What is a Privacy Notice?
ABC Chiropractic is aware of its obligations under the General Data Protection Regulation (GDPR) and is committed to processing your data securely and transparently. This privacy notice sets out, in line with GDPR, the types of data that we hold about you. It also sets out how we use that information, how long we keep it for and other relevant information about your data. This notice applies to current and previous patients of the clinic.
Data Controller Details
ABC Chiropractic Clinic is a data controller, meaning that it determines the processes to be used when using your personal data. Our contact details are ABC Chiropractic Clinic, 350B Lanark Road West, Currie, Edinburgh EH14 5RR, telephone number 0131 629 4142, email address email@example.com.
The Personal Data We Process and What We Do with It
We record and use the following categories of personal data which include: name, address, telephone numbers, date of birth and health data relevant for treating you at our clinic. Our lawful basis for storing and using this data is consent and we are allowed to store and use your health data as we are a recognised health care provider. We have a ‘legitimate interest’ in collecting this information, because without it we couldn’t do our job effectively and safely.
We also think that it is important that we can contact you to confirm your appointments with us or to update you on matters related to your medical care. This again constitutes ‘legitimate Interest’, but this time it is your legitimate interest.
Provided we have your consent, we may occasionally send you general health information in the form of articles, advice, or newsletters. You may withdraw this consent at any time.
How We Obtained Your Data
Your personal data has been collected directly from you, starting with our new patient consultation forms, our consent for treatment forms, and other health information given to the chiropractor on the initial consultation visit. We record data as we proceed with regards to progress and treatment regimen. This data is stored on paper files in secure locked filing cabinets and access is controlled to minimise the risk of a data breach.
We use a cloud-based diary system that is also GDPR compliant. Access to this data is password protected, and the passwords are changed regularly.
Automated Decision Making and Profiling
We do not use any system which uses automated decision making or profiling in respect of your personal data.
Sharing Your Personal Data
Your data will be shared with staff within the ABC Chiropractic Clinic where it is necessary for them to undertake their duties. We do not share your data with any third parties.
We only share your personal data with your explicit consent, where, for example we to refer you to your GP or consultant.
We will not disclose any information about you to any third party without your consent, or in the case of a child’s information the parental consent, unless there are exceptional circumstances where the law requires information to be passed on and/or in accordance with the Caldicott principles.
Retaining Your Personal Data
We will retain your data for a period of 8 years after your last treatment as this is a GCC requirement of a registered Chiropractor in the UK.
As we process your personal data, you have certain rights. These are a right of access, a right of rectification, a right of erasure and a right to restrict processing.
You may request a copy of your data at any time. Please make such a request in writing or by email to the clinic, whose details are shown above. Please provide the following information: your name, address, telephone number, email address and details of the information you require.
If you believe any of the personal data we hold about you is inaccurate or incomplete, please contact us directly and any necessary corrections to your data will be made without undue delay.
If you believe we should erase your data, please contact the clinic, whose details are shown above.
If you wish us to stop storing or using your data, please contact the clinic, whose details are shown above.
Where you have provided explicit consent for us to use your data you have a right to withdraw this consent at any time.
You have the right to object to the way we use your data where we are using it for our legitimate interests.
Should your personal data that we control be lost, stolen or otherwise breached, where this constitutes a high risk to your rights and freedoms, we will contact you without delay. We will give you the contact details of the Data Protection Officer who is dealing with the breach, explain to you the nature of the breach and the steps we are taking to deal with it.
Should You Wish to Complain
You can contact the Scottish Chiropractic Association if you have concerns or wish to make a complaint about the way we are processing your data by emailing firstname.lastname@example.org