Since 25th May 2018, all businesses have become subject to data protection legislation known as the General Data Protection Regulations (GDPR). As such, we have a duty to tell you what personal data we collect and why, how we store it and who has access to it. Following is a summary of some of the key points. Our detailed Privacy Statement can be found via the main menu, or you can follow this link.
When you visit us for your first consultation or treatment on or after the above date, we will have to ask you to fill in a consent form, so please arrive 10 minutes or so before your booked time to complete the paperwork without disrupting your appointment.
Information and Communication
When you supply your personal details to this clinic, they are stored and processed for 3 reasons:
- We have a legal obligation to maintain medical notes, in order to provide you with the most appropriate treatment.
- Provided we have your consent, we may need to contact you in order to confirm your appointments with us, or to update you or your doctor on matters related to your care. Under the GDPR, this is known as legitimate interest.
- Again, provided we have your consent, we may occasionally send you specific information relevant to your care, in the form of articles, advice or newsletters. This, too, constitutes legitimate interest under the GDPR.
Your records are stored on paper, in a locked filing cabinet, and the office is always locked out of working hours.
We have a legal obligation to retain your records for 8 years after your most recent appointment (or age 25, if this is longer), and they will usually be destroyed after this period.
If we contact you via an email address that you have given us, that address will be stored on the email service provider’s system.
We will never share your data with anyone who does not need access without your written consent, unless we are directed to do so by a legal authority.
Only the following people will have routine access to your data:
- Our reception staff will have access to your contact details, because they organise our practitioners’ diaries, and coordinate appointments and reminders. They do not have access to your medical history or sensitive personal information.
- Your practitioner(s), in order that they can provide you with appropriate treatment.