22-5-18-2902.jpg

Privacy Notice

I am required to collect and process personal and sensitive data as part of my statutory duty as a Chiropractor regulated by the General Chiropractic Council.

I collect information about your health to provide you with the best possible treatment. Your requesting treatment and my agreement to provide that care constitutes a contract. You could refuse to provide the information, but if you where to do that I would not be able to provide treatment.

 

I have a legitimate interest in collecting that information because without it I could not do my job effectively and safely.

 

I also think it is important that I contact you to confirm your appointments with me or to update you on matters related to your medical care.

Again, this constitutes legitimate interest, but this time it is your legitimate interest.

 

Provided I have your consent I may occasionally send you general health information in the form of articles, advice or newsletters. You may withdraw this consent at any time, just let me know by any convenient method.

 

I will process your data lawfully, fairly and in a transparent manner.

 

I am required to maintain patient records for a minimum of eight years after the last treatment.

 

Your data will not be shared with any third party without your express permission, however I may disclose information about you for the following purposes:

  • To the extent that I am required to do so by law

  • In connection with any legal/regulatory proceedings or prospective legal regulatory proceedings

  • For insurance purposes

  • In order to establish, exercise or defend my legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk) 

 

I store your data on a cloud-based patient management and accounts system, and I use a cloud-based rehabilitation software system to send you aftercare advice and exercises which will help you get the best out of your Chiropractic care. I have audited these systems data policies and are satisfied that they are in line with GDPR and that they actively store and handle data in a secure manner and aim to prevent unauthorised third parties gaining access to the information.

 

I am registered with the Information Commissioners Office (ICO) and will immediately inform the ICO in the event of any violation of the Data Protection Act.

 

You have the right to accesses the data held about you or to request erasure of the data (subject to the statutory 8-year retention period). You may request copies of your records if you wish.

 

You have the right to complain about how your data is being used. Should you wish to complain about how your data is being used, please contact the data controller, Greg MacNeillie in the first instance.

 

This privacy notice is kept under review and may be updated without notice.