Chiropractic Care is registered with the Information Commissioner's Office (ICO) and complies with the guidelines set out by the General Chiropractic Council as well the Data Protection Act 2018, which includes the General Data Protection Regulation (GDPR).
Basis for Processing Data
When you supply your personal details to the clinic, they are stored and processed for 4 reasons:
1. We need to collect personal information about your health in order to provide you with the best possible treatment. Your requesting treatment and our agreement to provide that care constitutes what the law calls a "Contract". Health Information is considered a special category and we have a “Legal Obligation” to record and keep this information
2. We also have what is termed a "Legitimate Interest" in keeping this information, because without it we could not do our job effectively and safely.
3. We also consider that it is important that we can contact you in order to confirm your appointments with us or to update you on matters related to your medical care. This again constitutes "Legitimate Interest", but this time it is your legitimate interest.
4. Provided we have your consent, we may occasionally send you general health information in the form of articles, advice or newsletters. You may withdraw this consent at any time.
Record Retention & Storage of Data
We have a legal obligation to retain your records for 8 years after your most recent appointment (or age 25, if this is longer), but after this period you can ask us to delete your records if you wish. Your paper records are securely stored under lock and key and will be securely shredded at this time but we will retain your contact and financial information records indefinitely in order that we can provide you with the best possible care should you see us at some future date.
Your electronical records are stored on a secure server which is backed up regularly. Access to all data is password protected. Any paper documents are scanned onto our system before being securely shredded.
Access to Data
We will never share your data with anyone who does not need access without your written consent. The only people who will have routine access to your data are your practitioner(s), in order that they can provide you with treatment, and our reception staff, who organize appointments and reminders, and can act as an intermediary between you and your practitioner(s).
If you have consented to receive health information, advice or newsletters, then your name and email address may be stored on a mail server that we sometimes use to coordinate messages. In all these circumstances, we ensure that outside agencies are compliant with the data protection regulations and are fully aware that they must treat your information as confidential.
You have the right to see what personal data of yours we hold, and you can also ask us to correct any factual errors. Provided the legal minimum period has elapsed, you can ask us to erase your records.
We want you to be absolutely confident that we are treating your personal data responsibly, and that we are doing everything we can to make sure that the only people who can access that data have a genuine need to do so. Of course, if you feel that we are mishandling your personal data in some way, you have a right to complain. Complaints need to be sent to what the legislation call the "Data Controller". Our Data Controller is the Clinic Director who can be contacted at the clinic by any of the usual methods.