PRIVACY NOTICE & GDPR
This notice sets out your rights under the EU GDPR on how Birkdale Acupuncture collects, uses, retains and discloses your personal information. Personal information is information that identifies you and is about you. This privacy notice applies to patients, prospective patients, contractors, suppliers and visitors to our website.
WHO WE ARE
The data controller for Birkdale Acupuncture and Birkdale Acupuncture & Pain Clinic is Mr. Simon Rowe 63 Upper Aughton Road, Birkdale, Southport PR8 5ND. Email is [email protected]
To ensure that we process your personal data fairly and lawfully this notice informs you
- why we need your personal information, how it will be used,
- who it will be shared with,
- what rights you have in relation to the personal information we collect from you.
HOW THE LAW PROTECTS YOU
Your privacy is protected by law, which says that we can use your personal information only if we have a proper reason to do so. This includes sharing it with third parties. The reasons why we may process (i.e. obtain, store, update and archive) your personal information are:
When you consent to it;
To fulfil a contract we have with you;
When it is our legal duty;
When it is in our legitimate interest (if we rely on our legitimate interest, we will tell you what that is);
Vital interest – we may process your personal data in order to protect your vital interests – for example, if you require emergency treatment.
Below is a list of the ways that we may use your personal information, and which of the reasons we rely on to do so. This is also where we tell you what our legitimate interests are.
What we use your personal information for and our reason(s) for processing:
Our legitimate interests (where applicable) - to arrange and confirm appointments and respond to enquiries from patients and prospective patients
Legitimate interest - to provide an efficient and effective acupuncture service. To maintain a record of all patients attending clinic with details of dates and charges.
To keep a record of patient appointments for billing and HMRC purposes and to enable patients and clinic to claim treatment costs from health insurers. To evaluate treatment outcomes in order to improve the service and help patients make informed choices for treatment.
Consent to contact your GP in case of an emergency or if you ask us to write to your GP about your treatment.
Consent to produce written case notes containing: your presenting condition; relevant medical history and lifestyle and social circumstances; traditional diagnosis; treatment notes; lifestyle advice given, and decisions made in conjunction with you
Performance of contract
Providing appropriate, high quality, safe acupuncture treatment and maintaining a written document of treatment in the event of criminal proceedings, a civil claim, an insurance claim or a complaint.
To record and report accident or adverse incidents involving any patients, visitors or acupuncturists and report these to relevant bodies (HSE, RIDDOR, insurers)
Legal requirement - Record of patient’s consent to treatment, or the consent of their next of kin or carer in the case of vulnerable adults to show that informed consent to treat has been sought
Legitimate interest - In the event of a civil claim, criminal proceedings, insurance claim or complaint. To investigate complaints and feedback received from patients. To resolve problems and improve patient care.
Advice and business services from accountants, web developer and solicitors
WHAT TYPES OF PERSONAL INFORMATION DO WE HANDLE?
We process personal information to enable us to support the provision of acupuncture services to patients, maintain our own accounts and promote our services. The types of personal information we use include:
Personal identity –
such as name, date of birth;
Contact details – such as
address, telephone and mobile numbers, email address;
Family details – such as next of kin or partner’s name;
GP – name and address;
Lifestyle and social circumstances – such as questions about smoking and drinking and general lifestyle;
Appointment record and payments made;
Health insurance company details;
Messages you send us via our website;
Details of when you contact us and when we contact you (including copies of written communications such as emails or text messages);
Any consents you have given us in relation to your treatment and the processing of your information.
For the provision of acupuncture services to you it will be necessary to collect and process information which the Data Protection Act defines as “sensitive” that may include:
Data concerning health;
Medical history; Fertility assessment.
In such cases we will always explain what information we require and why it is needed. Such data will always be processed and stored securely.
MARKETING - We do not process your data for marketing purposes or sell your information onto 3rd parties.
HOW IS DATA STORED
All medical treatment records are manual paper based ones and kept securely and confidentially in locked filing cabinets on a lockable premises. Day to day acess to the data is only by the Data Controller with no records kept on electronic files.
Any computers or smartphones used to access messages, emailand texts are password protected with anti-virus software.
WHERE WE COLLECT PERSONAL INFORMATION FROM
Personal information you give to us:
When you contact us (for example by phone, email, text messages, letter or via the website);
When you come for acupuncture treatment.
Any information gathered from our websites www.orientalhealth.co.uk, orientalacupuncture.co.uk or birkdaleacupuncture.co.uk
IF YOU CHOOSE NOT TO GIVE PERSONAL INFORMATION
We may need to collect personal information by law or under the terms of the contract we have with you.
If you choose not to give us this personal information, it may delay or prevent us from meeting our obligations. It may also mean that we cannot provide you with acupuncture services. We will notify you if your choice not to give personal information to us would result in a delay or prevent us from meeting our obligations.
WHO WE SHARE YOUR PERSONAL INFORMATION WITH
We may share your personal information with named third parties with your explicit consent.
Regulatory and advisory bodies such as the The Acupuncture Society and BRCP professional associations and public liability insurers and solicitors in case of adverse incidents, complaints and insurance claims.
With relevant authorities if necessary to comply with a legal obligation to which we are subject, such as a court order or HM Revenue and Customs.
Where there is a vital interest that overrides confidentiality such as need for emergency treatment or safeguarding vulnerable adults or children
OUR COMMITMENT TO YOUR PRIVACY
We recognise the importance of protecting personal and confidential information in all that we do, and we take care to meet our legal duties by putting in place security and procedural controls to protect your personal information.
How long do we keep your personal information?
We will keep your personal information for no longer than is lawfully necessary to conduct our business with you and/or in accordance with our legal obligations for data retention.
We will keep your personal information for 7 years following the last treatment or to age 25 in the case of children in order to respond to questions or complaints and to maintain records. After 7 years all manual paper patient records are securely shredded in a cross head shredder.
Emails according to simple enquiries resulting in no advice or appointment are deleted after one month. Text messages are deleted after the enquiry is dealt with.
Accident or adverse incident records are kept for 3 years from the date of recording
Unless subject to an exemption under the GDPR, you have certain rights with respect to your personal information as set out below.
In order to exercise your rights under data protection law, please contact us by writing to Simon Rowe Birkdale Acupuncture 63 Upper Aughton Road Southport PR8 5ND or email [email protected]
TO GET A COPY OF YOUR PERSONAL INFORMATION
You can request a copy of your personal information, as well as why we have that personal information, who has access to that personal information and where we got that personal information from at any time. Once we have received your request we will respond within 30 days.
TO LET US KNOW IF YOUR PERSONAL INFORMATION NEEDS UPDATING
You have the right to question any information we hold on you that you think is wrong, out of date or incomplete. If you do, we will take reasonable steps to check its accuracy and correct it.
THE RIGHT TO WITHDRAW YOUR CONSENT TO PROCESSING AT ANY TIME
Where there is a dispute in relation to the accuracy or processing of your personal data, you can request a restriction is placed on further processing. If you want to object to how we use your personal information, or ask us to restrict how we use it, please contact us using the details above.
THE RIGHT TO REQUEST YOUR PERSONAL INFORMATION IS ERASED
You have the right to request your personal information is erased where it is no longer necessary for us to retain it. This is known as ‘the right to erasure’ or ‘right to be forgotten.
If you want us to erase your personal information, please contact us using the details above. When we receive your request, we will confirm whether the personal information has been deleted or tell you the reason why it cannot be deleted. There may be legal reasons why we need to keep your personal information.
THE RIGHT TO REQUEST WE PROVIDE YOU WITH YOUR PERSONAL DATA
The right to request that we provide you with your personal data and where possible, to transmit that data directly to another data controller. This right only applies where the processing is based on consent or is necessary for the performance of a contract with you and in either case that we are processing the data by automated means.
All manual records can be scanned and forwarded on application with signed consent
THE RIGHT TO BE INFORMED IF YOUR DATA IS LOST
We shall also inform the Information Commissioner’s Office in accordance with the time limits in the GDPR.
YOUR RIGHT TO COMPLAIN
If you are not satisfied with our response or believe that we are not processing your personal information in accordance with the law, you can complain to the Information Commissioner’s Office by emailing [email protected] or telephoning 0303 123 1113 or visiting their website www.ico.org.uk
Their address for written complaints is Information Commissioners Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
OUR CONTACT DETAILS
Mr Simon Rowe
63 Upper Aughton Road
Southport PR8 5ND
Email: [email protected]
ICO Registration No. ZA551372