Back in Balance: Family Chiropractic Clinic is aware of its obligations under the General Data Protection Regulation (GDPR) and is committed to protecting the privacy and security of your personal information. This privacy notice describes, in line with GDPR, how we collect and use personal data about you/your child.
This notice applies to current and former patients. This version was last updated in May 2018 and historic versions can be obtained by contacting us.
The Data We Collect About You
Personal data or information means any information about an individual from which that person can be identified. This can include, name, contact details, date of birth, email address, marital status, next of kin and their contact numbers, personal medical or health information, letters of referral to or from the clinic regarding your treatment with us, transaction data.
At this clinic, we keep paper and electronic records. Information we write down on paper may be transferred to our electronic system. We may receive information about you from your GP or other health care provider regarding your referral or, with your permission, additional information that will help us continue with your treatment. We may also hold the results of tests that you have undertaken and that are relevant to your treatment with the clinic.
Purposes For Which We Will Use Your Personal Data
We have a “Legitimate and contract Interest” in collecting this information.
To register you as a new patient.
Also, without it we couldn’t do our job effectively and safely.
To collect and recover monies owed.
We also think that it is important that we can contact you in order to confirm your appointments with us or to update you on matters related to your medical care. This again constitutes “Legitimate Interest”, but this time it is your legitimate interest.
Provided we have your consent, we may occasionally send you general health information in the form of articles, advice or newsletters. You may withdraw this consent at any time – just let us know by any convenient method.
We also rely on the legal or regulatory obligation ground to process your data in some circumstances. This means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Disclosure Of Your Personal Data
We may have to share your personal data with the parties set out below for the purposes set out above.
External Third Parties:
Professional healthcare practitioners including x-ray reporters to report on x-rays, to facilitate a referral, to keep your GP informed and any locum chiropractors working for us to facilitate your continued treatment.
Service providers based in UK who provide IT and system administration services
We also use email marketing software to coordinate our messages, so your name and email address may be saved on their server. (GDPR compliant)
Professional advisers including lawyers, bankers, auditors and insurers based in the United Kingdom who provide consultancy, banking, legal, insurance and accounting services (but they do not have access to your medical history or sensitive personal information)
HM Revenue & Customs, regulators and other authorities based in the United Kingdom who require reporting of processing activities in certain circumstances.
We may also share your data with third parties as part of a Clinic sale or restructure, or for other reasons to comply with a legal obligation upon us. We would always keep you informed of these situations.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We have a legal obligation to retain your records for 8 years after your most recent appointment (or age 25, if this is longer), but after this period we will dispose of any records in a secure manner.
Your Duty To Inform Us Of Changes
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your time as a patient with us.
Your Rights In Relation To Your Data
If you want to access your data, erase or correct your data, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party. If you want to exercise any of the above rights, please contact Data Controller in writing.
You will not have to pay a fee. However, we may charge a reasonable fee for a second or subsequent copy of information or if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We want you to be absolutely confident that we are treating your personal data responsibly, and that we are doing everything we can to make sure that the only people who can access that data have a genuine need to do so. Of course, if you feel that we are mishandling your personal data in some way, you have the right to complain.
If you are not satisfied with our response, then you have the right to raise the matter with the Information Commissioner’s Office.
Milan Patel -Data Controller
Back in Balance: Family Chiropractic
C/O Laurels Surgery, Boreham, Essex, CM3 3DX