This document refers to personal data, which is defined as information concerning any living person (who hereafter will be called the Data Subject) that is not already in the public domain.
The General Data Protection Regulation (GDPR) along with the Privacy and Electronic Communications Regulations (PECR), seek to protect and enhance the rights of EU data subjects. This safeguards personal data, protecting against the unlawful processing of personal data and the its unrestricted movement.
1 – Who we are
GD Health Clinics provides osteopathic and sports massage therapy, we diagnose and treat health conditions. Treatments are carried out in accordance with all regulatory and professional practice standards. The practice may also provide other treatments, about which our staff will be pleased to provide more details.
2 – Personal Data
For the purposes of providing treatment, GD Health Clinics requires detailed medical information. We will only collect what is relevant and necessary for your treatment. When you visit our practice, we will make notes which may include details concerning your medication, treatment and other issues affecting your health. This data is held securely, is not shared with anyone not involved in your treatment, although for data storage purposes it may be encrypted and then stored by pre-vetted organisations . it is a condition of any treatment that you give your explicit consent to allow GD Health Clinics to document and process your personal medical data.
Contact details provided by you such as telephone numbers, email addresses, postal addresses may be used to remind you of future appointments and provide reports or other information concerning your treatment.
In making initial contact with GD Health Clinics you consent to us maintaining a marketing dialogue with you until you either opt out or we decide to desist in promoting our services. GD Health Clinics may occasionally also act in the capacity of data processor, when we may promote other practitioners based at our premises, who may not be employed by us. You can ask to be removed from our marketing database by emailing or phoning the practice using the contact details provided.
Some basic personal data may be collected about you from the marketing forms and surveys you complete, from records of our correspondence and phone calls and details of your visits to our website.
GD Health Clinics website uses cookies, Cookies are used by websites to identify and track visitors and their access preferences. Website visitors who do not wish to have cookies placed on their computers should set their browsers to refuse cookies.
3 – Legal basis for processing any personal data
To meet our contractual obligations obtained from explicit Patient Consent and legitimate interest to respond to enquiries concerning the services provided.
4 – Legitimate interests pursued by GD Health Clinics
To promote treatments for patients with all types of health problems including back pain and neck pain, tennis elbow, frozen shoulders, sciatica, headaches, sports injuries, and other degenerative conditions.
5 – Consent
Through agreeing to this privacy notice you are consenting to GD Health Clinics processing your personal data for the purposes outlined. You can withdraw consent at any time by using the email address or telephone number provided at the end of this Privacy Notice.
6 – Disclosure
GD Health Clinics will keep your personal information safe and secure, only staff and contractors engaged in providing your treatment will have access to your patient records, although our administration team will have access to your contact details so that they can make appointments and manage your account. GD Health Clinics will not see or disclose your Personal Information unless compelled to, in order to meet legal obligations.
The practice may also enforce its Terms and Conditions, including investigating potential violations of its Terms and Conditions to detect, prevent or mitigate fraud or security or technical issues; or to protect against imminent harm to the rights, property or safety of its staff.
7 – How long do we keep your personal data? (Retention Policy)
We process personal data during the duration of any treatment and will continue to store only the personal data needed for eight years after the contract has expired to meet any legal obligations. After eight years all personal data will be deleted, unless basic information needs to be retained by us to meet our future obligations to you, such as erasure details. Records concerning minors who have received treatment will be retained until the child has reached the age of 25.
8 – Data storage
All Data is held in the United Kingdom, EEA or within servers that are part of the Privacy Shield Framework. GD Health Clinics does not store personal data outside this. Any sensitive data that is electronically stored is encrypted and password protected.
9 – Your rights as a data subject
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:
Right of access – you have the right to request a copy of the information that we hold about you;
Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
Right to restriction of processing – where certain conditions apply you have a right to restrict the processing.
Right of portability – you have the right to have the data we hold about you transferred to another organisation.
Right to object – you have the right to object to certain types of processing such as direct § marketing.
Right to object to automated processing, including profiling – you also have the right not to be subject to the legal effects of automated processing or profiling.
The right to lodge a complaint with the Information Commissioners Office.
To access what personal data is held, identification will be required. GD Health Clinics will accept the following forms of identification (ID) when information on your personal data is requested: a copy of your driving licence, passport, birth certificate and a utility bill not older than three months. A minimum of one piece of photographic ID listed above and a supporting document is required. All requests should be made to GD Health Clinics using the contact details below.
10 – Contact Details
To exercise all relevant rights, queries or complaints please in the first instance contact the GD Health Clinics data protection officer at dpo@gdosteopathy.co.uk or call 0800 612 6212.
You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact- us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF
Cookies
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.