(The bits in bold are the relevant terms used in the Data Protection Act 2018, which includes the new General Data Protection Regulation)
When you supply your personal details to us, they are stored and processed for 4 reasons:
1. We need to collect personal information about your health in order to provide you with the best possible treatment. You requesting treatment and our agreement to provide that care constitutes a contract.
2. We have a 'legitimate interest' in collecting that information, because without it we couldn't do our job effectively and safely.
3. We also think that is important that we can contact you in order to confirm your appointments with us or to update you on matters related to your medical care. This again constitutes 'legitimate interest' but this time it is your legitimate interest.
4.Provided we have your consent, we may occasionally send you general health information in the form of articles, advice or newsletters. You may withdraw this consent at any time- just let us know by any convenient method.
Information held on individuals 16 years of age or older is required to be retained for 8 years, for those under 16 the records will be held until the age of 25years. After this records will be destroyed securely.
What information will we require?
In order to provide chiropractic services, we are required to process the following categories of data:
-Personal data such as your name, address, date of birth, gender, contact details and details of lifestyle.
-Special categories of personal data such as health
We are sometimes required to process receipts, invoices or reports.
How are your details stored?
- On paper locked in filing cabinets, and the offices are always locked out of working hours.
-Electronically ('in the cloud') using a provider who has given us their assurances that they are fully compliant with the General Data Protection Regulations. Access to this date is password protected, and the passwords are changed regularly.
-On our office computers. These are password-protected, backed up regularly, and the offices are locked out of working hours.
Who has access to your data?
We will never share your data with anyone who does not need access. Only the following people/agencies will have routine access to your data:
- Katie Hopper who is the Data Controller of the information that you provide to us.
-The organisation that administer our online booking service- Cliniko.com- who are fully compliant with General Data Protection Regulations
-Other administration staff, such as our accountant
You have the right to see what personal data of yours we hold and you can also ask us to erase your records provided the legal minimum period has elapsed.
If you believe that any information being held is incorrect or incomplete, please let me know as soon as possible by writing to or emailing the clinic.
If you are dissatisfied with any aspect of the way in which the clinic is processing your data please contact the 'data controller' Here are the details you need for that:
Data Controller: Katie Hopper
Tel: 02380 582245
Address: Lasting Touch Chiropractic, The Yard, Ashton Lane, Bishops Waltham, SO32 1FN
If you are not satisfied with out response, then you have the right to raise the matter with the Information Commissioner's Office.