Whose information does this privacy notice apply to?
This privacy notice applies to information we collect from:
patients;
prospective patients;
former patients;
visitors to our website.
What is personal data?
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. Examples of personal data we may hold about you include your contact and appointment details.
Special category data is a sub-category of personal data. An example of which is the data we may hold about you e.g. patient notes.
How do we process your personal data?
By following GDPR guidelines and keeping personal data up to date; storing and destroying data securely; not collecting or retaining excessive amounts of data; protecting personal data from loss/misuse/unauthorised access & disclosure and by ensuring that appropriate technical measures are in place to protect personal data. (I do not store any of your health and wellbeing records electronically. I store everything on paper. These records are never left unlocked or unattended).
I use your personal data for the purposes set out below:
- I use your name, address, telephone number and email address to make or rearrange appointments and to discuss your treatments/questions/queries as needed. I am unable to send or receive encrypted emails so you should be aware that any emails sent or received may not be protected in transit. I will also monitor any emails sent to me, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send me is within the bounds of the law.
- I use will record your GP’s name and address and any other relevant health professionals in the event that I need to contact them to discuss your medical needs (your consent will be obtained prior to any contact unless it is required by law) or in case of emergency as stated in the British Acupuncture Code of Professional Conduct.
- I will store a copy of your consent to treatment or the consent of your next-of-kin in order to be able to prove that you or your next of kin, has given informed consent to treatment In the case of children/adolescents under the age of 16yrs a parent/guardian will be required to give consent to treatment and this will be recorded.
- I will record the reason you have come to see me (presenting problem/complaint), yours symptoms, relevant medical and family history (past & present) and general health questions e.g. about your diet, sleeping, exercise etc; in order to make a full traditional diagnosis, formulate a treatment strategy and a treatment plan.
- I will take your pulse during each treatment recording my findings and look at your tongue making notes of colour, shape, coating, in order to assist with making a traditional diagnosis.
- I will keep a record of any & all treatments given, details of progress of your case and reviews of treatments, tongue & pulse findings to enable me to amend my diagnosis as needed and amend treatment plans as needed based on your progress.
- I will record any lifestyle/diet advice, given that may be beneficial in conjunction with treatments and any decisions/discussions made in conjunction with you to help you to receive the most appropriate treatment.
- I keep accident records for any patients, visitors involved in accidents at my clinic in accordance with UK Health and Safety legislation including the Reporting of Injuries, Diseases and Dangerous Occurrences Regulations (RIDDOR) to comply with the law.
- Any information stored/recorded/discussed/advised will be used in the event of any criminal proceedings, litigation, complaints or for insurance claims.
Complaint handling
I will only use the personal information I collect to process the complaint and to check on the level of service provided. I may need to provide personal information collected and processed in relation to complaints to the British Acupuncture Council or insurance company.
I will keep personal information contained in complaint files in line with our retention policy. This means that information relating to a complaint will be retained for two years from closure. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.
Similarly, where enquiries are submitted to us I will only use the information supplied to us to deal with the enquiry and any subsequent issues and to check on the level of service I provide.
Website cookies
A "cookie" is technology that allows our website to store tokens of information (an 'identifier') in your browser used only by our website while you are on our website. Cookies are not used to determine the personal identity of anyone who is merely visiting our website. They serve to help us track traffic patterns to determine a user’s preferred location and language for us to direct user to the correct country home page when they visit our website. On specific pages of our website, cookies are used to help us track your interests while you browse the internet. This is to assist us to understand what is important to you and to tailor more relevant direct marketing to you.
Sharing your personal data
Your personal data will be treated as strictly confidential, it will not be shared without prior discussion and without your explicit consent. (In the event of those under 16yrs, information will not be shared unless the parent/guardian gives their consent).
The only exceptions to the above will be:
- For compliance with a legal obligation to which we are subject e.g. a court order
- with your doctor or the police if necessary to protect yours or another person’s life;
- with the police or a local authority for the purpose of safeguarding children or vulnerable adults
- with my regulatory body, the British Acupuncture Council, or my insurance company in the event of a complaint or insurance claim being brought against me
- My solicitor in the event of any investigation or legal proceedings being brought against me.
For further details about the situations when information about you might be shared please see the Information Commissioner’s website.
How long do we keep your personal data?
We keep patient records for a period of seven years from the point at which you cease being a patient, (In the case of those under 16yrs, records will be kept for 7yrs after their 18th birthday) in accordance with the British Acupuncture Code of Professional Conduct https://www.acupuncture.org.uk/public-content/effective-practice/bacc-professional-codes.html
Your rights and your personal data
Unless subject to an exemption under the GDPR, you have certain rights with respect to your personal data as set out below.
The right to request a copy of your personal data which we hold about you.
The right to request that we correct any personal data if it is found to be inaccurate or out of date.
The right to request your personal data is erased where it is no longer necessary for us to retain such data.
The right to withdraw your consent to the processing at any time. This right does not apply where we are processing information using a lawful purpose other than consent.
The right to be informed if your data is lost. We shall also inform the Information Commissioner’s Office in accordance with the time limits in the GDPR.
The right to lodge a complaint with the Information Commissioner’s Office.
For further details about these rights please see the Information Commissioner’s website at https://ico.org.uk/for-the-public/is-my-information-being-handled-correctly/