthcare regulator, or otherwise as part of the litigation process. 

We may need to disclose your personal information to other healthcare professionals or necessary authorities in response to safeguarding concerns or any other legally required process as part of our role as healthcare professionals. Freehab Ltd will only share personal data with or otherwise disclose personal data where there is a legal basis for doing so.

We will never provide your personal data to third parties for their marketing purposes.

Where we require the ability to share your personal data in ways not set out already in this section we will obtain your explicit written consent before doing so. 

International Transfers 

We would only transfer data outside of the European Union (the EU) where it was necessary to:

  • defend legal claims; or

  • the data subject had provided explicit consent.

Any transfers outside of the EU will be compliant with the conditions for transfer set out in Chapter V of the GDPR. We will only transfer your personal data outside the EU where the organisation receiving the personal data has provided adequate safeguards.

Data security 

We will ensure that we only collect data for the purposes outlined above. We will not go on to process data in any way that is incompatible with the original purposes. We will process personal data in a way that is adequate, relevant and limited to what is necessary for our purposes and will handle such data in line with the requirements of the GDPR and DPA 2018.

We will develop, implement and maintain appropriate data security systems to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed. This will ensure a level of security appropriate and proportionate to the risks arising from the processing of personal data.

Retention periods for data. 

We will ensure that data is not kept in an identifiable form for any longer than is required for our interests or as is required under any relevant legal or regulatory requirements.

Record keeping.

Freehab Ltd  keeps and maintains accurate corporate records.

Privacy by design. 

Freehab Ltd will seek to implement appropriate technical and organisational measures (for instance the encryption or pseudonymisation of personal data), in an effective manner, to ensure compliance with data privacy by design principles. Freehab Ltd will also integrate safeguards into data processing to meet the GDPR requirements and protect data subject’s rights.

In doing so, Freehab Ltd will assess what privacy by design measures can be implemented on all programmes, systems and processes that process Personal Data by taking into account the following:

  • the cost of implementation

  • the nature, scope, context and purposes of processing

  • the risks of varying likelihood and severity for rights and freedoms of Data
    Subjects posed by the Processing

Data protection impact assessments. 

Freehab Ltd  will consider the need for, and where appropriate go on to conduct, Data Protection Impact Assessments (DPIAs) in respect of its Processing. Freehab Ltd will conduct a DPIA where it is undertaking a new processing activity and where the Processing is likely to result in a high risk to the rights and freedoms of natural persons or in connection with surveillance activities.

Automated processing and decision making. 

Generally, Freehab Ltd  does not engage in automated processing/profiling, or automated decision- making. Where Freehab Ltd does engage in automated decision making/profiling, we will take steps to inform the data subject of the logic involved in the decision making or profiling, the significance and envisaged consequences and give the data subject the right to request human intervention, express their point of view or challenge the decision. Where possible Freehab Ltd will do this prior to the decision being taken. A DPIA must be carried out before any Automated Processing (including profiling) or Automated Decision Making activities are undertaken.

Your rights in respect of data processing. 

Freehab Ltd  is committed to respecting the rights you have in relation to your personal data. 

The GDPR provides the following rights for individuals:

The right to be informed - we will be open and transparent about the information we process, the retention periods for the data we store, who we share the data with and how we use it. We will regularly review our privacy information and bring to your attention new uses of data before we start the processing. We do that through this policy and the provision of more specific information as necessary/on request.

The right of access - you have a right to access the information that we hold about you. You can request this by making a “subject access request” to us verbally or in writing. We will not charge you for this unless there are extenuating circumstances, as detailed below. We will aim to provide you with this information within 1 month. If your request is for a large amount of information, we may extend this period by a further two months, we will inform you if this is the case. We can refuse to comply with a request in circumstances where it is manifestly unfounded, repetitive or excessive. If the request is deemed to be manifestly unfounded, repetitive or excessive, we can charge you a “reasonable fee” to deal with the request, or refuse the request.

The right to rectification - if we hold inaccurate information about you, you have the right to request it be corrected. You can make this request verbally or in writing to the Data Protection Officer. 

The right to erasure - you have the right to request that your data be deleted. However, we will be unable to comply with such a request where processing is necessary to fulfill a legal obligation; for a public health purposes in the public interest (e.g. ensuring high standards of quality and safety of health care); to exercise the right of freedom of expression and information; for the performance of a task carried out in the public interest or in the exercise of an official authority; or the establishment, exercise or defence of legal claims.

The right to restrict processing - you have the right to request that the processing of your data is restricted in certain circumstances, this may be when you feel the information we hold is inaccurate or you have concerns with how we have obtained it. If a valid request of this type is made, we can still store your data, but we cannot use it. In some circumstances, we can still use the information. For example, it is for reasons of important public interest.

The right to object - you can make a request that we stop processing your data. However, some of the data we process is necessary to fulfill our legal and professional obligations and for legitimate interests. If processing your data is needed to perform these tasks it is likely that we will be unable to agree to stop processing your data. Additionally, if we can demonstrate that our reasons for processing your data are more compelling than your reasons for wanting us to stop, then we can refuse your request.

Rights in relation to automated decision making and profiling - you have a right to stop your personal data being used to make decisions about you without human involvement. We do not use your data to carry out any profiling or automated decision- making.

Sources of personal data we collect. 

The majority of information we collect is provided by you as a website user, potential customer, customer, previous customer, stakeholder or member of the public. In certain circumstances, we may obtain data from other sources where information is publicly available. For example, contact information published on a website.

The existence of automated decision making, including profiling. 

We do not have any automated decision making or profiling processes or systems. 

Our response to your rights.

You can decide to exercise any of your rights by contacting us via the details on our website. We will respond to your request within one month. 

Your right to withdraw consent. 

If consent is the lawful basis for processing, individuals are advised that can be withdrawn at any time by contacting us via the details on our website. 

Complaints. 

You can contact the Information Commissioners Office (ICO) to discuss any concerns you have about our processing of your personal data. Website: www.ico.org.uk