What is a Privacy Notice?
Under data protection law you have specific rights. To communicate these rights to you in a clear and concise manner, Devizes Chiropractice are providing you with this privacy notice.
Who We Are
We are Devizes Chiropractice of Keswick, 59 Longcroft Road, Devizes, Wiltshire SN10 3AT, telephone number 07514326129, email address claire@devizeschiropractice.co.uk. For the purposes of processing your personal data we are the Data Controller.
Data Protection Officer
Clinics processing special categories of personal data on a large scale must appoint a DPO. Devizes Chiropractice is considered a small scale business and therefore the decision has been made not to appoint a Data Protection Officer. Please contact the Data Controller for any assistance.
The Personal Data We Process and What We Do With It
We record and use the following categories of personal data: name, address, telephone numbers, email address, date of birth, health information including medical history, diagnosis and treatment data. Our lawful basis of processing this data is one of contract and, for the health information, the provision of health-related services as a chiropractic clinic. In addition, we will only examine or treat you with your explicit consent. As part of our booking system we send e-mail appointment confirmations, email and text massage reminders prior to appointments, if you would not like to receive these please inform us and we will amend our records.
Sharing Your Personal Data
We only share your personal data with your explicit consent, where, for example we need to contact your General Practitioner (GP) to refer for further investigations. Where third parties are used by us to store your personal data, we ensure they are compliant with the data protection law and any such data is not stored outside of the EU without the existence of a US-EU privacy shield.
We may disclose information about you for the following purposes:
- To the extent that we are required to do so by law
- In connection with any legal/ regulatory proceedings or prospective legal/ regulatory proceedings
- For insurance purposes
- In order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk)
During the COVID-19 Pandemic, if requested, your contact details may be shared with NHS Contact tracing should you be identified as a contact of a positive COVID-19 case at this clinic.
Retaining Your Personal Data
Whilst you are receiving treatment from our clinic we will continue to store and use your personal data. Once you have been discharged, we will be required to retain your personal data for a minimum of 8 years, for patients under 16 years of age we are required to retain your personal data until you turn 25 years old or 26 years old if 17 at last visit.
Your Rights
As we process your personal data, you have certain rights. These are a right of access, a right of rectification, a right of erasure and a right to restrict processing. You may request a copy of your data at any time. Please make such a request in writing or by email to the Data Controller, whose details are shown above. Please provide the following information: your name, address, telephone number, email address and details of the information you require. We will need to verify your identity so we may ask for a copy of your passport, driving license and/or recent utility bill. If you believe any of the personal data we hold on you is inaccurate or incomplete, please contact the clinic directly and any necessary corrections to your data will be made promptly. If you believe we should erase your data, please contact the Data Controller, whose details are shown above. If you wish us to stop storing or using your data, please contact the Data Controller, whose details are shown above.
Data Breaches
Should your personal data that we control be lost, stolen or otherwise breached, where this constitutes a high risk to your rights and freedoms, we will contact you without delay. We will give you the contact details of the Data Controller who is dealing with the breach, explain to you the nature of the breach and the steps we are taking to deal with it.
Should You Wish To Complain
You can contact the ICO via their website: www.ico.org.uk should you wish to make a complaint about the way we are processing your personal data.
Automated Decision Making and Profiling
We do not use any system which uses automated decision making or profiling in respect of your personal data.
Version 4 – 9th May 2021