Privacy Policy

Privacy Policy

About us

The Kent Musculoskeletal Clinic is a private clinic opened to offer a rapid access facility for managing a wide range of musculoskeletal problems. This clinic is owned by Mr. Suresh Sudula, Consultant Physiotherapist in MSK Ultrasound and MSK Medicine.

What information do we collect?

Your information will be used by us to enable us to provide the best possible service to you and your condition. We act as a Data Controller and undertake to protect personal and sensitive data in a way that is consistent with the requirements of the UK data legislation and GDPR. We take reasonable measures to ensure the secure storage of your data

Information provided to us:

  1. 1. From the Data Controller

    Data is only held on the grounds that we have a contractual obligation to fulfil.
    We undertake a process to protect all personal and sensitive data that is provided to us and in a way that is consistent with the requirements of GDPR. We take reasonable measures to ensure the secure storage of all data, see below.

  1. 2. From patients

    All data given to us by our patients is recorded by us in accordance with the patients preferences and as permitted under the GDPR. Data will be held on one of the following grounds; with a client’s specific consent; where data retention is necessitated by a contractual relationship; and on the grounds of being a legitimate business interest.

  1. 3. Through our website

    All data given to us by our patients is recorded by us in accordance with the patients preferences and as permitted under the GDPR. Data will be held on one of the following grounds; with a client’s specific consent; where data retention is necessitated by a contractual relationship; and on the grounds of being a legitimate business interest.

    We use the details that you give us, by email, telephone or SMS message, to follow up on enquiries, to send you general information about us and our services, to ask for feedback, reviews or testimonials, to deal with complaints or any reports about other user’s use of the Website. The basis for holding this information is as being for legitimate legal purposes or to fulfil a contractual obligation where the contact is from an existing client.


    We will ask for consent to post any photos of you on our website and you will always be given the option to opt-out or remove any photos displayed. We will not give any further personal details alongside any photos used on our website gallery.

    Payment data: Payments are taken by our card reader and processed online. We use the following third party, First Data, to manage our payment process. You are advised to read their Privacy Policy at https://www.firstdata.com/en_gb/privacy.html.

    All supplied sensitive/credit card information is transmitted via Secure Socket Layer (SSL) technology and then encrypted into our payment gateway providers’ database only to be accessible by those authorised with special access rights to such systems, and are required to keep the information confidential. Individual payment details are not given to us and we do not store such data on our servers or in our systems.


    We publish our Facebook page and twitter feed on this website which is viewed by the general public. Personal information is not collected from using social media by ourselves although third parties may track you. Please refer to social media channel’s Privacy if you have concerns.

    If you contact us via social media, the details may be retained by us only as relevant to any ongoing contract or to further our legitimate business interests or as required for legal purposes. The third party provider (i.e. Facebook/Twitter) may also retain details in accordance with their Privacy Policy. Once the details have obtained and any actions from the message have been followed up the messages will be deleted.


    Any data relating to phone calls, to and from us, may be recorded and retained by us. The data will be held on the basis of being for our legitimate business needs or in order to fulfil our contractual obligations if you are a client of ours. Once treatment has taken place and you have been discharged from our service any messages will be deleted.

    Emails: We retain copies of emails sent to us which are stored on our MSK management system TM3.

    We may contact you by email to send you:

      • general (non-marketing) communications on the basis on a contractual relationship with us or where we have a legitimate business interest;
      • email notifications where you have specifically consented to receive
      • marketing communications, where specific consent has been given by you.
      • Users of this website do so at their own discretion and provide any personal information at their own risk.
  1. 4. Information we get from other sources:

    From time to time, we may need to obtain information from third parties. This will only apply where it is essential for the provision of our services and as permitted by law. Where applicable we will seek the consent of the client or organisation providing the data

    From time to time, we may need to obtain information from third parties such as your physiotherapy provider in order for us to process your referral to our service. Where applicable we will seek the consent of the client or organisation providing the data. The data collected will be stored in a way that is consistent with the requirements of the UK data legislation and GDPR. We take reasonable measures to ensure the secure storage of your data.

    Where we act as a Data Processor, we ensure we carry out the following duties in accordance with GDPR:

      • we only act under the documented instructions of the Data Controller
      • To ensure confidentiality, assist with legal compliance of the Data Controller, and respond to requests from data subjects (as instructed by the Data Controller)
      • Make available all information necessary to demonstrate compliance
      • To take measures to assist the Data Controller with ensuring security of processing
      • To treat personal data after processing as directed by the Data Controller

Sharing Information

We don’t share, sell, or distribute your data to third parties.

If it is necessary to share data with your physiotherapy practice to ensure your on-going rehabilitation they will be informed without delay. Any third parties must adhere to all data protection laws and regulations.

We may disclose personal information if we are required to do so by law, in connection with any legal proceedings, and in order to establish, exercise or defend our legal rights.

Marketing

We will only contact you regarding our service, i.e. direct marketing, with your express consent. You have the option not to give consent and to withdraw consent at any time. You may withdraw your consent in writing for us to contact you by contacting us at info@kentmskclinic.co.uk

Data Retention

We keep all personal information in accordance with our Data Retention Policy which reflects our needs to provide our services to you  to meet legal, statutory and regulatory obligations. We will only retain data that is necessary and this will include data relating to the physiotherapy/procedure that we have provided to clients. As a legal requirement under the Chartered Society of Physiotherapists we are required to hold your record with us for 8 years. After such time all records will be disposed of and destroyed so that they are not retrievable.

Data Storage

We store our client records such as clinical notes, correspondences and diary appointments using the Blue Zine TM2 management system All data is encrypted through this system and password protected.

All signed consent forms are stored electronically by scanning these into TM3 and the paper copy is securely disposed of and destroyed so that they are not retrievable.

All Data is held in the United Kingdom. We do not store personal data outside the EEA.

Subject access requests

The Data Protection Act and GDPR give you the right to request information stored about you by us. Please contact in writing at info@kentmskclinic.co.uk if you wish to request confirmation of what person information is held relating to you. We will respond to you within 30 days of receiving your request and there will be no charge for your requests.

You have the right to change the permissions that you have given us in relation to how we may use your data. You also have the right to request that we cease using your data or that we delete all personal data records that we hold relating to you. You can exercise these rights at any time by writing to us at info@kentmskclinic.co.uk

Data Breaches

We will report any unlawful breach of data as required by  GDPR within 72 hours of the breach occurring. If the breach is classified as ‘high risk’ we will notify all data subjects concerned using an appropriate means of communication. We will report any relevant breaches of date to the Information Commissioner’s Office (ICO).

Internet cookies

Our Website uses cookies. We use cookies to gather information about your computer for our services and to provide statistical information regarding the use of our Website. Such information will not identify you personally – it is statistical data about our visitors and their use of our Website. This statistical data does not identify any personal details whatsoever. We may also gather information about your general Internet use by using a cookie file. Where used, these cookies are downloaded to your computer automatically. This cookie file is stored on the hard drive of your

computer, as cookies contain information that is transferred to your computer’s hard drive. They help us to improve our Website and the service that we provide to you. All computers have the ability to decline cookies. This can be done by activating the setting on your browser which enables you to decline the cookies. Please note that should you choose to decline cookies, you may be unable to access particular parts of our Website. Where we work with advertisers on our Website, our advertisers may also use cookies, over which we have no control. Such cookies (if used) would be downloaded once you click on advertisements on our Website