These notes have been provided in response to the European General Data Protection Regulation (GDPR) to explain to Physioplus site users how individual related data is gathered, stored, used and shared with third parties. Also how a Physioplus user may ultimately choose to export and remove data from the site. Please note that all data on the Physioplus platform is encrypted during transfer and is stored within a secure database hosted on world class cloud based infrastructure with regular backups taken to insure against data loss.
Who we are
We are Physiopedia Plus Ltd, a company registered in England and Wales. Our company registration number is 07878211 and our registered office is at 10 Queen Street Place, London, EC4R 1BE.
Why we collect data
This data is collected to allow our users to securely participate in online professional development activities and be able to later evidence the successful completion of these activities. We also request and use data to allow us to alert users to new courses and features and also to improve our services.
How long is the data stored
All data is stored indefinitely unless an individual requests its removal. The account cancellation facility allows a site user to request that all their data be deleted from the site and database.
Who has access to the data
The Physioplus site support team have secure access to your individual data in order to allow them to investigate and resolve any issues encountered when using the site. Individual data is not shared with third parties (e.g. physiotherapy member organisations) without the specific written permission of the individual user.
General anonymised course participation data is collated into reports that are shared with partner physiotherapy associations. For free MOOCs (open courses) an annual report including general anonymous course participation data is shared publicly.
How can the user view and export their data
How a user’s data can be deleted / removed from the site
The account cancellation facility allows a site user to request that all their data be deleted from the site and database. This action will prevent this user downloading activity log data and course completion certificates following this deletion.
Details of the data collected
On creation of a trial user account or a partner member organisation user account the following details are recorded in the site database:
- Email address
- First name
- Last name
- IP address
Where an individual full user account is purchased the following additional details are also recorded:
- Billing address
In the processing of a payment all the above details are securely passed to our world class payment platform provider Stripe. At the point of purchase your bank / credit card details are encrypted and passed to this payment provider. Note that only partial card details are recorded on the Physioplus database.
At the time of registration users are offered the option to receive a Physioplus email newsletter. Accepting this option will share that user’s email address with the MailChimp platform through which these newsletters are managed.
Optional profile fields
The user can optionally provide:
- Professional licensing organisation
- License number
In the process of competing an online course several types of data are recorded:
- Records of learning activities completed
- Quiz scores
- Courses completed
The following platform facilities are delivered using external services and so involve a strictly limited data transfer to third parties. These service organisation have been specifically selected because they provide world class functionality and data protection:
This item only applies to residents of US states covered by ProCert and South Africa competing courses accredited in their states / country. The course accreditors (FSBPT and SASP) require that we transfer the details (name and email addresses) of all course participants under their jurisdiction for their records.
The user may optionally choose to contact the Physioplus team using a site contact form. Submitted details are be stored in the contact logs:
- Email address
Notification of data breaches
In the event of a data breach we will alert all affected site users within 72 hours.
If you have any questions regarding the capture, storage and use of data by Physioplus please don’t hesitate to contact us.