DATA PRIVACY NOTICE
Corrective Chiropractic Clinic.
- Corrective Chiropractic Clinic Data Protection Policy and Summary
Corrective Chiropractic Clinic has a Data Protection Policy, this document is a product of that policy. The EU General Data Protection Regulation (GDPR) and PECR are the main stem of Data Protection provisions within UK and this practice will comply with all relevant legislation. You should also know that we are governed by the provisions laid down by the General Chiropractic Council (GCC) of UK.
We have captured your personal data in order to service your requirements as a patient and provide you with relevant information into the future. This will be done under the auspices of legitimate interest and contract. In some circumstances we may use consent as a reason for retention.
For employees of the Practice as well as contractors; the auspices of contract from each contracted person/entity will be used for holding data. The minimum but adequate personal details will be held in accordance with the specific requirement of the individuals.
It may be necessary to pass personal data to third parties in the course of the running of the business such as using a web builder or using a mailing service. Where this is necessary the third parties will be required to treat the data in accordance with relevant legislation and be subject to Non-disclosure provisions. They will be required to treat the data securely and only for the purpose specified by the clinic.
Corrective Chiropractic is the data controller and the person responsible in the company is Richard Allen and his contact details are set out below. All personal data will be kept in the clinic offices in a secure fashion. The data will only be used for the purposes it was collected.
Richard Allen, our Data Protection Manager can be contacted through firstname.lastname@example.org
- Defining Personal data
Personal data relates to a living individual who can be identified from their data. Identification could be made by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation and any subsequent legislation.
3. Who are we?
We are Corrective Chiropractic a Chiropractic Clinic based in both Aylesbury and Milton Keynes. The Data Protection Manager Richard Allen is responsible for the use and security of your data.
4. How do we process your personal data?
Corrective Chiropractic complies with its obligations under the GDPR and GCC by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
We use your personal data for the following purposes:
- To provide patient (medical) services to our customers;
- To administer the clinic including the provisions required for all employees;
- To maintain our own accounts and records;
- To promote Corrective Chiropractic as an established professional Chiropractic Clinic (practice) in UK;
5. What is the legal basis for processing your personal data?
- Patient Data is collected using legal obligation and contract to ensure the correct medical treatments are provided and recorded.
- Processing is necessary, using legitimate interest for carrying out obligations under financial, employment, social security or social protection law, or a collective agreement.
- Processing where contracts are the essential element.
6. Sharing your personal data
Personal data will be treated as strictly confidential and will only be shared with personnel and other organisations associated with Corrective Chiropractic in order provide company services. This does not include patient (health) data which is entirely confidential and not for sharing unless the patient is being referred to another medical practice with their consent. Corrective Chiropractic will only share your data with third parties for the running of the Practice subject to relevant legal provisions incumbent on all.
7. How long do we keep your personal data?
We keep data in accordance with the ICO and GCC guidance. Patient data will be kept for 10 years so that return medical visits can be easily facilitated after which the patient will be asked to consent to further retention. Contractors and Employees data will be reduced to a minimum on completion of the contract and only kept a record of employment/service for reference purposes. All financial records and associated personal data will be kept for the year of the transaction and 6 full tax years following. Relevant data will be retained as required by law or as indicated in this notice.
8. Your rights and your personal data
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data (do note that some data is not entirely subject to GDPR).
- The right to request a copy of your personal data which Corrective Chiropractic holds about you.
- The right to request that Corrective Chiropractic corrects any personal data if it is found to be inaccurate or out of date.
- The right to request your personal data is erased where it is no longer necessary for Corrective Chiropractic to retain.
- The right to withdraw your consent (if under the consent permission) to the processing at any time.
- The right to request that the data controller provide the data subject with his/her personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), where applicable. [Only applies where the processing is based on consent or is necessary for the performance of a contract with the data subject and in either case the data controller processes the data by automated means].
- The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing.
- The right to object to the processing of personal data, (where applicable).
- The right to lodge a complaint with the Information Commissioner's Office.
9. Further processing
If Corrective Chiropractic wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
10. Your role in Data Protection
If any of your personal information changes please do contact the clinic with the relevant changes to be made regarding your data.
11. Contact Details
To exercise all relevant rights, queries of complaints please in the first instance contact the Data Protection Manager. Richard Allen on 01296 488288 email@example.com
Elmhurst Health Centre, Elmhurst Road, Aylesbury, Bucks, HP20 2AH.
You can contact the Information Commissioner's Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.