GDPR Privacy Policy
with effect from 25th May 2018
We are Romney Marsh Osteopaths (hereafter referred to as “we”, “us”, or “our”), for the purposes of this policy, Romney Marsh Osteopaths also incorporates all the non-osteopathic therapists that work within our practice.
Our registered address is Romney Marsh Osteopaths, 39 Littlestone Road, New Romney, Kent, TN28 8LN.
THE PURPOSE OF THIS NOTICE
This Notice is designed to help you understand what kind of information we collect in connection with our services and how we will process, store and safeguard your personal information.
WHAT IS PERSONAL DATA?
Personal data is information relating to an identifiable person such as an individual’s name, age, address, date of birth, gender, contact details or medical history.
PERSONAL DATA WE COLLECT
In order for us to provide and administer private healthcare services to you, we are legally obliged to collect and process your personal data. We will also collect your personal data where you request information about our services and promotions.
You may provide us with personal data when you contact us via the telephone, when writing to us directly or where we provide you with paper based forms for completion or we complete a form in conjunction with you.
We will share your personal data within our practice where it is necessary to do. We will not share your personal data with third parties unless this is necessary for the promotion of your health and you have consented for us to do so or we are required to do so by law.
Google Analytics will assess your personal data, for the purposes of analysing site traffic, when you visit our website, however we do not have access to these details and therefore we do not collect your unique online electronic identifier; commonly known as an IP address.
Google Analytics also use cookies, as part of the analysis process in place on our website. Cookies are inserted into most modern websites, to identify visitors, to simplify accessibility, and to monitor visitor behaviour when viewing website content. Again we do not have access to this information directly.
We may record written details of your communications with us, when you contact us or we contact you, within your medical records, where it would be advantageous and appropriate to do so.
Where we collect data directly from you, we are considered to be the data controller. We will not use third parties/data processors to process your data. A data ‘controller’ means the individual or organisation which, alone or jointly with others, determines the purposes and means of the processing of personal data. A data ‘processor’ means the individual or organisation which processes personal data on behalf of the controller.
As a provider of private healthcare we will process the following categories of data:
Personal data such as name, address, date of birth, gender and contact details.
Special categories of personal data such as medical details and treatment records.
If you object to the collection, sharing and use of your personal data we may be unable to provide you with our products and services.
For the purposes of meeting the Data Protection Act 2018 territorial scope requirements, the United Kingdom is identified as the named territory where the processing of personal data takes place.
If you require more information about our services or processes with regard to how we collect personal data and with whom we share data, please contact reception on (01797) 361111 and ask to speak to Kate Miles, our Data Representative or request a copy of our Confidentiality and Data Protection Policy.
WHY DO WE NEED YOUR PERSONAL DATA?
We will use your personal data for the purposes of maintaining contact with you and to legally provide you with healthcare products and services plus to administer our business appropriately, which may include the use of anonymous data for training or clinic auditing purposes.
You will only receive newsletters, special offers or marketing material from us if you have given us your email address and actively consented to be placed on our mailing list. You are welcome to unsubscribe at any time, either via one of our emails or by telephone.
We also have a Facebook site which you are very welcome to follow, you are able to remove yourself from this service at any stage but because of the nature of Facebook we will be unable to arrange this on your behalf.
DATA RETENTION
It is mandatory under the terms of our legally required Membership with the General Osteopathic Council, (hereafter referred to as the G.O.s.C.), that both contact and medical details are retained for a period of 8 years after that individual’s last appointment with the practice, or until the age of 25 for under 18’s.
This information will be stored in locked cabinets and any electronic data will be password protected and locked away when not in use and then securely destroyed at the end of the mandatory retention period.
YOUR RIGHTS
Individuals are provided with legal rights governing the use of their personal data.
These rulings grant individuals the right to understand what personal data relating to them is held, for what purpose, how it is collected and used, with whom it is shared, where it is located, to object to its processing, to have the data corrected if inaccurate, to take copies of the data and to place restrictions on its’ processing.
Individuals can also request the deletion of their personal data but where treatments have been undertaken at this practice this will not be legally possible in entirety, until the G.O.s.C.’s data retention period has passed.
These rights are known as Individual Rights under the Data Protection Act 2018. The following list details these rights:
– The right to be informed about the personal data being processed,
– The right of access to your personal data,
– The right to object to the processing of your personal data,
– The right to restrict the processing of your personal data,
– The right to rectification of your personal data,
– The right to erasure of your personal data where legally appropriate,
– The right to data portability (to receive an electronic copy of your personal data).
Individuals can exercise their Individual Rights at any time. As mandated by law we will not charge a fee to process these requests, however if your request is considered to be repetitive or excessive, we are entitled to charge a reasonable administration fee.
In exercising your Individual Rights, you should understand that in some situations we may be unable to fully meet your request, for example if you make a request for us to delete all your personal data, we may be required to retain some data for taxation and for regulatory or other statutory purposes.
You should understand that when exercising your rights, a substantial public or vital interest may take precedence over any request you make. In addition, where these interests apply, we are required by law to grant access to this data for law enforcement, legal and/or health related matters.
If you require further information on your Individual Rights or you wish to exercise your Individual Rights, please contact our Data Privacy Representative by calling reception on (01797) 36111 or by writing directly to our Data Privacy Representative: Mrs Kate Miles at Romney Marsh Osteopaths 39 Littlestone Road New Romney Kent TN28 8LN
PROTECTING YOUR DATA
We will take all appropriate technical and organisational steps to protect the confidentiality, integrity, availability and authenticity of your data, including, when necessity dictates, sharing your data within our organisation or with authorised third parties, with your consent or on a matter of law.
COMPLAINTS
If you are dissatisfied with any aspect of the way in which we process your personal data please contact our Data Privacy Representative by telephone on (01797) 361111 or in writing via Romney Marsh Osteopaths 39 Littlestone Road New Romney Kent TN28 8LN. If we have been unable to handle your concerns satisfactorily you also have the right to complain to the UK’s data protection supervisory authority, the Information Commissioner’s Office (ICO). The ICO may be contacted via its website which is https://ico.org.uk/concerns/ or by calling their helpline on 0303 123 1113.
HOW TO CONTACT US
If you have any questions regarding this Notice, the use of your data and your Individual Rights please contact our Data Privacy Representative at Romney Marsh Osteopaths 39 Littlestone Road New Romney Kent TN28 or by telephoning reception on (01797) 361111
Kate Miles/Romney Marsh Osteopaths is registered with the UK Information Commissioner, (ICO):
Registration Number: Z3436938
Updated Version: May 2018