Patient Privacy Policy
Bexleyheath Chiropractic Clinic Ltd is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be you can be identified, you are assured that it will only be used in accordance with this privacy statement and in accordance with the Data Protection Act 1998 and the General Data Protection Regulations as effective 25/05/2018.
The Bexleyheath Chiropractic Clinic is the controller and responsible for your personal data
This privacy notice aims to give you a summary on how The Bexleyheath Chiropractic Clinic collects and processes your personal data during and after your time as a patient.
The data that we may collect, use and store about you will include: Identity Data, Contact Data, Personal Data and Financial/Transactional Data.
We may use different methods to collect data from and about you including: Direct Contact and also Third Parties that may provide us with personal information to facilitate your treatment with us.
We have a ‘legitimate interest’ in collecting this information in order to provide you with the best, safest and most effective treatment. Your request for treatment and our agreement to provide that care constitutes a ‘contract’. You can refuse to provide the information but without it, we could not provide you with treatment.
To process your personal information we rely on the contractual ground and also the special condition which allows health professionals to process the data for the purposes of preventative or occupational medicine, and the provisions of health care treatment.
We also think that it is important that we can contact you in order to confirm your appointments with us, identify concerns and address questions, or to update you on matters related to your medical care.
Provided we have your ‘consent’, we may occasionally send you Clinic offers and general health information in the form of articles, advice or newsletters via the mediums of post, call, email or text, you may however withdraw this consent at any time.
We may have to share your personal data with other Third Parties: Professional Healthcare Practitioners, our UK Service Providers who provide IT and system administration services, our UK Professional Advisors which may include Auditors, Consultants, Accountants, Insurers, HM Revenue & Customs, Regulators and other UK Authorities.
We will not sell or lease your personal information to third parties.
We will never share your data with anyone who does not need access to your data without your written consent.
We have ‘a legal obligation’ to retain your records for 8 years after your most recent appointment (or age 25, if this is longer), but after this period you can ask us to delete your records if you wish. Otherwise, we will retain your records indefinitely in order that we can provide you with the best possible care should you need to see us at sometime future date.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We will store your records:
On paper in locked filing cabinets in our offices.
On our Clinic computers and laptops: all computers and laptops are password protected and backed up manually via a memory stick which is encrypted, password protected, locked away in our offices.
Our UK Service Providers have given us their assurances that they are fully compliant with the General Data Protection Regulations. All access to this data is password protected.
Occasionally it is necessary to physically transfer laptops or data between offices, to safeguard your information, all laptops and memory devices are password protected and transferred under direct supervision of the Clinic’s Management Team. No laptop or data will be left unattended until it is locked away securely.
We may monitor and record communications with you (such as telephone conversations and emails) for the purpose of quality assurance, training, fraud prevention and compliance.
Under certain circumstances, you have rights under data protection laws in relation to your personal data.
You have the ‘right’ to see what personal data we hold of yours and to ask us to correct any factual errors.
You have the ‘right’ to ask us to delete your records provided the legal minimum period of 8 years has elapsed.
You can decide ‘not’ to receive any marketing material that is not directly related to your specific treatment such as general health information, advice or newsletters and you can decide ‘how’ you want to receive this material.
If you have previously agreed to us using your personal information for marketing purposes, you have the right to ‘change’ your mind at any time.
It is important to us that you are confident that we are safeguarding and treating your personal data responsibly and we will always welcome any feedback and questions you may have.
If you would like to exercise any of the above rights or believe that any information we are holding on you is incorrect, incomplete or wish to raise a concern about the handling of your personal data then please contact us as soon as possible at Bexleyheath Chiropractic Clinic, 302A Broadway, Bexleyheath, Kent, DA6 8AH in writing or email at: info@bhchiro.co.uk.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).
As we may change this Policy from time to time, you should ensure that you periodically check this Policy in its entirety.