Why we collect personal data about you and what we do with them
When you supply your personal details to this clinic, they are stored and processed for four
- We need to collect personal information about your health in order to provide the best possible treatment that is safe and appropriate for you. In legal terms, your request for treatment and our agreement to provide that care constitutes a contract. You can, of course, refuse to provide that information but if you were to, we would not be able to provide treatment or advice to you.
- In legal terms we have a “Legitimate Interest” in collecting the information, because without it we would not be able to fulfil our obligations to treat you safely and effectively.
- We believe it is important to be able to contact you in order to confirm and remind you of your appointments with us, and to update you on matters related to your health care. This again constitutes a “Legitimate Interest”, but this time it is your legitimate interest.
- Provided we have your consent, we may occasionally send you general health information, or relevant information about the clinic in the form of articles, advice or newsletters. You may withdraw this consent at any time – just let us know by any convenient method.
We have a legal obligation to retain your records for eight years after your most recent appointment (or age 25, if this is longer), but after this period you can ask us to delete your records if you wish. Otherwise, we may retain your records for longer in order that we can provide the best care to you if you should need to consult us at a future date.
When we do destroy patient records, this is always done securely, with no personal information left identifiable.
Your records are stored:
- on paper, in filing cabinets located in our offices that are always locked and alarmed out of working hours.
- electronically (“in the cloud”), using a specialist medical records service (PracticePal). PracticePal has given us their assurance that they are fully compliant with the General Data Protection Regulations (GDPR). Access to this information is password-protected and the passwords are changed regularly.
- on our office computers. These computers are password-protected, backed up regularly, and the offices are always locked and alarmed out of working hours.
We will never share your data with anyone who does not need access without your written consent. Only the following people/agencies will have routine access to your data:
- PracticePal, who store and process our files and issue your appointment reminders.
- Your practitioner(s), in order to provide you with treatment and advice.
- Our reception staff, because they organise our practitioners’ diaries, coordinate appointments and liaise with our patients.
- Other administrative staff, such as our bookkeeper. Our administrative staff do not have access to your health records or other sensitive personal information.
- MailChimp, who we use to coordinate and distribute general health and clinic information in the form of emails. They may hold your name and email address on their servers but do not have access to any other information about you. MailChimp have assured us that they are compliant with GDPR.
From time to time we may have to employ consultants to perform tasks which might give them access to your personal data (but not your health records). We will ensure that they are fully aware that they must treat that information as confidential and we will ensure that they sign a nondisclosure agreement.
You have the right to see what personal data of yours we hold, and you can ask us to correct any factual errors. Provided the legal minimum period has elapsed, you can also ask us to erase your records.
We want you to be absolutely confident that we are treating your personal data responsibly, and that we do everything we can to ensure the only people who can access those data have a genuine need to do so. If you feel that we are mishandling your data in some way, you have the right to complain. Complaints need to be sent to the “Data Controller”. Our Data Controller is:
Arch Point House
7 Queen Mother Square
If you are not satisfied with our response, then you have the right to raise the matter with the Information Commissioner’s Office.
Cookies are used on this site purely to improve services for you through, for example:
•enabling a service to recognise your device so you don’t have to give the same information several times during one task
•recognising that you may already have given a username and password so you don’t need to do it for every web page requested
•measuring how many people are using the site, so it can be made easier to use and there’s enough capacity to ensure it is fast enough
We use Google Analytics to measure how many people use this site. We do this to make sure the site is meeting users’ needs and to understand how we could improve it.
Google Analytics stores information about what pages you visit, how long you are on the site, how you got here and what you click on. We do not collect or store any personal information (e.g. your name or address) so this information cannot be used to identify who you are.
If you want to delete any cookies that are already on your computer, please refer to the help and support area on your internet browser for instructions on how to locate the file or directory that stores cookies.
Please note that by deleting our cookies or disabling future cookies you may not be able to access certain areas or features of our site.
To find out more about cookies please visit: http://www.allaboutcookies.org and see http://www.youronlinechoices.eu which contains further information about behavioural advertising and online privacy.
Last updated: May 2018