Wakefield Chiropractic Clinic
Patient privacy statement Version 1.1 11 May 2018
Wakefield Chiropractic Clinic is aware of its obligations under the General Data Protection Regulation (GDPR) and is committed to protecting the privacy and security of your personal information. This privacy notice describes, in line with GDPR, how we collect and use personal data about you during and after your time as a patient of this clinic. It also sets out how we use that information, how long we keep it for and other relevant information about your data. This notice applies to current and former patients.
Data controller details
The Clinic is a data controller, meaning that it determines the processes to be used when using your personal data. Our contact details are as follows:
Wakefield ChiropracticClinic, 26 Leeds Road, St Johns, Wakefield, WF1 3JL. Tel No. 01924 200805/201530. Email address: firstname.lastname@example.org.
Data protection principles
In relation to your personal data, we will comply with data protection law. This says that the personal information we hold about you must be:
- processed fairly, lawfully and in a clear, transparent way and collected only for valid reasons that we find proper for the course of your time as a patient and not used in any way that is incompatible with those purposes
- only used in the way that we have told you about
- accurate and up to date
- kept only as long as is necessary for the purposes we outline
- process it in a way that ensures it will not be used for anything that you are not aware of or have consented to (as appropriate), lost or destroyed
- kept securely
Types of information we hold about you
Personal data or information means any information about an individual from which that person can be identified. It does not include data where the identity has been removed.
We hold many types of data about you, including your name, address, date of birth, email address, phone numbers
- marital status
- personal medical or health information, including past medical history
- information concerning examination and treatment at your first and subsequent visits
- letters of referral to or from the clinic regarding your treatment with us.
As with all cases of seeking consent from you, you will have full control over your decision to give or withhold consent and there will be no consequences where consent is withheld. Consent, once given, may be withdrawn at any time. There will be no consequences where consent is withdrawn.
How we collect your data
This will usually start when you make an enquiry to the clinic and continue when you attend your first and subsequent appointments. At this clinic, we keep paper records. Information we write down on paper may be transferred to our electronic system. We may receive information about you from your GP or other health care provider regarding your referral or, with your permission, additional information that will help us continue with your treatment. We may also hold the results of tests that you have undertaken and that are relevant to your treatment with the clinic.
Why we process your data (How we will use information about you)
The law on data protection allows us to process your data for certain reasons only, these are classified as legitimate interests. Most commonly, we will use your personal information in the following circumstances:
- In order for us to carry out our contract with you (your requesting treatment and our agreement to provide it constitutes a contract), which will include confirming appointments, informing you of changes to appointments or clinic arrangements.
- In order to provide you with the best possible treatment by recording health and treatment information which would be in your best interest.
- In order to carry out legally required duties such as those required by me by my government appointed regulator
If you do not provide your data to us
One of the reasons for processing your data is to allow us to carry out our duties in line with your contract of care with us to ensure your best interests are being maintained.
Change of purpose If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Automated decision making, no decision will be made about you solely on this basis.
Sharing your data Your data will be shared with colleagues within the Clinic but only where it is necessary for them to undertake their duties. This includes, for example, other chiropractors working for, at or on behalf of the clinic and reception staff handling your records. We may share your data with third parties in order to facilitate a referral to another healthcare practitioner or to keep your GP informed about
your progress with treatment. We may also share your data with third parties as part of a Clinic sale or restructure, or for other reasons to comply with a legal obligation upon us. We would always keep you informed of these situations.
Transferring information outside the EU
We do not share your data with bodies outside of the European Economic Area.
Data Security – Protecting your data
We have put in place measures to protect the security of your information against accidental loss or disclosure, alteration, unauthorised access, destruction or abuse. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality and in line with GDPR requirements.
How long we keep your data
The Chiropractic regulator legally requires us to keep your data for eight years after your time as a patient has ended. To determine the appropriate retention period for personal data beyond eight years we consider the amount, nature, and sensitivity of the personal data. Once we no longer have a lawful use for retaining your information, we will dispose of it in a secure manner than maintains data security.
Your duty to inform us of changes It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your time as a patient with us.
Your rights in relation to your data
The law on data protection gives you certain rights in relation to the data we hold on you.
- the right of access. You have the right to access the data that we hold on you. To do so, you should make a subject access request.
- rectification, the right for any inaccuracies to be corrected. If any data that we hold about you is incomplete or inaccurate, you can require us to correct it.
- the right to be informed. This means that we must tell you how we use your data, and this is the purpose of this privacy notice. We also must inform you of any changes to how we use your data.
- the right to have information deleted. If you would like us to stop processing your data, you have the right to ask us to delete it from our systems where you believe there is no reason for us to continue processing it.
- the right to restrict the processing of the data. For example, if you believe the data we hold is incorrect, we will stop processing the data (whilst still holding it) until we have ensured that the data is correct.
- the right to portability. You may request transfer the data that we hold on you for your own purposes.
If you want to access your data, review, verify or correct your data, request we erase your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please make the request in writing or to the email email@example.com. Please provide the following information: your name, address, telephone number, email address and proof of ID together with the information you require and we will respond within 40 days.
Fees You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee for a second or subsequent copy of information or if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
Right to withdraw consent
Where you have provided consent to the collection, processing and transfer of your data, you have the right to withdraw that consent at any time. However, in some cases, we may continue to use the data where so permitted by having a legal reason for doing so.
To withdraw consent, contact Mrs Dawn Corlet atWakefield ChiropracticClinic
Should You Wish To Complain The supervisory authority in the UK for data protection matters is the Information Commissioner (ICO). Contact Mrs Dawn Corlet, in the first instance. If you are still unhappy following a review by Clinic Principal, Don Corlet, you can complain to the Information Commissioner’s Office via their website (www.ico.gov.uk)
To read this Privacy Statement please click the link to it on our Website: