Privacy

How We Collect Your Personal Information

You directly provide our company with most of the data we collect which is the personal data necessary to enable osteopathy treatment needs to be met

How We Use Personal Information

Purpose Of This Notice

This notice describes how we collect and use personal information about you, in accordance with the General Data Protection Regulation (GDPR), the Data Protection Act 2018 and any other national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK (“Data Protection Legislation”).

About Us

For the purpose of the Data Protection Legislation and this notice, we are the “data controller”. This means that we are responsible for deciding how we hold and use personal information about you. We are required under the Data Protection Legislation to notify you of the information contained in this privacy notice.

The Data We Collect

  • Name and date of birth

  • Next of kin

  • Email address

  • Phone numbers

  • Occupation

  • Medical history

  • Correspondence

  • Details of any complaints received

We keep an inventory of personal data we hold on our patients and this is available on request.

Information We Hold About You

We use it to contact you and to be able to provide you with the osteopathy service and to comply with our legal obligations

How We Store Your Data

Your data is stored securely in Cliniko. We will ask for your consent to keep the information and to contact you. Medical records will be kept for the statutory time and then destroyed. Data may be shared with third parties and we will ask you for your consent for this.

Retention Of Your Data

We will only retain your personal information for as long as is necessary to fulfil the purposes for which it is collected. When assessing what retention period is appropriate for your personal data, we take into consideration:

  • the requirements of our business and the services provided;

  • any statutory or legal obligations;

  • the purposes for which we originally collected the personal information;

  • the lawful grounds on which we based our processing;

  • the types of personal information we have collected.

Sharing Personal Information

We will share our personal information with third parties where we are required by law, with a regulator, with an insurer, where it is necessary to administer the relationship between us or where we have another legitimate interest in doing so.

Data Security

We have put in place commercially reasonable and appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business to know. They will only process your personal information on our instructions and are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Rights Of Access, Correction, Deletion And Restriction

Your duties to inform us of changes

It is important that the personal information we hold about you is accurate and current. Should your personal information change, please notify us of any changes that we need to be made aware of.

Your rights in connection with your personal information

You have a right to:

  • Access and have copies of your records.

  • Have inaccuracies deleted.

  • Have information about you erased.

  • Object to direct marketing.

  • Restrict the processing of your information, including automated decision-making.

  • Take your data to another practice or anywhere else.

Patients who wish to have inaccuracies deleted or to have information erased must speak to the physiotherapist who provided or provides their care.

You will not have to pay a fee to access your personal information (or to exercise any other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

Right To Withdraw Consent

Where you have provided your consent to the collection, processing and transfer of your personal information, you have the right to withdraw your consent at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your personal information for the purposes you originally agreed to, unless we have a legitimate basis for doing so in law.

Changes To This Notice

This privacy notice was last updated on 1 December 2021

Contact Us

If you have any questions regarding this notice or if you would like to speak to us about the manner in which we process your personal information, please email us at hello@surreyosteopathiccare.co.uk

You also have the right to make a complaint to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues, at any time. Website address http://ico.org.uk