Dynamic Chi­ro­prac­tic patient pri­vacy statement

Dynamic Chi­ro­prac­tic is aware of its oblig­a­tions under the Gen­eral Data Pro­tec­tion Reg­u­la­tion (GDPR) and is com­mit­ted to pro­tect­ing the pri­vacy and secu­rity of your per­sonal infor­ma­tion. This pri­vacy notice describes, in line with GDPR, how we col­lect and use per­sonal data about you dur­ing and after your time as a patient of this clinic. It also sets out how we use that infor­ma­tion, how long we keep it for and other rel­e­vant infor­ma­tion about your data.

This notice applies to cur­rent and for­mer patients.

Data con­troller details

The Clinic is a data con­troller, mean­ing that it deter­mines the processes to be used when using your per­sonal data. Our con­tact details are as fol­lows: Dr Dou­glas Clark, Chel­tenham House, Dynamic Chi­ro­prac­tic, 1 Chel­tenham Drive, Sale, Cheshire, M33 2DQ

Data pro­tec­tion principles

In rela­tion to your per­sonal data, we will com­ply with data pro­tec­tion law. This says that the per­sonal infor­ma­tion we hold about you must be:

processed fairly, law­fully and in a clear, trans­par­ent way

col­lected only for valid rea­sons that we find proper for the course of your time as a patient and not used in any way that is incom­pat­i­ble with those pur­pos­esonly used in the way that we have told you aboutac­cu­rate and up to datekept only as long as is nec­es­sary for the pur­poses we out­line process it in a way that ensures it will not be used for any­thing that you are not aware of or have con­sented to (as appro­pri­ate), lost or destroyed kept securely

Types of infor­ma­tion we hold about you

Per­sonal data or infor­ma­tion means any infor­ma­tion about an indi­vid­ual from which that per­son can be iden­ti­fied. It does not include data where the iden­tity has been removed.

We hold many types of data about you, including:

your per­sonal details includ­ing your name, address, date of birth, email address, phone num­bers­gen­der mar­i­tal sta­tu­soc­cu­pa­tion­num­ber and age of chil­dren­per­sonal med­ical or health infor­ma­tion, includ­ing past med­ical his­to­ry­in­for­ma­tion con­cern­ing exam­i­na­tion and treat­ment at your first and sub­se­quent vis­its­bank­ing or finan­cial infor­ma­tion (e.g. card pay­ment receipts)letters of refer­ral to or from the clinic regard­ing your treat­ment with us.

Spe­cial cat­e­gories of data

There are “spe­cial cat­e­gories” of more sen­si­tive per­sonal data which require a higher level of pro­tec­tion, such as infor­ma­tion about a person’s health or sex­ual orientation.

We will use your spe­cial cat­e­gory data (health):

· to ensure the care you receive at the clinic is appro­pri­ate to your condition

· to deter­mine rea­son­able adjust­ments that should be made for access to the clinic or to treatment

We must process spe­cial cat­e­gories of data in accor­dance with more strin­gent guide­lines. We will process spe­cial cat­e­gories of data when the fol­low­ing applies:

· you have given explicit con­sent to the pro­cess­ing (on our con­sent form)

· we must process the data in order to carry out our legal obligations

· we must process data for rea­sons of sub­stan­tial pub­lic interest

Less com­monly, we may process this type of infor­ma­tion where it is needed in rela­tion to legal claims or where it is needed to pro­tect your inter­ests (or some­one else’s inter­ests) and you are not capa­ble of giv­ing your con­sent, or where you have already made the infor­ma­tion public.

As with all cases of seek­ing con­sent from you, you will have full con­trol over your deci­sion to give or with­hold con­sent and there will be no con­se­quences where con­sent is with­held. Con­sent, once given, may be with­drawn at any time. There will be no con­se­quences where con­sent is withdrawn.

How we col­lect your data

We col­lect data about you in a vari­ety of ways and this will usu­ally start when you make an enquiry to the clinic and con­tinue when you attend your first and sub­se­quent appoint­ments. At this clinic, we keep paper and elec­tronic records. Infor­ma­tion we write down on paper may be trans­ferred to our elec­tronic sys­tem. We may receive infor­ma­tion about you from your GP or other health care provider regard­ing your refer­ral or, with your per­mis­sion, addi­tional infor­ma­tion that will help us con­tinue with your treat­ment. We may also hold the results of tests that you have under­taken and that are rel­e­vant to your treat­ment with the clinic. Per­sonal data is kept secure in line with GDPR reg­u­la­tions at our clinic.

Why we process your data (How we will use infor­ma­tion about you)

The law on data pro­tec­tion allows us to process your data for cer­tain rea­sons only, these are clas­si­fied as legit­i­mate inter­ests. Most com­monly, we will use your per­sonal infor­ma­tion in the fol­low­ing circumstances:

· in order for us to carry out our con­tract with you (your request­ing treat­ment and our agree­ment to pro­vide it con­sti­tutes a con­tract) which will include con­firm­ing appoint­ments, inform­ing you of changes to appoint­ments or clinic arrange­ments, changes to facil­i­ties or ser­vices at the clinic.

· in order to pro­vide you with the best pos­si­ble treat­ment by record­ing health and treat­ment infor­ma­tion which would be in your best interest.

· in order to carry out legally required duties such as those required by me by my gov­ern­ment appointed regulator

· where it is nec­es­sary for our legit­i­mate inter­ests and your inter­ests and fun­da­men­tal rights do not over­ride those interests

We may use your per­sonal infor­ma­tion in these rare situations:

· where we need to pro­tect your or some­one else’s interests

· where it is needed in the pub­lic inter­est or for offi­cial purposes

Sit­u­a­tions in which we will use your per­sonal information

We need all the cat­e­gories of infor­ma­tion to pri­mar­ily allow us to per­form our con­tract of treat­ment with you and to enable us to com­ply with legal obligations.

If you do not pro­vide your data to us

One of the rea­sons for pro­cess­ing your data is to allow us to carry out our duties in line with your con­tract of care with us. If you do not pro­vide us with the data needed to do this, we will be unable to per­form that care to ensure your best inter­ests are being main­tained. We may also be pre­vented from con­tin­u­ing with your treat­ment with us due to our legal obligations.

Change of purpose

We will only use your per­sonal infor­ma­tion for the pur­poses for which we col­lected it unless we rea­son­ably con­sider that we need to use it for another rea­son and that rea­son is com­pat­i­ble with the orig­i­nal pur­pose. If we need to use your per­sonal infor­ma­tion for an unre­lated pur­pose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your per­sonal infor­ma­tion with­out your knowl­edge or con­sent, in com­pli­ance with the above rules, where this is required or per­mit­ted by law.

Auto­mated deci­sion making

No deci­sion will be made about you solely on the basis of auto­mated deci­sion mak­ing (where a deci­sion is taken about you using an elec­tronic sys­tem with­out human involve­ment) which has a sig­nif­i­cant impact on you.

Shar­ing your data

Your data will be shared with col­leagues within the clinic but only where it is nec­es­sary for them to under­take their duties. This includes, for exam­ple, other Chi­ro­prac­tors and Phys­io­ther­a­pists work­ing for, at or on behalf of the clinic, recep­tion and office staff.

We may share your data with third par­ties in order to facil­i­tate a refer­ral to another self-​employed Chi­ro­prac­tor, Physio, health­care prac­ti­tioner, for fur­ther inves­ti­ga­tions or to keep your GP informed about your progress with treatment.

We may also share your data with third par­ties as part of a clinic sale or restruc­ture, or for other rea­sons to com­ply with a legal oblig­a­tion upon us. We would always keep you informed of these situations.

Trans­fer­ring infor­ma­tion out­side the EU

We do not share your data with bod­ies out­side of the Euro­pean Eco­nomic Area.

Data Secu­rity — Pro­tect­ing your data

We have put in place mea­sures to pro­tect the secu­rity of your infor­ma­tion against acci­den­tal loss or dis­clo­sure, alter­ation, unau­tho­rised access, destruc­tion or abuse. We have imple­mented processes to guard against such. In addi­tion, we limit access to your per­sonal infor­ma­tion to those employ­ees, agents, con­trac­tors and other third par­ties who have a busi­ness need to know. They will only process your per­sonal infor­ma­tion on our instruc­tions and they are sub­ject to a duty of confidentiality.

Where we share your data with third par­ties, we pro­vide writ­ten instruc­tions to them to ensure that your data is held securely and in line with GDPR require­ments. Third par­ties must imple­ment appro­pri­ate tech­ni­cal and organ­i­sa­tional mea­sures to ensure the secu­rity of your data.

How long we keep your data for

In line with data pro­tec­tion prin­ci­ples, we only keep your data for as long as we need it for, which will be at least for the dura­tion of your being a patient with us and we are legally required, by the Chi­ro­prac­tic reg­u­la­tor, to keep this data for eight years after your time as a patient has ended. To deter­mine the appro­pri­ate reten­tion period for per­sonal data beyond eight years we con­sider the amount, nature, and sen­si­tiv­ity of the per­sonal data, the poten­tial risk of harm from unau­tho­rised use or dis­clo­sure of your per­sonal data, the pur­poses for which we process your per­sonal data and whether we can achieve those pur­poses through other means and the applic­a­ble legal requirements.

Once we no longer have a law­ful use for retain­ing your infor­ma­tion, we will dis­pose of it in a secure man­ner that main­tains data security.

In some cir­cum­stances we may anonymise your per­sonal infor­ma­tion so that it can no longer be asso­ci­ated with you, in which case we may use such infor­ma­tion with­out fur­ther notice to you.

Your duty to inform us of changes

It is impor­tant that the per­sonal infor­ma­tion we hold about you is accu­rate and cur­rent. Please keep us informed if your per­sonal infor­ma­tion changes dur­ing your time as a patient with us.

Your rights in rela­tion to your data

The law on data pro­tec­tion gives you cer­tain rights in rela­tion to the data we hold on you:

· the right of access. You have the right to access the data that we hold on you. To do so, you should make a sub­ject access request. Find out how to do this from Dr Dou­glas Clark at Dynamic Chi­ro­prac­tic, Chel­tenham House, 1 Chel­tenham Drive, Sale, Cheshire, M33 2DQ

· the right for any inac­cu­ra­cies to be cor­rected. If any data that we hold about you is incom­plete or inac­cu­rate, you can require us to cor­rect it.

· the right to be informed. This means that we must tell you how we use your data, and this is the pur­pose of this pri­vacy notice. We also must inform you of any changes to how we use your data.

· the right to have infor­ma­tion deleted. If you would like us to stop pro­cess­ing your data, you have the right to ask us to delete it from our sys­tems where you believe there is no rea­son for us to con­tinue pro­cess­ing it.

· the right to restrict the pro­cess­ing of the data. For exam­ple, if you believe the data we hold is incor­rect, we will stop pro­cess­ing the data (whilst still hold­ing it) until we have ensured that the data is correct.

· the right to porta­bil­ity. You may request trans­fer the data that we hold on you for your own purposes.

If you want to access your data, review, ver­ify or cor­rect your data, request we erase your per­sonal infor­ma­tion, object to the pro­cess­ing of your per­sonal data, or request that we trans­fer a copy of your per­sonal infor­ma­tion to another party, please con­tact Dr Dou­glas Clark at Dynamic Chi­ro­prac­tic, Chel­tenham House, 1 Chel­tenham Drive, Sale, Cheshire, M33 2DQ in writing.

Fees

You will not have to pay a fee to access your per­sonal infor­ma­tion (or to exer­cise any of the other rights). How­ever, we may charge a rea­son­able fee for a sec­ond or sub­se­quent copy of infor­ma­tion or if your request for access is clearly unfounded or exces­sive. Alter­na­tively, we may refuse to com­ply with the request in such circumstances.

What we may need from you

We may need to request spe­cific infor­ma­tion from you to help us con­firm your iden­tity and ensure your right to access the infor­ma­tion (or to exer­cise any of your other rights). This is a secu­rity mea­sure to ensure that per­sonal infor­ma­tion is not dis­closed to any per­son who has no right to receive it.

Right to with­draw consent

Where you have pro­vided con­sent to the col­lec­tion, pro­cess­ing and trans­fer of your data, you have the right to with­draw that con­sent at any time. There will be no con­se­quences for with­draw­ing your con­sent. How­ever, in some cases, we may con­tinue to use the data where so per­mit­ted by hav­ing a legit­i­mate legal rea­son for doing so.

To with­draw con­sent, con­tact Dr Dou­glas Clark at Dynamic Chi­ro­prac­tic, Chel­tenham House, 1 Chel­tenham Drive, Sale, Cheshire, M33 2DQ

Mak­ing a complaint

If you have any ques­tions about this Pri­vacy Notice or how we han­dle your infor­ma­tion, please con­tact the Clinic’s Data Pro­tec­tion Dr Dou­glas Clark at Dynamic Chi­ro­prac­tic, Chel­tenham House, 1 Chel­tenham Drive, Sale, Cheshire, M33 2DQ.

You have the right to make a com­plaint at any time to the super­vi­sory author­ity in the UK for data pro­tec­tion mat­ters, the Infor­ma­tion Commissioner’s Office (ICO).