The new EU General Data Protection Regulation (GDPR) has meant a change in the laws regarding data protection in the UK. As a result, we wanted to inform you what your rights are in regards to your data and how we use your personal data.
Precision Chiropractic needs to gather and use certain information about individuals, including medical records (such as X-rays and scans), addresses, telephone numbers and email addresses etc. This enables us to contact patients in regards to their care as well as implement and monitor progress of treatment.
We are committed to protecting the rights and privacy of clients in accordance with the Data Protection Act, Please see below our Privacy Notice should you wish to read it.
PRIVACY NOTICE PROVIDED BY PRECISION CHIROPRACTIC
This privacy notice explains what personal data (information) we hold about you, how we collect it, how we use it and how long we retain it for. We are required to notify you of this information under the General Data Protection Regulation (2018).
Please ensure you read this notice (sometimes referred to as a “privacy notice”) and any other similar notice we may provide to you from time to time when we collect or process personal information about you. This privacy notice contains important information on who we are; how and why we collect, store, use and share personal information, your rights in relation to your personal information and how to contact us in the event you have a complaint.
1. Who we are
Precision Chiropractic collects, uses and is responsible for certain personal information about you. When we do so we are regulated under the General Data Protection Regulation which applies across the European Union (including in the United Kingdom) and we are responsible as ‘controller’ of that personal information for the purposes of those laws.
In this privacy notice, references to “we” or “us” means Precision Chiropractic.
2. Data Protection Principles
We will comply with the data protection principles when gathering and using personal information, as set out in our GDPR data protection policy.
3. The personal information we collect, receive and use: information collected by us
We may collect the following personal information when provided to us: Name, contact details, date of birth, gender, property address, telephone numbers and e-mail addresses. The source of this data is you and is provided at the time of registering to use our site and at your initial spinal examination.
The personal data may be processed for the purposes of operating our website, providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.
4. Who we share your personal information with
We may disclose your personal data to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, or the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
In addition to the specific disclosures of personal data set out in this section, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
5. Where your personal information may be held and how long it will be kept
Information will be held at our office/clinic. We have security measures in place to seek to ensure that there is appropriate security for information we hold.
Personal data category or categories will be retained for a minimum period of 8 years after their last consultation.
If a patient is a child, until their 25th birthday.
6. Your rights
Under the General Data Protection Regulation you have a number of important rights free of charge. In summary, those include rights to:
- fair processing of information and transparency over how we use your use personal information
- access to your personal information and to certain other supplementary information that this Privacy Notice is already designed to address
- require us to correct any mistakes in your information which we hold
- require the erasure of personal information concerning you in certain situations
- receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
- object at any time to processing of personal information concerning you for direct marketing
- object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
- object in certain other situations to our continued processing of your personal information
- otherwise restrict our processing of your personal information in certain circumstances
- claim compensation for damages caused by our breach of any data protection laws
For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individual’s rights under the General Data Protection Regulation.
If you would like to exercise any of those rights, please contact us:
(a) By post, to the postal address published on our website
(b) By telephone, on the contact number published on our website
(c) By email, using the email address published on our website
7. Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
8. How to complain
We hope that we can resolve any query or concern you raise about our use of your information. The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone.
9. Changes to this privacy notice
This privacy notice was published in May 2018 and last updated on 10 May 2018. We may change this privacy notice from time to time, updated privacy notices will always be easily accessible on our website. http://www.precisionchiropractic.co.uk/