GDPR Policy
Scope
This document refers to personal data, which is defined as information concerning any living person (a natural person who hereafter will be called the Data Subject) that is not already in the public domain.
The General Data Protection Regulation (GDPR) which is EU wide and far more extensive than its predecessor the Data Protection Act, along with the Privacy and Electronic Communications Regulations (PECR), seek to protect and enhance the rights of EU data subjects. These rights cover the safeguarding of personal data, protection against the unlawful processing of personal data and the unrestricted movement of personal data within the EU and its storage within the EEA.
1 - Your Practice: Thomas Pedersen Osteopathy, based at 40b High street St Neots PE19 1JA and Letchworth Tennis club, Muddy Lane, Letchworth, SG6 3TB, which hereafter for the purposes of this Privacy Notice will be referred to as the Osteopaths, is pleased to provide the following information:
2 - Who we are
The Osteopaths diagnose and treat health conditions. Treatments are carried out
in accordance with the Institute of Osteopathy’s patient charter http://www.iosteopathy.org/osteopathy/the-patient-charter/. The
practice may also provide other treatments, about which our staff will be
pleased to provide more details.
3 - Personal Data
a) For the purposes of providing treatment, Osteopaths may require detailed
medical information. We will only collect what is relevant and necessary for
your treatment. When you visit our practice, we will make notes which may
include details concerning your medication, treatment and other issues
affecting your health. This data is always held securely, is not shared with
anyone not involved in your treatment, although for data storage purposes it
may be handled by pre-vetted staff who have all signed an integrity and
confidentiality agreement. To be able to process your personal data it is a condition
of any treatment that you give your explicit consent to allow Osteopaths to
document and process your personal medical data. Contact details provided by
you such as telephone numbers, email addresses, postal addresses may be used to
remind you of future appointments and provide reports or other information
concerning your treatment.
b) For marketing purposes, the Osteopaths may also use the contact details
provided by you to respond to your enquiries, including making telephone
contact and emailing information to you which the practice believes may be of
interest to you.
c) In making initial contact with the practice you consent to Osteopaths
maintaining a marketing dialogue with you until you either opt out (which you
can do at any time) or we decide to desist in promoting our services.
Osteopaths may occasionally also act on behalf of its patients in the capacity
of data processor, when we may promote other practitioners based at our
premises, who may not be employed by us. Osteopaths do not broker your data and
you can ask to be removed from our marketing database by emailing or phoning
the practice using the contact details provided at the end of this Privacy
Notice.
d) Some basic personal data may be collected about you from the marketing forms
and surveys you complete, from records of our correspondence and phone calls
and details of your visits to our website, including but not limited to,
personally identifying information like Internet Protocol (IP) addresses.
e) Osteopaths’ website uses cookies, which is a string of information that a
website stores on a visitor’s computer, and that the visitor’s browser provides
to the website each time the visitor returns. WordPress.org uses cookies to
help Osteopaths to identify and track visitors and their website access
preferences. Osteopaths’ website visitors who do not wish to have cookies
placed on their computers should set their browsers to refuse cookies before
using Osteopaths’ website.
f) Osteopaths will only collect the information needed so that we can provide
you with the services you require, the business does not sell or broker your
data.
4 - Legal basis for processing any personal
data
To meet our contractual obligations obtained from explicit Patient Consent and
legitimate interest to respond to enquiries concerning the services provided.
5 - Legitimate interests pursued by Osteopaths
To promote treatments for patients with all types of health problems indicated
for osteopathic care.
6 – Consent
Through agreeing to this privacy notice you are consenting to Osteopaths
processing your personal data for the purposes outlined. You can withdraw
consent at any time by using the postal, email address or telephone number
provided at the end of this Privacy Notice.
7 – Disclosure
Osteopaths will keep your personal information safe and secure, only staff
engaged in providing your treatment will have access to your patient records,
although our administration team will have access to your contact details so that
they can make appointments and manage your account. Osteopaths will not
disclose your Personal Information unless compelled to, in order to meet legal
obligations, regulations or valid governmental requests. The practice may also
enforce its Terms and Conditions, including investigating potential violations
of its Terms and Conditions to detect, prevent or mitigate fraud or security or
technical issues; or to protect against imminent harm to the rights, property
or safety of its staff.
8 - Retention Policy
Osteopaths will process personal data during the duration of any treatment and
will continue to store only the personal data needed for eight years after the
contract has expired to meet any legal obligations. After eight years all
personal data will be deleted, unless basic information needs to be retained by
us to meet our future obligations to you, such as erasure details. Records
concerning minors who have received treatment will be retained until the child
has reached the age of 25.
9 - Data storage
All Data is held in the United Kingdom. Osteopaths does not store personal data
outside the EEA.
10 - Your rights as a data subject
At any point whilst Osteopaths are in possession of, or processing your
personal data, all data subjects have the following rights:
In the event that Osteopaths refuses your request under rights of access, we
will provide you with a reason as to why, which you have the right to legally
challenge. At your request Osteopaths can confirm what information it holds
about you and how it is processed.
11 - You can request the following information:
12 - To access what personal data is
held, identification will be required
Osteopaths will accept the following forms of identification (ID) when
information on your personal data is requested: a copy of your driving licence,
passport, birth certificate and a utility bill not older than three months. A
minimum of one piece of photographic ID listed above and a supporting document
is required. If Osteopaths is dissatisfied with the quality, further
information may be sought before personal data can be released. All requests
should be made by phoning +44 (0)7966018867 or writing to us at the address
further below.
13 Complaints
In the event that you wish to make a complaint about how your personal data is
being processed by Osteopaths you have the right to complain to us. If you do
not get a response within 30 days, you can complain to the ICO.
The details for each of these contacts are:
Thomas Pedersen
Telephone
07966018867 or
email: info@stneotsosteopaths.co.uk
ICO
Wycliffe House, Water Lane, Wilmslow, SK9 5AF Telephone +44 (0) 303 123 1113 or
email: https://ico.org.uk/global/contact-us/email/
© All rights reserved