Privacy Policy

1. Introduction

This Privacy Policy explains how the West 6 Pelvic Floor Health Program ("we", "our", or "the Program") collects, uses, stores, and protects your personal information when you use our rehabilitation platform.

We are committed to protecting your privacy and handling your personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable data protection laws.

Data Controller: [Your Organisation Name]
Contact: [Your Contact Email]
Data Protection Officer: [DPO Name/Contact if applicable]

2. What Information We Collect

2.1 Account Information

To provide you with access to the rehabilitation program, we collect:

• Full name
• Email address
• Contact telephone number
• Account credentials (username and encrypted password)

2.2 Health and Progress Data

To monitor your rehabilitation progress and provide personalized care, we collect:

• Symptom Assessment Responses - Your answers to questionnaires about pelvic floor symptoms, including:
  • Movement-related symptoms
  • Load-bearing activities
  • Impact activities
• POPSS (Pelvic Organ Prolapse Symptom Score) Responses - Clinical assessment data
• Exercise Progress Data - Records of:
  • Which exercise levels you've completed
  • Exercise types performed (squats, lunges, marches)
  • Dates of completion
  • Your progression through the program
• Assessment History - Timestamped records of your symptom checker and outcome quiz responses to track improvement over time

2.3 Technical Information

Our learning management system (Moodle) automatically collects:

• Login dates and times
• Course access records - Which pages and activities you viewed
• Session data - Stored temporarily via essential cookies (see Section 5)
• Browser and device information - For technical support purposes only

3. Why We Collect This Information (Legal Basis)

Purpose	Legal Basis
Providing access to the rehabilitation program	Contract Performance - Necessary to deliver the service you've enrolled in
Tracking your exercise progress and symptoms	Contract Performance + Legitimate Interest - Essential for monitoring your rehabilitation and clinical outcomes
Clinical assessment and treatment monitoring	Health/Medical Care - Processing necessary for health and medical care purposes under the supervision of a health professional
Communicating with you about your program	Contract Performance - Necessary to provide support and updates
Platform security and technical support	Legitimate Interest - Ensuring platform security and functionality
Anonymized research (if you consent separately)	Explicit Consent - You will be asked separately for this (see Section 8)

Special Category Data: Your symptom and health data is classified as "special category" health data under UK GDPR. We process this data under Article 9(2)(h) - for health or social care purposes and the provision of health treatment - and in accordance with Schedule 1, Part 1, Paragraph 2 of the Data Protection Act 2018.

4. How We Use Your Information

Essential Program Functions:

• Account Management - Creating and maintaining your user account
• Progress Tracking - Recording which exercises you've completed and at what level
• Symptom Monitoring - Tracking your symptoms over time to assess improvement
• Clinical Assessment - Storing your POPSS scores and assessment responses for your healthcare provider to review
• Personalized Experience - Showing you your progress dashboards and determining which exercises to unlock next
• Communication - Sending you program-related information (e.g., password resets, important updates)

What We Do NOT Do:

• We do not sell your data to third parties
• We do not use your data for marketing purposes
• We do not share your identifiable health data with anyone outside your direct care team without your explicit consent
• We do not use your data for automated decision-making or profiling

5. Cookies

What Are Cookies?

Cookies are small text files stored on your device that help websites function properly. The West 6 platform uses only essential cookies required for the platform to work.

Essential Cookies We Use:

Cookie Name	Purpose	Duration
MoodleSession	Maintains your login session so you don't have to log in on every page	Session (deleted when you close your browser)
MoodleID	Remembers your login preferences	Persistent (up to 1 year)

Do You Need to Accept Cookies? These cookies are strictly necessary for the platform to function and are exempt from consent requirements under UK data protection law. However, if you block cookies in your browser, the platform will not work properly.

Analytics/Marketing Cookies: We currently do not use any analytics, advertising, or tracking cookies. If we introduce these in future, we will update this policy and ask for your separate consent.

6. Who Has Access to Your Information

Your Healthcare Provider

Your designated physiotherapist/healthcare provider (Gemma [Last Name]) has access to your:

• Account details
• Exercise progress
• Symptom assessment responses
• POPSS scores
• Timeline of improvement

This access is necessary to monitor your rehabilitation and adjust your treatment plan.

Platform Administrators

Technical administrators have access to your data for:

• Technical support
• Platform maintenance
• Security purposes

Administrators are bound by confidentiality agreements and data protection policies.

Third Parties

We use the following third-party services:

• Moodle Hosting Provider - [Your hosting company] - hosts the platform infrastructure
• Email Service - [Your email provider if applicable] - sends system emails

All third parties are carefully selected, sign Data Processing Agreements, and are required to comply with UK GDPR.

Legal Requirements

We may disclose your information if required by law, court order, or regulatory authority.

7. How We Protect Your Information

Technical Safeguards:

• Encryption - All data is transmitted over secure HTTPS connections
• Password Protection - Your password is encrypted and never stored in plain text
• Access Controls - Only authorized personnel can access patient data
• Regular Backups - Your data is backed up regularly to prevent loss
• Secure Hosting - Our platform is hosted on secure, UK-based servers [adjust based on your setup]

Organizational Safeguards:

• Staff training on data protection
• Confidentiality agreements
• Regular security reviews
• Incident response procedures

8. Research Consent (Optional)

We may seek your separate, optional consent to use your anonymized data for research purposes to improve pelvic floor rehabilitation methods and outcomes.

What This Means:

• Your data would be fully anonymized - no names, email addresses, or identifying information
• Only aggregated statistics and trends would be analyzed (e.g., "70% of patients improved by Level 3")
• Results may be published in medical journals or conferences
• You can opt out at any time without affecting your access to the program

This is completely voluntary. You will be asked separately whether you agree to this when you first log in, and you can change your mind at any time in your account preferences.

9. How Long We Keep Your Information

Data Type	Retention Period	Reason
Account Information	Duration of treatment + 7 years after completion	Medical records retention requirements (UK NHS standard)
Health/Symptom Data	Duration of treatment + 7 years after completion	Medical records retention requirements
Exercise Progress Data	Duration of treatment + 7 years after completion	Clinical audit and continuity of care
Technical Logs	12 months	Security and troubleshooting
Anonymized Research Data (if consented)	Indefinitely	Cannot be re-identified; contributes to medical research

After these periods, your data will be securely deleted unless there is a legal requirement to retain it longer.

10. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

Right to Access

You can request a copy of all personal data we hold about you (known as a "Subject Access Request").

Right to Rectification

If your information is inaccurate or incomplete, you can ask us to correct it.

Right to Erasure ("Right to be Forgotten")

You can ask us to delete your data in certain circumstances. However, we may need to retain some data to comply with medical records retention requirements.

Right to Restrict Processing

You can ask us to limit how we use your data in certain situations.

Right to Data Portability

You can request your data in a machine-readable format to transfer to another provider.

Right to Object

You can object to processing based on legitimate interests. For research consent, you can withdraw consent at any time.

Right to Complain

If you're unhappy with how we've handled your data, you can complain to the UK Information Commissioner's Office (ICO):

• Website: https://ico.org.uk
• Phone: 0303 123 1113

11. Data Transfers

Your data is stored on servers located in [UK/EU - specify based on your hosting].

We do not transfer your personal data outside the UK/EEA. If we need to do so in future, we will:

• Inform you in advance
• Ensure adequate safeguards are in place (e.g., Standard Contractual Clauses)
• Obtain your consent if required

12. Children's Privacy

The West 6 program is designed for adults. We do not knowingly collect information from individuals under 18 years of age. If you are under 18, please do not register or provide any information without parental consent.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make significant changes, we will:

• Update the "Last Updated" date at the top of this policy
• Notify you via email or prominent notice on the platform
• Ask you to review and accept the updated policy when you next log in

You can always access the current version of this policy via the footer link on every page.

14. Questions and Contact