Privacy Notice for Patients – Children & Adults
As a patient of Gilbert’s Coombe Chiropractic Clinic we will need to hold personal information about you and / or your child. This privacy notice is designed to tell you what you need to know about it
For the purposes of your personal information we are the data controller. Our contact details are:
Data Controller: Gilbert’s Coombe Chiropractic Clinic, Unit 4 Gilbert’s Coombe, New Portreath Road, Redruth TR16 4HG.
01209 204600 firstname.lastname@example.org
The Personal Data We Process & What We Do With It
We maintain records about your health and any treatment or care you have received here or previously. This includes but is not limited to:
• Details about you, such as your name, date of birth, address, contact telephone number, email address
• Any contact the clinic has had with you, such as appointments, payment received, clinic visits, advice given over the phone or email, emergency appointments etc.
• Details about your and/or your child’s medical history, GP, diagnosis, treatment and care
• Relevant information from other health care professionals
Our lawful basis for processing this data is one of contract and for the provision of health-related services as a chiropractic clinic. In addition we will only examine & treat you with your explicit consent.
The data is held solely for the purpose of providing safe & effective care. Clinicians & clinic staff will have access to your records to enable them to do their jobs. Every member of staff has a legal obligation to keep information about you confidential & is properly trained.
Most of our records are on paper, although some are electronic. We use a combination of working practices and technology to prevent accidental loss or access without your consent ensuring your information is kept confidential and secure.
Unless required to do so by law (when a court order is presented or there is an imminent risk to the life of yourself or others) we will never release your information to third parties without first obtaining written consent from you or your legal guardian.
Information may be used within the clinic for clinical audit purposes to monitor the quality of the services we provide. Where we do this, we take strict measures to ensure that individual patients cannot be identified.
Sometimes your information may be requested for research purposes – in such instances we will always obtain written consent from either you or your legal guardian before releasing such information.
To ensure your privacy we will not disclose any personal health information over the telephone, fax or email unless we are sure that we are communicating directly with you.
Your Duty To Inform Us Of Any Changes
In order to ensure that the personal data we hold in relation to you is accurate it is important that you keep us informed of any changes to your data – such as change of telephone number.
Retaining Your Personal Data
We are required to retain your personal data for a minimum of 8 years from the date of your last treatment. In the case of children it is until they are 25 years old (or 26 years old if they were 17 years old at the time of their last treatment)
Automated Decision Making & Profiling
We do not use any system which uses automated decision making or profiling in respect of your personal data.
Under the General Data Protection Legislation 2018 you have certain rights regarding your personal information. To exercise any of these rights please contact the Data Controller.
• Right to access:
You can request access to view or obtain copies of your personal & health data at any time. In order to request this you need to do the following:
• ïYour request must be made in writing to the data controller whose contact details are listed above & must include your name, address, telephone number, email address & details of the information you require
• ïWe will need to verify your identity so we may ask for photo ID in the form of your passport / driving licence &/or a recent utility bill
• ïThere is no charge for the first copy of your file provided direct to you. If this information is requested by a third party (such as solicitor or insurance company) there will be a small administration fee. The clinic has the right to charge for multiple or repeated requests for access to data
• ïWe are required to respond to you within 1 month
2. Request corrections:
If you believe any of the personal data we hold on you is inaccurate or incomplete please contact the clinic directly and any necessary corrections to your data will be made promptly.
3. Right of erasure:
If you consider there is no lawful basis for us to continue processing your data you can ask for that data to be deleted or removed.
4. Object to the processing of your data:
If our lawful basis for processing your data relates to a legitimate business interest (or third party interest) you can raise an objection to that interest. You can also object to us using your information for direct marketing purposes.
5. Request that processing restrictions be put in place:
If you believe that your information is being processed without a lawful reason or that the information is incorrect you can request that a freeze / restriction is placed on the processing of the information until your concerns are addressed.
6. Request a transfer of your personal data:
You can ask us to transfer your personal data to a third party.
Should your personal data that we control be lost, stolen or otherwise breached, where this constitutes a high risk to your rights & freedoms, we will contact you without delay. We will give you the contact details of the person dealing with the breach, explain to you the nature of the breach and the steps we are taking to rectify the situation.
Should You Wish To Complain
Should you have any concerns about how your information is managed at the clinic please contact the Clinic, the contact details are above.
If you are still unhappy following a review by the Data Controller then you can contact the Information Commissioner’s Office (ICO) via their website www.ico.gov.uk
I have read the privacy notice and understand how the clinic will store and use my information. I am aware of my rights and understand that I can opt not to receive information at any time.
Signed: ______________________________________________________ Date: _________________
Print Name: ____________________________________________________________________________
A full copy of our Data Protection Policy is available on request