top of page



This privacy notice lets you know what happens to any personal or sensitive personal data that you give us, or any information that we may collect from you or about you from other organisations. Please read this privacy notice carefully, as it contains important information.


This notice explains:

  • Your rights under the Cayman Islands Data Protection Act

  • Information about who we are and our contact information

  • The types of information about you we hold and use

  • The legal grounds for processing your personal information, including when we share it with others

  • What you should do if any of your information changes

  • How long we retain your personal information

  • Your rights under the Cayman Islands Data Protection Act 2017


The Cayman Islands Data Protection Act 2017 became law on 30 September 2019. Vitality Physiotherapy Centre Ltd. T/A Vitality Physio & Wellness (VPW) is committed to complying with this law and handling, protecting, and safeguarding your data in a responsible manner.

This Privacy Notice is current from 10 January 2024 and is reviewed annually. Periodically we may make changes to our policies, processes and systems in relation to how we handle your personal information. We will update this Notice accordingly. This Notice and any subsequent changes will be made available on our website


Your Rights Under The Data Protection Act

 The act grants you the following rights:

  • The right to be informed

  • The right of access

  • The right to rectification

  • The right to stop/restrict processing

  • The right to stop direct marketing

  • The right in relation to automated decision making

  • The right to complain and seek compensation

Clinic Information

Vitality Physiotherapy Centre Ltd. T/A Vitality Physio & Wellness
Pasadora Place, Unit 6, 94 Smith Road, George Town, Grand Cayman, Cayman Islands
P.O. Box 11254, Grand Cayman KY1-1008, Cayman Islands

VPW is a Data Controller of your information. This means we are responsible for collecting, storing and handling your personal and healthcare information when you register with us as a patient. There may be times where we also process your information. That means we use it for a particular purpose and, therefore, on those occasions we may also be Data Processors. The purposes for which we use your information are set out in this Privacy Notice.


The types of information we collect include personal data and sensitive personal data. Personal data is any information relating to a living individual who can be directly or indirectly identified. Sensitive personal data is personal data consisting of the data subject’s physical condition and other medical data. We collect information that is necessary and relevant to provide you with physiotherapy care and manage our practice.


The information we will collect about you will include:

  • Personal Information - including name, age, date of birth, gender, mailing address, residential address, contact telephone numbers and email address.

  • Next of kin information - including name, telephone number and relationship to you.

  • Employment information - including name, address, telephone number

  • Health insurance information - including the name of the insurance company, the policy owner, the policy number and your insurance identification number. The contact name and number of the person responsible for the bill if it is unpaid will also be collected.

  • Appointment & Encounters details with VPW - including notes about visits and details of your treatment and care and proposed plan, including referrals.

  • Health Information - including personal and family medical history.

  • Outgoing Information - including referrals, and correspondence e.g. with health insurance providers or your medical doctor.

  • Incoming Information - including information received from other healthcare professionals and medical facilities, caregivers and relatives. Also, information received from health insurance providers, government agencies and other organisations

  • Information about test results - including radiology, pathology and laboratory reports.

The Legal Basis for Collecting and Processing Your Information

Our data collected will be adequate, relevant and not excessive in relation to the purpose or purposes for which they are collected or processed. We need your personal, sensitive and confidential data in order to provide you with the best service and care.

You will be asked to give consent to collect and process your personal and sensitive personal data.


How We Collect Information

We collect information in various ways, such as over the phone, in writing, in person or over the internet if you transact with us online. Wherever practicable we will only collect information from you personally. However, we may also need to collect information from other sources such as treating specialists, radiologists,  hospitals, other health care providers. In emergency situations we may also need to collect information from your relatives or friends.


How We Use and Disclose Your Information

We collect and hold data about you for the purpose of providing safe and effective care. We will treat your personal information as strictly private and confidential. We will only use or disclose it for purposes directly related to your care and treatment, or in ways that you would reasonably expect that we may use it for your ongoing care and treatment. We may need to share information with other healthcare providers when we make a referral. This is done to ensure you receive the care you need.


Information may be provided to:

  • Imaging centres

  • Other medical facilities including doctors, nurses and support staff who may receive the information

  • Other persons involved with your care such as relatives, friends and caregivers if consent has been given for information to be released to them

  • Insurance providers including when we submit a claim on your behalf for services rendered or request precertification of services.


You can withdraw consent to provide information to any one of the entities above, but this may result in a delay of care or in you having to pay for the services you receive at VPW. We may also be required to share your information to third parties. This includes the Police, the Courts, insurers, attorneys, government regulatory bodies. 

Accuracy of Information

We will make every effort and take all reasonable steps to ensure that the data we process is accurate and up to date. However, it is your responsibility to advise VPW of any change in your information, particularly your name, mailing address, telephone number, email address, insurance provider and next of kin. You have the right to request that VPW rectifies, blocks, erases or destroys inaccurate data without delay.


Accessing Your Data

You have the right to view or have a copy of the data we hold with. You do not need to give a reason for your request. You have the right to request that your personal and/or healthcare information is transferred, in an electronic form (or other form), to another organisation, but we will require your clear consent to be able to do this. You have the right to ask for your information to be removed, however, if we require this information to assist us in providing you with appropriate medical services and diagnosis for your care, then removal may not be possible. Sometimes we record information about third parties mentioned by you to us during any consultation. We are under an obligation to make sure we also protect that third party’s rights as an individual and to ensure that references to them which may breach their rights to confidentiality, are removed before we send any information to any other party including yourself. Third parties can include: spouses, partners, and other family members. 


Data Storage

Your data is stored in an electronic medical record system (Jane App) which is cloud based and is PIPEDA, GDPR, HIPAA and Cayman Islands Data Protection Act compliant.


Data Retention

Data will be deleted when it is no longer needed in any given format. VPW will maintain your medical records for a period of ten (10) years after your last encounter at the Clinic.


Transfer of Information

With your consent medical records may be transferred to non-European countries e.g. if medical records are required by a medical facility in the United States for continuity of care. Data may also be transferred in other circumstances as laid out in the Data Protection Act.


Safety and Confidentiality of Information

VPW will take appropriate technical and organisational measures against unauthorised or unlawful processing of your personal data and against accidental loss or destruction of, or damage to your personal data.


Personal information that we hold is protected by:

  • Securing our premises

  • Placing passwords and varying access levels on databases to limit access and protect electronic information from unauthorised interference, access, modification and disclosure


Everyone working for our organisation is subject a confidentiality agreement. Information provided in confidence will only be used for the purposes advised with consent given by the patient, unless there are other circumstances covered by the law. We maintain our duty of confidentiality to you at all times. We will only ever use or pass on information about you if we reasonably believe that others involved in your care have a genuine need for it. We will not disclose your information to any third party without your permission unless there are exceptional circumstances (such as a risk of serious harm to yourself or others) or where the law requires information to be passed on.



If you have a concern about the way we handle your personal data or you have a complaint about what we are doing, or how we have used or handled your personal and/or healthcare information, then please contact us in writing. Upon receipt of a complaint we will consider the details and attempt to resolve it in accordance with our complaints handling procedures.

You also have the right to complain to the Ombudsman about any perceived violation of the DPL, and to seek compensation for damages in the courts.


Data Breach

A personal data breach can be broadly defined as a (security) incident that has affected the confidentiality, integrity or availability of personal data. In other words, a personal data breach occurs whenever any personal data is lost, destroyed, corrupted or disclosed; if someone accesses the data or passes it on without proper authorisation; or if the data is made unavailable, for example, when it has been encrypted by ransomware, or accidentally lost or destroyed due to a malfunction of the storage medium.


In the unlikely event of a security incident taking place, we will endeavor to quickly establish whether a personal data breach has occurred and, if so, promptly take steps to address it, including telling the Ombudsman and the individuals that may be affected if there are likely risks to the rights and freedoms of the individuals affected. All data breaches will be reported to the Ombudsman and the individual(s) whose data was breached, without undue delay and no later than 5 days after, unless the breach is unlikely to prejudice the rights and freedoms of the affected data subjects.



If you are unclear about how we process or use your information or have questions relating to the protection of your data, please contact us.

bottom of page