GDPR PRIVACY STATEMENT
(Why we collect your personal data and what we do with it)
When you supply your personal details to this clinic they are stored and processed for 4 reasons (the bits in bold are the relevant terms used in the General Data Protection Regulation – ie the law):
- We need to collect personal information about your health in order to provide you with the best possible treatment. Your requesting treatment and our agreement to provide that care constitutes a contract. You can, of course, refuse to provide the information, but if you were to do that we would not be able to provide treatment.
- We have a “Legitimate Interest” in collecting that information, because without it we couldn’t do our job effectively and safely.
- We also think that it is important that we can contact you in order to confirm your appointments with us or to update you on matters related to your medical care. This again constitutes “Legitimate Interest”, but this time it is your legitimate interest.
- Provided we have your consent, we may occasionally send you general health information in the form of articles, advice or newsletters. You may withdraw this consent at any time – just let us know by any convenient method.
In order that we can provide you with the best possible care we retain your records for an undefined period. We frequently have patients that return after a lapse of 10 plus years, should you need to see us at some future date these notes can prove invaluable.
Your records are stored:
- Electronically on our computers. Data back-up is encrypted on an online secure server.
All our computers are password protected with additional levels of password protection applied to programmes containing personal data. The computers are monitored daily for security breaches or unusual parameters and we maintain up to date firewalls and virus and malware protection. All staff are trained in safe computer use.
- Physical copies of information are stored in the office in locked filing cabinets, and the offices are always locked out of working hours. Information not currently in use is archived. The archive storage facility is itself locked.
We will never share your data with anyone who does not need access without your written consent. We will only share your information where we need to:
- In order to carry out our duties, for example, contacting your GP or insurance provider.
• If compelled in order to meet legal obligations, regulations or valid government requests.
Only the following will have routine access to your data:
- Your practitioner(s) in order that they can provide you with treatment.
- Reception staff, because they organise our practitioner’s diaries, coordinate appointments and reminders, type up your notes and file documents and image records.
From time to time, we may have to employ consultants to perform tasks which might give them access to your personal data (but not your medical notes). We will ensure that they are fully aware that they must treat that information as confidential.
We may occasionally also act on your behalf in the capacity as data processor, in promoting other practitioners based at our premises, but who may not be employed by us.
Some basic personal data may be collected about you from the marketing forms and surveys you complete, from records of our correspondence or phone calls and details of your visits to our websites including, but not limited to, personally identifying information like Internet Protocol (IP).
You have the right to see what personal data of yours we hold, and you can also ask us to correct any factual errors.
We want you to be absolutely confident that we are treating your personal data responsibly, and that we are doing everything we can to make sure that the only people who can access that data have a genuine need to do so.
Of course, if you feel that we are mishandling your personal data in some way, you have the right to complain. Complaints need to be sent to what is referred to in the jargon as the “Data Controller”. Here are the details you need for that:
Peter Pukacz – Pukacz Practice Osteopaths Ltd, 2 Burley Street, Elland, West Yorkshire
If you are not satisfied with our response, then you have the right to raise the matter with the Information Commissioner’s Office (ICO), Wycliffe House, Water Lane, Wilmslow, SK9 5AF.