Privacy policy.
I, Claire Shepherd BSc DC MBCA, am committed to protecting your privacy. To comply with the General Data Protection Regulation (GDPR) I have implemented robust policies, programs and practices to protect this personal information.
This privacy notice seeks to describe the lawful reason for me to collect your personal information during your time at the clinic, how and why I process it and how long I keep it for. It also sets out your rights regarding this data and how to contact me should you have any questions or complaints.
This policy applies to all former, current, and new patients.
Data Protection Principles
The new GDPR regulation requires that the personal data I collect and store shall be:
Processed lawfully, fairly and in a transparent manner
Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes
Adequate, relevant, and limited to what is necessary
Accurate and, where necessary, kept up to date
Kept in a form which permits identification of data subjects for no longer than is necessary
Stored and processed securely
Type Of Information We Process
When you become a patient, make a healthcare related enquiry, or visit my website, personal information is collected which may include some sensitive data. This is necessary to offer the service to you and respond to your enquiry.
Your personal details including; your name, address, date of birth, email address, phone numbers, emergency contact details and GP details with consent to contact them. These are collected and are processed under the lawful basis of legitimate interests as it is essential for the provision of our healthcare service.
I process your sensitive data (Clinical notes, medical information, details of your physical and/or mental health) to deliver the best possible care for you and to comply with our legal and professional healthcare obligations.
I may collect financial information, as part of a contractual agreement if you wish to subscribe to a care plan.
I may occasionally send marketing communication by email. You will be asked for consent to use your email address for marketing communication prior to using it. This consent can be withdrawn at any time.
Website – If you visit my website and make an enquiry, I will collect your name and email address along with any other information you provide, such as telephone number and reason for contacting us. Under GDPR we have a legitimate interest to process this information
If you visit my website then anonymous statistical information about your visit will be collected to assist us in understanding how our site is used, this is captured and managed using cookies.
If You Do Not Provide Your Data To Us
One of the reasons for processing your data is to allow me to carry out my duties in line with your care. If you do not provide me with the data needed to do this, I may be unable to perform that care or to ensure your best interests are being maintained. I may also be prevented from continuing with your treatment due to the medico-legal obligations of my governing body, the GCC (General Chiropractic Council.)
Data Security
I have put in place measures to protect the security of your information against accidental loss or disclosure, alteration or unauthorised access. I limit access to your personal information to those employees, agents, contractors and other third parties who have a business to need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
Personal data is kept on a cloud-based password-protected patient management system. Paper records including informed consent will be scanned and uploaded onto the system and the paper record will be shredded. IT systems are protected with firewalls and data security software is kept up to date.
Sharing Your Data
Your sensitive data is not passed to any third parties except to other healthcare professionals in relation to your care with prior consent from you. An exception to this is if an overriding lawful reason exists for sharing this, such as to protect yours or another person’s vital interests/health; where possible, this is usually only done with your consent.
Your data may be shared with other chiropractic colleagues when necessary, to provide you with tailored care. All chiropractors are trained in data protection and are duty-bound to not disclose personal information outside the clinic.
Whilst I will always aim to keep your data within the UK, or EU, this may not always be possible. For example, we utilise international encrypted backup systems. We will only use companies that can demonstrate adequate security to protect your information.
Practice Hub Privacy link: https://practicehub.io/new-policies/privacy/
How Long Are Records Kept?
Legally, medical records must be kept for 8 years from the date of your last visit, and to age 25 years for children. This is the duration of time your data will be stored for. I will only retain your personal data for as long as necessary to fulfil the purposes I collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
Where specific concerns have been identified, it may be necessary to retain certain records for a longer period of time.
Your Rights
At any point whilst I am in possession of your personal data, you are lawfully entitled with the following rights
Right of access – you have the right to request a copy of the information that I hold about you.
Right of rectification – you have a right to correct data that I hold about you that is inaccurate or incomplete.
Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from my records.
Right to restriction of processing –if you believe the data I hold is incorrect or unnecessary, I will stop processing it until I have ensured that it is correct or that I have legitimate grounds to process it.
Right of portability – you have the right to have the data I hold about you transferred to another organisation.
Right to object – you have the right to object to certain types of processing such as direct marketing.
Right to object to automated processing, including profiling – you also have the right not to be subject to the legal effects of automated processing or profiling.
Fees
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, I may charge a reasonable fee for a second or subsequent copy of information or if your request for access is clearly unfounded or excessive. Alternatively, I may refuse to comply with the request in such circumstances.
Your Duty To Inform Us Of Changes
It is important that the personal information I hold about you is accurate and current. Please keep me informed if your personal information changes during your time as a patient with me.
Right To Withdraw Consent
Where you have provided consent to the collection, processing and transfer of your data, you have the right to withdraw that consent at any time. There will be no consequences for withdrawing your consent.
Automated Decision Making
No decision will be made about you solely on the basis of automated decision making (where a decision is taken about you using an electronic system without human involvement) which has a significant impact on you.
Data Controllers
With regards to GDPR Claire Shepherd BSc DC MBCA is the data controller, meaning that she determines the processes to be used when using your personal data. My contact details are as follows: Claire Shepherd BSc DC MBCA, 267 Stafford Road, Wallington, Surrey, SM6 9BX.
Cookie Policy
Cookies help identify your device, performance of typical actions on this website or when you are logged in to specific secure zones. I use strictly necessary and functional cookies to enable you to move around the website and to provide basic features. Tracking and performance cookies are used to provide a better overall user experience. Below are the type of cookies present on our website:
Strictly necessary cookies:
Some cookies are strictly necessary in enabling you to move around the website and use its most basic features. Without these cookies, for example, you would not be able to login to secure zones or keep track of your online shopping cart. These cookies can’t be disabled.
Tracking and other optional cookies:
I use performance and tracking cookies internally to enable me to provide you with a better user experience. Information supplied by these cookies helps me understand how visitors behave on the website, track unique visitors or time spent on the site, and on different web pages so that I can improve how I present content to you.
Questions And Complaints
If you have any questions or complaints about this Privacy Notice or how I handle your information, please contact me at hands-on@clairechiro.co.uk.
Alternatively, if I am unable to answer your questions you have the right to make a complaint to the supervisory authority in the UK for data protection matters, the Information Commissioner’s Office (ICO).