When you supply your personal details to us they are stored and processed for a number of different reasons. (the bits in bold below are the relevant terms used in the General Data Protection Regulations 2018)
- We need to collect information about you and your health in order for us to provide you with safe and effective treatment. Having an appointment and us providing care at the clinic constitutes a contract. You are obviously allowed to refuse to give us this information however that would mean we would not be able to provide treatment.
- We have a “legitimate interest” in collecting that information because without it we couldn’t do our job effectively and safely. You also have a legitimate interest in us holding contact information so we are able to confirm appointments for you and contact you if needed on matters relating to your care.
- Provided we have your consent we may occasionally send you general health information in the form of articles, advice or newsletters. You may withdraw this consent at any time and it will not have any bearing on your ability to receive treatment at the clinic. Just let us know by any method that is convenient for you.
- We have a legal obligation to retain your records for 8 years after your most recent appointment (or age 25 if this is longer) but after this time you can ask to delete your records if you wish.
How your records are stored
- Paper records are stored in a locked filling cabinet and the clinic office is always locked and alarmed outside of working hours.
- We also hold records electronically. These are stored “in the cloud” using a specialist medical records service. This provider has shown that they are compliant with the General data protection regulation. Your data is heavily encrypted to ensure it is secure (similar to online banking) Access to this data is password protected.
- We may also use mailchimp or Mailerlite to co-ordinate some of our messages and so your name and e-mail may be stored on their server.
We will never share your data with anyone without your written permission. We may inform your GP or an insurance companies of some of our findings and treatment you have received. However we only do this with your written permission.
Only the following people will have access to your data
- Your practitioner in order that they can provide you with treatment.
- Our reception company and administration staff, because they organise our practitioners diaries so book in appointments and carry out other administration tasks (they do NOT have access to your medical history or sensitive personal data)