What is a Privacy Notice?
Under data protection law you, as a client or potential client of New Heights Wellness Limited, you have specific rights. To communicate these rights to you in a clear and concise manner, we are providing you with this privacy notice.
Who We Are?
We are New Heights Wellness Limited, 42 Thrapston Road, Unit 3, the Barns, Brampton, Cambridgeshire, PE28 4TD; telephone number 01480 457909, email address firstname.lastname@example.org. For the purposes of processing your personal data we are the Controller.
Data Protection Officer
As we record and use sensitive data we take the protection of this data very seriously. We have therefore appointed a Data Protection Officer, Julie Saltys, who is your first point of contact for any matters regarding your personal data we process. They can be contacted on 01480 457909 and their email address is email@example.com and their postal address is as given above.
The Personal Data We Process and What We Do with It
We record and use the following categories of personal data which may include:
- name, address, telephone numbers, email address, date of birth, health information including medical history, diagnosis, treatment data and x-ray records.
- Any contact we have had with you such as appointment history, follow up calls, appointment reminders.
- Details of your treatment notes.
- Relevant information from other health care professionals.
All of our records are stored both electronically, through our Practice Management Software and on paper.
Neither we, nor any third parties we work with, sell your information or use it for any other purpose than to provide the services to you that you have requested from us.
Your data is not used for any other purposes. We are committed to protecting your privacy and will only use information collected lawfully in accordance with: General Data protection rules 2018, Human rights act 1998, and Common law duty of confidentiality and General Chiropractic Code of conduct.
Our lawful basis of processing this data is one of contract and for the health information, the provision of health -related services as a chiropractic clinic. The contact information you provide us will only be used to contact you regarding your care with our clinic, including appointment bookings or amendments, finances. Provided we have your consent, we may occasionally send you clinic updates or general health information in the form of emails, newsletters or cards. You may withdraw this consent at any time – just let us know by any convenient method.
In addition, we will only examine or treat you with your explicit consent. You can, of course, refuse to provide the information, however in this case we would be unable to provide you with treatment in the clinic.
Your records are stored:
- on paper, in locked filing cabinets, and the offices are locked out of working hours.
- electronically (“in the cloud”), using specialist Chiropractic Management Software records services. These providers have given us their assurances that they are fully compliant with the General Protection Regulations. Access to this data is password protected, and the passwords are changed regularly.
- on our office computers. These are password-protected, backed up regularly, and the office is locked out of working hours.
Sharing Your Personal Data
We will never share your data with anyone who does not need access without your written consent. Only the following people/agencies will have routine access to your data:
- The medical records service who store and process our files.
- Your practitioner(s)and spinal rehab assistants in order that they can provide you with treatment.
- Our reception staff and chiropractic assistants, because they organise our practitioners’ diaries, and coordinate appointments and reminders. They are also responsible for performing certain tests and scans to provide you with the best level of care.
- We also use MailChimp emailing software to coordinate our messages, so your name and email address may be saved on their server.
We only share your personal data with your explicit consent, where third parties are used by us to store your personal data, we ensure they are compliant with the data protection law and any such data is not stored outside of the EU.
We only ever pass on information about you if there is a genuine need for it and we have your consent. This may be to your GP, dentist, other health professional, solicitors, and reports for insurance companies. We will ensure anyone with access to your records is properly trained in confidentiality issues.
We will not disclose any information about you without your written permission or in a child’s case, parental consent, unless there are exceptional circumstances, where the law requires information to be passed on, or there is an imminent risk to the life of yourself or others.
To ensure your privacy, we will not disclose information over the telephone or email unless we are sure that we are communicating directly with you. Information will not be disclosed to family and friends unless we have prior written consent and we will not leave messages involving personal data with others.
Retaining Your Personal Data
Whilst you are receiving treatment from our clinic we will continue to store and use your clinical data. Once you have stopped care or have been discharged from care, we will be required to retain your personal data for a minimum of 8 years. After 8 years, you can ask us to delete your records, otherwise we will retain your records indefinitely so that we can provide the best care should you need to continue care at a future date, however we will delete all contact information such as date of birth, email address, phone number and address.
In the case of children, we must retain their data until their 25th birthday or 26th should their last appointment be when they were 17 years of age.
As we process your personal data, you have certain rights. These are a right of access, a right of rectification, a right of erasure and a right to restrict processing. You may request a copy of your data at any time. Please make such a request in writing to the clinic address, addressed to The Data Controller or by email to firstname.lastname@example.org. Please provide the following information: your name, address, telephone number, email address and details of the information you require. We will need to verify your identity so we may ask for a copy of your passport, driving license and/or recent utility bill.
If you believe any of the personal data we hold on you is inaccurate or incomplete, please contact us directly and any necessary corrections to your data will be made without undue delay.
If you believe we should erase your data, please contact the Data Protection Officer, whose details are shown above.
If you wish us to stop storing or using your data, please contact the Data Protection Officer, whose details are shown above. Where you have provided explicit consent for us to use your data you have a right to withdraw this consent at any time.
Should your personal data that we control be lost, stolen or otherwise breached, where this constitutes a high risk to your rights and freedoms, we will contact you without delay. We will give you the contact details of the Data Protection Officer who is dealing with the breach, explain to you the nature of the breach and the steps we are taking to deal with it.
Should You Wish to Complain
You can contact the ICO via their website: www.ico.org.uk should you wish to make a complaint about the way we are processing your personal data.
Automated Decision Making and Profiling
We do not use any system which uses automated decision making or profiling in respect of your personal data.
How We Obtained Your Data
Your personal data has been collected directly from you, via our new patient intake form, online website or email enquiry or contact form and health information given to the chiropractor.