top of page

Privacy notice for patients records

(Why we collect your personal data and what we do with it)

When you supply your personal details to this clinic they are stored and processed for 4 reasons (the bits in bold are the relevant terms used in the General Data Protection Regulation - ie the law):

  1. We need to collect personal information about your health in order to provide you with the best possible treatment. Your requesting treatment and our agreement to provide that care constitutes a contract. You can, of course, refuse to provide the information, but if you were to do that we would not be able to provide treatment.
     

  2. We have a "Legitimate Interest" in collecting that information, because without it we couldn't do our job effectively and safely.
     

  3. We also think that it is important that we can contact you in order to confirm your appointments with us or to update you on matters related to your medical care, including reminding you if your next visit is overdue. This again constitutes "Legitimate Interest", but this time it is your legitimate interest.
     

  4. Provided we have your consent, we may occasionally send you general health information in the form of articles, advice or newsletters. You may withdraw this consent at any time - just let us know by any convenient method.

 

We have a legal obligation to retain your records for 8 years after your most recent appointment (or age 25, if this is longer), but after this period you can ask us to delete your records if you wish. Otherwise, we will endeavour to retain your records for 25 years in order that we can provide you with the best possible care should you need to return to us during this period, but reserve the right to delete them sooner if required.

 

Your records are stored:

  • on paper, in locked filing cabinets, and the offices are always locked and alarmed out of working hours.

  • on our office computers. The computers are password-protected and backed up regularly on encrypted, password protected portable drives.

We will never share your data with anyone who does not need access without your written consent. Only the following people/agencies will have access to your data:

  • Your practitioner(s) in order that they can provide you with treatment.

  • Our reception staff, because they organise our practitioners' diaries, coordinate appointments and reminders, and file the records.

  • Rehab My Patient (RMP). We have a data processing agreement with RMP to provide exercises by email that we have prescribed for you. If you give your consent, the only information we share is your name, date of birth, email, and prescribed exercises.

  • Other administrative staff. Administrative staff will not have access to your medical notes, just your essential contact details.

  • Our professional association, the British Chiropractic Association; our regulatory body the General Chiropractic Council; and our professional indemnity insurer; but ONLY in the unlikely event of a complaint made by you against us.

  • Your private health Insurance company, if you have instructed us to do so to claim for your treatment costs.

From time to time, we may have to employ consultants to perform tasks which might give them access to your personal data (but not your medical notes). We will ensure that they are fully aware that they must treat that information as confidential, and we will ensure that they sign a non-disclosure agreement. We may also share your data with third parties as part of a clinic sale or restructure, or for other reasons to comply with a legal obligation upon us.

You have the right to see what personal data of yours we hold, and you can also ask us to correct any factual errors. It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes. Provided the legal minimum period has elapsed, you can also ask us to erase your records.

We want you to be absolutely confident that we are treating your personal data responsibly, and that we are doing everything we can to make sure that the only people who can access that data have a genuine need to do so.

Of course, if you feel that we are mishandling your personal data in some way, you have the right to complain. Complaints need to be sent to what is referred to in the jargon as the "Data Controller". Here are the details you need for that:

North Walsham Chiropractic Clinic
6 Church Street
North Walsham
NR28 9DA
GDPR@nwchiropractic.co.uk
01692 500 600

If you are not satisfied with our response, then you have the right to raise the matter with the Information Commissioner's Office.

Privacy notice for electronic communications

(Why we collect your personal data and what we do with it)

When you supply any personal details to this clinic they are stored and processed under the terms of the General Data Protection Regulation. This notice relates our communications with you using e-mailFacebook Messenger and Twitter Direct Messages.

Please keep in mind that communications via email over the internet are not secure. Although it is unlikely, there is a possibility that information you include in an e-mail can be intercepted and read by other parties besides the person to whom it is addressed. Likewise, Facebook and Twitter Direct Messages are not end to end encrypted. Please be aware of this if you choose to disclose any personal medical information in these forms of communication. We would also urge you not to include personal identifying information such as your birth date, address or telephone number in these forms of communication to us.

Having read and understood the above, if you need to discuss any information that you are not comfortable about sending in these forms of communication, please contact us in another way.

When communicating with us via e-mail, Facebook or Twitter and supplying any personal details to us, you consent to us processing and storing the information that you voluntarily provided.

Sharing Your Personal Data - The people having access to your data will be our chiropractors, so they can offer you advice; our reception staff, because they organise our practitioners' diaries, coordinate appointments and reminders, and file records; and other clinic administrative staff.

Your e-mail data will be stored by Microsoft Outlook, and Facebook and Twitter messages stored by each of these companies respectively. You must also accept their terms and conditions along with their General Data Protection Regulation policies. We will access the information stored by them using either our office computers or mobile devices, all of which are password protected.

From time to time, we may have to employ consultants to perform tasks which might give them access to our computers, and so to personal data. We will ensure that they are fully aware that they must treat any information as confidential, and we will ensure that they sign a non-disclosure agreement. We may also share your data with third parties as part of a clinic sale or restructure, or for other reasons to comply with a legal obligation upon us.

We have a Legitimate Interest in the retention of e-mails and messages that you instigate for a limited time period, in case you make contact with us again about the same subject matter. However, after 12 months we will delete the emails or messages. You can request us to delete this information sooner if you prefer. If you are an existing patient of the clinic, and the information exchange is relevant to your treatment, we will copy this information to your treatment records.

You have the right to see what personal data of yours we hold, and you can also ask us to correct any factual errors.

We want you to be absolutely confident that we are treating your personal data responsibly, and that we are doing everything we can to make sure that the only people who can access that data have a genuine need to do so.

Of course, if you feel that we are mishandling your personal data in some way, you have the right to complain.

 

Complaints need to be sent to what is referred to in the jargon as the "Data Controller". Here are the details you need for that:

 

North Walsham Chiropractic Clinic
6 Church Street
North Walsham
NR28 9DA
GDPR@nwchiropractic.co.uk
01692 500 600

 

If you are not satisfied with our response, then you have the right to raise the matter with the Information Commissioner's Office.

Privacy notice for COVID-19 and Test and Trace

(Why we may have to share some of your personal data)

By maintaining our records of staff and patients, and sharing these with NHS Test and Trace where requested for the purpose of contact tracing, we can help to identify people who may have been exposed to the coronavirus.

As a patient or member of staff of North Walsham Chiropractic Clinic the following information may be requested by the NHS Test and Trace service:

  • Name

  • A contact phone number

  • The date of visit, arrival time and departure time

  • Anyone you may have interacted with during your visit

North Walsham Chiropractic Clinic as the data controllers for the collection of your personal data, will be responsible for compliance with data protection legislation for the period of time it holds the information. If that information is requested by the NHS Test and Trace service, the service would at this point be responsible for compliance with data protection legislation for that period of time.

 

The NHS Test and Trace service as part of safeguarding your personal data, has in place technical, organisational and administrative security measures to protect your personal information that it receives from us, that it holds from loss, misuse, and unauthorised access, disclosure, alteration and destruction.

We will only share information with NHS Test and Trace if it is specifically requested by them. For example, if another patient at the clinic reported symptoms and subsequently tested positive, NHS Test and Trace can request the log of patient details for a particular time period (for example, this may be all patients who visited on a particular day or time-band, or over a 2-day period).

NHS Test and Trace will not disclose this information to any third party unless required to do so by law (for example, as a result of receiving a court order). Your information will always be stored and used in compliance with the relevant data protection legislation.

The use of your information is covered by the General Data Protection Regulations Article 6 (1) (c) – a legal obligation to which we are subject to. The legal obligation to which we’re subject, means that we’re mandated by law, by a set of new regulations from the government, to co-operate with the NHS Test and Trace service, in order to help maintain a safe operating environment and to help fight any local outbreak of coronavirus.

You have the right to see what personal data of yours we hold, and you can also ask us to correct any factual errors.

We want you to be absolutely confident that we are treating your personal data responsibly, and that we are doing everything we can to make sure that the only people who can access that data have a genuine need to do so.

 

Of course, if you feel that we are mishandling your personal data in some way, you have the right to complain.

Complaints need to be sent to what is referred to in the jargon as the "Data Controller". Here are the details you need for that:

North Walsham Chiropractic Clinic

6 Church Street

North Walsham

NR28 9DA

GDPR@nwchiropractic.co.uk

01692 500 600

If you are not satisfied with our response, then you have the right to raise the matter with the Information Commissioner's Office.

bottom of page