We are required to collect and process personal and sensitive data as part of our statutory duties as Chiropractors regulated by the General Chiropractic Council.
We collect information about your health to provide you with the best possible treatment. Your requesting treatment and our agreement to provide that care constitutes a contract. You could refuse to provide the information, but if you where to do that we would not be able to provide treatment.
We have a legitimate interest in collecting that information because without it we could not do our job effectively and safely.
We also think it is important that we contact you to confirm your appointments with us or to update you on matters related to your medical care.
Again, this constitutes legitimate interest, but this time it is your legitimate interest.
Provided we have your consent we may occasionally send you general health information in the form of articles, advice or newsletters. You may withdraw this consent at any time, just let us know by any convenient method.
We will process your data lawfully, fairly and in a transparent manner.
We are required to maintain patient records for a minimum of eight years after the last treatment.
Your data will not be shared with any third party without your express permission.
Within the clinic, only clinicians and receptionists have access to patient data to fulfil their roles within the clinic.
We store your data on a cloud-based patient management and accounts system, and we use a cloud-based rehabilitation software system to send you aftercare advice and exercises which will help you get the best out of your Chiropractic care. We have audited these systems data policies and are satisfied that they are in line with GDPR and that they actively store and handle data in a secure manner and aim to prevent unauthorised third parties gaining access to the information.
We are registered with the Information Commissioners Office (ICO) and will immediately inform the ICO in the event of any violation of the Data Protection Act.
You have the right to accesses the data held about you or to request erasure of the data (subject to our statutory 8-year retention period). You may request copies of your records if you wish.
You have the right to complain about how your data is being used. Should you wish to complain about how your data is being used, please contact the data controller, Greg MacNeillie in the first instance.
This privacy notice is kept under review and may be updated without notice.