GDPR PRIVACY NOTICE 2019

To book an appointment, please call 07954 327614

Scope

This notice refers to personal data, which is defined as information concerning any living person (a natural person, also known as the Data Subject) that is not already in the public domain.

The General Data Protection Regulation (GDPR) which is EU wide and far more extensive than its predecessor, the Data Protection Act, along with the Privacy and Electronic Communications Regulations (PECR), seek to protect and enhance the rights of EU data subjects. These rights cover the safeguarding of personal data, protection against the unlawful processing of personal data and the unrestricted movement of personal data within the EU and its storage within the EEA.

1. Osteopathy for Wellbeing, based at Town House, Market Street, Hailsham BN27 2AE and at Saint Luke’s Parish Centre, Rattle Road, Stone Cross BN24 5EB and at 27 Riders Bolt, Bexhill-on-Sea TN39 4JY, is pleased to provide the following information:

2. Who we are

We are osteopaths. We diagnose and treat health conditions. We may also provide other treatments.

3. Personal Data

  • For the purposes of providing treatment, we may require detailed medical information. We will only collect what is relevant and necessary for your treatment. You could refuse to provide this information, but in that case we would not be able to provide treatment. When you visit our practice, we will make notes which may include details concerning your medication, treatment, medical history and other issues affecting your health. The data is always held securely and is not shared with anyone not involved with your treatment. To be able to process your personal data it is a condition of any treatment that you give your explicit consent to allow us to document your personal medical data. Contact details provided by you such as telephone numbers, email addresses and postal addresses may be used to remind you of future appointments and provide reports or other information concerning your treatment.
  • We may also use the contact details provided by you to respond to your enquiries, including making telephone contact and emailing information to you which we believe may be of interest, for example, health related articles.
  • In making initial contact with the practice you agree to us maintaining a dialogue with you until either you opt out (which you can do at any time) or we decide to stop promoting our services. Osteopaths do not sell or broker your data and you can ask to be removed from our communications database by emailing or phoning the practice using the contact details provided at the end of this Privacy Notice.
  • Some basic personal data may be collected about you from the forms you complete, records of our correspondence and phone calls, and details of your visits to our website, including but not limited to, Internet Protocol (IP) addresses.
  • Our website uses cookies, which are a string of information that a website stores on a visitor’s computer and that the visitor’s browser provides to the website each time the visitor returns. WordPress.org uses cookies to help identify and track visitors and for their website access preferences. Website visitors who do not wish to have cookies placed on their computer should set their browsers to refuse cookies before using our website.

4. Legal basis for processing any personal data

The legal basis is to meet our contractual obligations obtained from your explicit patient consent.

5. Legitimate interests pursued by us

We promote treatments for patients with all types of health problems indicated for osteopathic care. We have a legitimate interest in collecting your information because without it we could not do our jobs effectively and safely. We also have a legitimate interest to respond to your enquiries concerning the services we provide.

6. Consent

Through agreeing to this Privacy Notice you are consenting to us processing your personal data for the purposes outlined. You can withdraw consent at any time by using the postal address, email address or telephone number provided at the end of this Privacy Notice.

7. Disclosure

We will keep your personal information safe and secure. Only staff engaged in providing your treatment will have access to your patient records. We will not disclose your personal information unless compelled to in order to meet legal obligations, regulations or valid government requests.

8. Retention Policy

We will process your personal data for the duration of your treatment and will continue to store only the personal data needed for eight years after the contract has expired to meet our legal obligations. After eight years all personal data will be deleted, unless the basic information needs to be retained by us to meet our future obligations to you, such as erasure details. Records concerning minors who have received treatment will be retained until the child reaches the age of 25.

9. Data storage

All data is held securely. Your patient records are stored on paper in our offices. These offices are kept locked when we are not there.

10. Your rights as a data subject

At any point while we are in possession of or are processing your personal data, you have the following rights:

  • Right of access – you have a right to request a copy of the information that we hold about you.
  • Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
  • Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
  • Right to restriction of processing – where certain conditions apply you have a right to restrict processing.
  • Right of portability – you have the right to have the data we hold about you transferred to another organisation.
  • Right to object – you have the right to object to certain types of processing such as direct marketing.
  • Right to object to automated processing, including profiling – you also have the right not to be subject to the legal effects of automated processing or profiling.

In the event that we refuse your requests under rights of access, we will provide you with a reason why, which you have the right to legally challenge. At your request we can confirm what information we hold about you and how it is processed.

11. To access what personal data is held, identification will be required.

We will accept the following forms of identification (ID) when information on your personal data is requested: a copy of your driving licence, passport, birth certificate and a utility bill not older than three months. A minimum of one piece of photographic ID and a supporting document is required. If we are dissatisfied with the quality, further information may be sought before personal data can be released. All requests should be made to admin@osteopathyforwellbeing.co.uk or by phoning 07954 327614 or writing to us at the address below.

12. Complaints

In the event that you wish to make a complaint about how your personal data is being processed by us, you have the right to complain to us. If you do not get a response within 30 days, you can complain to the ICO.

The details for each of these contacts are:

Clare Kersley (Senior Osteopath), Osteopathy for Wellbeing

Telephone 07954 327614 or email clare@osteopathyforwellbeing.co.uk

Address: Osteopathy for Wellbeing, Town House, Market Street, Hailsham BN27 2AE  or Osteopathy for Wellbeing, 27 Riders Bolt, Bexhill-on-Sea TN39 4JY

ICO

Wycliffe House, Water Lane, Wilmslow SK9 5AF Telephone +44 (0) 303 123 1113  or email https://ico.org.uk/global/contact-us/email/

 

 

Comments are closed.