GDPR 2018 PRIVACY NOTICE
Scope
This document refers to your personal data and how it is protected under The General Data Protection Regulation (GDPR) which became a legal requirement on 25 May 2018. GDPR is EU-wide legislation and is more extensive than its predecessor, the Data Protection Act. Organisations that hold personal data in electronic form are required to be registered with the Information Commissioners Office (ICO).
Collecting your Data
When you supply your personal details to Clapham Osteopath, they are stored and processed for several reasons
- We need to collect personal information about your health in order to provide you with the best possible treatment ( see treatment page here). Your request for treatment and our agreement to provide that care constitutes a contract. You can, of course, refuse to provide the information, but if you were to do that we would not be able to provide treatment.
- We have a “Legitimate Interest” in collecting that information, because without it we couldn’t do our job effectively and safely.
- We also think that it is important that we can contact you in order to confirm your appointments with us or to update you on matters related to your medical care. Again this constitutes “Legitimate Interest” for us and for you.
- Provided we have your consent, we may occasionally send you general health information in the form of articles, advice or newsletters. You may withdraw this consent at any time – just let us know by any convenient method.
Storing your Data
We have a legal obligation to retain your records for 8 years after your most recent appointment (or age 25, if this is longer), but after this period you can ask us to delete your records if you wish. After the statutory legal period of 8 years or age 25, we may decide to delete your data, where appropriate, or we may retain it, if it seems more likely that you will need to see us at some future date.
Your records are stored as follows:
on paper, within files in the clinic room; the premises are locked and alarmed when not attended.
electronically (“in the cloud”), using specialist “medical records” services. This provider has given us their assurance that they are fully compliant with GDPR and have signed the necessary agreement with us. Access to this data is password protected.
We may also have copies of letters sent/received to/from your GP, your Consultant/Surgeon, your Medical Insurance Company or other agencies; these may be held in paper form and/or stored on our password protected office computers.
We may also hold copies of your medical imaging in several media formats including transparency film, CD, on-line storage via The London Imaging Centre, and emailed picture format stored on our password protected office computers.
Sharing your Data
We will never share your data with anyone without your written consent. Only the following people/agencies will have routine access to your data:
- The “medical records” service who store and process our files
- Your practitioner(s) in order that they can provide you with appropriate treatment
- Other administrative staff, such as our book-keeper/filing clerk.
- Our reception staff and 3rd party answering services, because they organise our practitioners’ diaries, and coordinate appointments and reminders (but they do not have access to your medical notes)
- Occasionally, we may have to employ consultants to perform tasks which might give them access to your personal data (but not your medical notes).
We will ensure that all parties who access your data are fully aware that they must treat the information as confidential, and we will ensure that they sign a non-disclosure agreement and/or that they have their own GDPR privacy policy in place.
You have the right to see what personal data of yours we hold, and you can also ask us to correct any factual errors. Provided the legal minimum period has elapsed, you can also ask us to erase your records.
Consent
By agreeing to this privacy notice you are consenting to Clapham Osteopath using your personal data for the purposes outlined above. You can withdraw this consent at any time.
Complaints
We want you to be absolutely confident that we are treating your personal data responsibly, and that we are doing everything we can to make sure that the only people who can access that data have a genuine need to do so.
Of course, if you feel that we are mishandling your personal data in any way, you have the right to complain and we should respond within 30 days. Complaints need to be sent to the “Data Controller” as follows: Peter Gray, Clapham Osteopath, 2 Leppoc Road, Clapham, London SW4 9LT, telephone 07918 107393, email peter@claphamosteopath.co.uk
If you are not satisfied with our response, then you have the right to raise the matter with the ICO at Wycliffe House, Water Lane, Wilmslow SK9 5AF. You can find their website here or contact them by telephone on 0303 123 1113, or email at registration@ico.org.uk.