We are committed to safeguarding the privacy of all patients who attend our clinic; this policy sets out how we will treat your personal information. This document has been devised to reflect the new GDPR regulations which come into force from 25th May 2018. It may be updated from time to time in accordance with any new regulations.
1. Who We Are We are Total Balance Clinic Ltd of: 106a London Road, Apsley, Hemel Hempstead, Herts, HP3 9SD; telephone: 01442 211899; email: firstname.lastname@example.org. For the purposes of processing your personal data, we are the data controller.
2. What Personal Data do we collect and what do we do with it? We record and collect the following categories of personal data: name, address, telephone numbers, date of birth, email address, health information including medical history, diagnosis and treatment data. Our lawful basis for processing this data is one of contract, and for the health information, the provision of health-related services as a provider of spinal health care. In addition, we will only examine or treat you with your prior explicit consent. We use your data to contact you to confirm or remind you of your appointments with us or to update you on matters relating to your care. This may be in the form of email, text message or phone call. From time to time we may also send you occasional marketing items, which may be in the form of emails, newsletters, text messages, social media, birthday or christmas cards or special promotions that we think may be of interest to you. This list is not exhaustive and is just an example. You may withdraw this consent at any time – just let us know by any convenient method. We will never share your data with anyone who does not need access without your written consent.
3. Retaining Your Personal Data Whilst you are under care at our clinic we will continue to store and use your personal data. If you discontinue your care, we will be required to retain your personal data for a minimum of eight years. In the case of a child receiving care, after discontinuing care, personal data will be retained until the date of their 25th birthday; or 26th birthday if the child was age 17 when discharged. After this period, you can ask us to delete your records if you wish. 4. Your Rights As we process your personal data, you have certain rights. These are a right of access, a right of rectification, a right of erasure and a right to restrict processing. You may request a copy of your data at any time. Please make such a request in writing; or by email to the data controller whose details are given above in point 1. Please provide the following information: your name, address, telephone number, email address and details of the information you require. We may need to verify your identity, so we may ask for a copy of your passport, driving license and/or a recent utility bill. If you believe any of the personal data we hold on you is inaccurate or incomplete, please contact the clinic directly and any necessary corrections to your data will be made promptly. If you believe we should erase your data, please contact the data controller, whose details are given above in point 1. If you wish us to stop storing or using your data, please contact the data controller, whose details are given above in point 1.
5. Data Breaches Should your personal data that we control be lost, stolen or otherwise breached, where this constitutes a high risk to your rights and freedoms, we will contact you without delay. We will give you the contact details of the person who is dealing with the breach; explain to you the nature of the breach and the steps we are taking to deal with it.
6. Should You Wish to Complain You can contact the ICO via their website: www.ico.org.uk should you wish to make a complaint about the way we are processing your personal data.
7. Automated Decision Making and ProfilingWe do not use any system which uses automated decision making or profiling in respect of your personal data.