Keeping Your Information Safe and Sound
At Chatteris Osteopaths we will always provide two things when it comes to data:
Transparency – we will always clearly explain what data we are collecting about you and why. We will only collect data in order to enable us to treat you professionally and effectively, to improve our services and to fulfil our responsibilities as a health care provider.
Trust – your trust is very important to us. So we are committed to keeping your data safe and secure.
We promise to never sell your personal details and to only use your data for marketing purposes or to share it with medical services beyond the clinic if you have given us consent to do so.
It is important that the personal data we hold about you is accurate and up to date. Please keep us informed if your personal data changes during your relationship with us.
THE DATA WE COLLECT ABOUT YOU
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use and store different kinds of personal data about you which we have grouped together as follows:
HOW IS YOUR PERSONAL DATA COLLECTED?
We only collect data about you through direct interactions.
When you book an appointment with us (either in person, over the phone or via e-mail or Facebook) then we will ask for your identity data, contact data and marketing data.
When you see one of our practitioners (either for osteopathy, sports therapy, chiropody or massage therapy) then we will ask about medical data. At the end of each appointment then your treatment history data will be logged on our computer system.
We do not sell or share data with third parties.
HOW WE USE YOUR PERSONAL DATA
We will only use your personal data in relation to appointments with us or when contacting you (with express consent) with our direct marketing.
You can ask us to stop sending you marketing messages at any time by unsubscribing using the button on the marketing e-mails or by e-mailing us at email@example.com and asking us to remove you from our mailing list.
Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of an appointment or treatment. I.e. we will still hold your e-mail address for the purposes of sending you appointment confirmations.
CHANGE OF PURPOSE
We will only use your personal data for the purposes for which we collected it. Should we feel that we need to refer your case to another healthcare provider – such as a GP or a hospital then this will be discussed with you by your practitioner and we will ask for your express consent to do so.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
You acknowledge that the Internet is not a completely secure medium for communication and, accordingly, we cannot guarantee the security of any information you send to us (or we send to you) via the Internet.
HOW LONG WILL YOU USE MY PERSONAL DATA FOR?
We are legally obliged to retain your data for eight years, or if you visit us as a child, until your 25th birthday.
YOUR LEGAL RIGHTS
Under certain circumstances, you have rights under UK data protection laws in relation to your personal data.
You have the right to:
Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
If you wish to exercise any of these rights, please contact us at firstname.lastname@example.org or email@example.com marking your query for the attention of the DPL (Data Protection Lead).
WHAT WE MAY NEED FROM YOU
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
TIME LIMIT TO RESPOND
We try to respond to all legitimate requests within one month.