Call us 01245 699 152

Privacy Policy

 

Inspired Health Chiropractic - Privacy Notice

 

Introduction

At Inspired Health Chiropractic we are committed to protecting; your privacy, that of our employees, and of our suppliers. To comply with the new General Data Protection Regulation (GDPR), we have implemented robust policies, programs, and practices to protect this personal information.

This privacy notice seeks to describe the lawful reason for us to collect your personal information during your time at the clinic, how and why we process it and how long we keep it for. It also sets out your rights regarding this data and the way to contact us with any questions or complaints you may have.

This policy applies to all former, current, and new patients.

 

Data protection principles

The new GDPR regulation requires that the personal data we collect and store shall be:

  • Processed lawfully, fairly and in a transparent manner
  • Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes
  • Adequate, relevant, and limited to what is necessary
  • Accurate and, where necessary, kept up to date
  • Kept in a form which permits identification of data subjects for no longer than is necessary
  • Stored and processed securely

 

Type of information we process

When you become a patient, make a healthcare related enquiry, or visit our website, we collect personal information which may includes some sensitive data.This is necessary to offer the service to you and respond to your enquiry.

Your personal details including; your name, address, date of birth, email address, phone numbers, emergency contact details and GP details with consent to contact them.These are collected and are processed under the lawful basis of legitimate interests as it is essential for the provision of our healthcare service.

We process your sensitive data (Clinical notes, medical information, details of your physical and/or mental health) to deliver the best possible care for you and to comply with our legal and professional healthcare obligations.

We may collect financial information, as part of a contractual agreement if you wish to subscribe to a care plan.

We occasionally send marketing communication by email. We will ask for your consent to use your email address for marketing communication prior to using it. This consent can be withdrawn at any time.

Website - If you visit our website and make an enquiry we will collect your name and email address along with any other information you provide, such as telephone number and reason for contacting us.Under GDPR we have a legitimate interest to process this information

 

If you visit our website then anonymous statistical information about your visit will be collected to assist us in understanding how our site is used, this is captured and managed using cookies.We also use Google analytics to monitor visitor numbers, they may gather your IP address, location and device information.Google analytics information is only used to monitor the use of our website and not for any other purpose, it is stored on Google servers.You can opt not to have your data captured for analytical purposes via your browser settings or add-on.

 

If you do not provide your data to us

One of the reasons for processing your data is to allow us to carry out our duties in line with your care with us. If you do not provide us with the data needed to do this, we may be unable to perform that care or to ensure your best interests are being maintained. We may also be prevented from continuing with your treatment with us due to the medico-legal obligations of our medical governing bodies.

 

Data Security

We have put in place measures to protect the security of your information against accidental loss or disclosure, alteration or unauthorised access. We limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.

Personal data is kept on a cloud-based password protected patient management system. Paper records including informed consent will be scanned and uploaded onto the system and the paper record will be shredded. IT systems are protected with firewalls and data security software are be kept up to date.

 

Sharing your data

Your sensitive data is not passed to any third parties except to other healthcare professionals in relation to your care with prior consent from you.An exception to this is an overriding lawful reason exists for sharing this, such as to protect yours or another person’s vital interests/health; where possible, this is usually only done with your consent.

Your data may be shared with colleagues within Inspired Health Chiropractic when necessary to provide you with tailored care. This includes, other Chiropractors, Chiropractic Assistants, Massage Therapists and team members in the clinic. Psychotherapy notes and session details are not shared with team members.All our team members are trained on data protection and are duty bound do not disclose personal information outside the clinic.

Whilst we always aim to keep your data within the UK, or EU, this may not always be possible.For example, we utilise international encrypted backup systems (Synology, Dropbox, Amazon Cloud). We will only use companies that can demonstrate adequate security to protect your information.

 

How long are records kept?

Legally medical records must be kept for 8 years from the date of your last treatment, and to age 25 years for children so this is the duration of time we store your data for. We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

Where specific concerns have been identified, it may be necessary to retain certain records for a longer period of time.

Your rights

At any point whilst we are in possession of your personal data, you are lawfully entitled with the following rights

  • Right of access – you have the right to request a copy of the information that we hold about you.
  • Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
  • Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
  • Right to restriction of processing –if you believe the data we hold is incorrect or unnecessary, we will stop processing the it until we have ensured that the it is correct or that we have legitimate ground to process it.
  • Right of portability – you have the right to have the data we hold about you transferred to another organisation.
  • Right to object – you have the right to object to certain types of processing such as direct marketing.
  • Right to object to automated processing, including profiling – you also have the right not to be subject to the legal effects of automated processing or profiling.

 

Fees

You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee for a second or subsequent copy of information or if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

 

Your duty to inform us of changes

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your time as a patient with us.

 

Right to withdraw consent

Where you have provided consent to the collection, processing and transfer of your data, you have the right to withdraw that consent at any time. There will be no consequences for withdrawing your consent.

 

Automated decision making

No decision will be made about you solely on the basis of automated decision making (where a decision is taken about you using an electronic system without human involvement) which has a significant impact on you

 

Data controllers

With regards to GDPR Inspired Health Chiropractic is a data controller, meaning that it determines the processes to be used when using your personal data. Our contact details are as follows: Inspired Health Chiropractic, Unit 3, Reeds farm estate, Writtle CM1 3HQ.

 

Questions and complaints

If you have any questions or complaints about this Privacy Notice or how we handle your information, please contact our data protection officer Nic at datacontroller@inspiredhealthchiropractic.com

Alternatively, you have the right to make a complaint at any time to the supervisory authority in the UK for data protection matters, the Information Commissioner’s Office (ICO).

 

Policy Last reviewed on 25th of May 2018