top of page

Patient Privacy Notice

Last reviewed 23/08/2024

​

This Patient Privacy Notice describes how we, Ferndown Chiropractic and Sports Injury Clinic, hereby known as “The Clinic” collect and use personal data relating to our Patients (i.e. individuals who attend or who have previously attended The Clinic for health advice and treatment). It also covers our use of personal data relating to Prospective Patients (i.e. individuals who enquire about or express an interest in the services offered by The Clinic) with whom we may communicate (such as over our website or by email). We also refer in this notice to Patients and Prospective Patients as ‘you’.​

​

We are required by data protection law to give you the information in this Privacy Notice. It is important that you read the Privacy Notice carefully, together with any other information that we might give you from time to time about how we collect and use your personal data.

​​

This Privacy Notice applies from 23rd August 2024 and supersedes any previous versions. We may update this Privacy Notice at any time.

​

Who is the controller?

Amy Tappenden is the 'controller' for the purposes of data protection law (also referred to in this notice as 'we' or 'us'). This means that we are responsible for deciding how we hold and use personal data about you. We can be contacted as follows: Data Protector Manager, Amy Tappenden, info@ferndownchiroclinic.co.uk , Tel: 01202 893445 or 07393 421207.

 

What is personal data?

Personal data means any information relating to a living individual who can be identified (directly or indirectly), in particular by reference to an identifier (e.g. name, NHS number, Patient number, email address, physical features). Personal data can be factual (e.g. contact details or age), an opinion or assessment about an individual, or information that may otherwise impact that individual in a personal or business capacity.

​

Data protection law provides additional protection for personal data about an individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health, sex life or sexual orientation, criminal convictions or offences, biometrics (if used for identification purposes), or genetics. This is referred to as special category data. We refer to personal data that is not special category data as ordinary personal data.

​

What type of personal data do we hold about you?

We hold personal data about you in order to provide our services, including, for example: name, contact details, age or date of birth, your requirements for our services, related biographical and background information relevant to our services, records of the services we have provided, and associated payments.

​

This includes special category data relevant to our services, including: background medical information and health details from you, information about our assessments and treatments for you, and other information about your health which is collected or recorded by us in providing our services.

​

If you are a Prospective Patient, we may hold your name and contact details, and other information relating to your enquiry or our communications with you.

​

Why do we hold your personal data and on what legal grounds?

We hold and use your personal data for the purposes of providing our services, responding to your enquiries, and for sending you related communications.

​

Both during and following the end of our relationship with you, we may retain your personal data in case it is needed to address enquiries from you, or to address any concerns or legal issues relating to our services or our business. See also below: How long do we keep your personal data?.

​

Data protection law requires us to have a legal ground for each use of personal data. Most commonly, we rely on the following legal grounds when we process your personal data.

  • Where we need to process your data to perform the contract we have entered into with you for the provision of our services (performance of the contract). This would apply for most of our activities, for example, collecting background information about you (including health details), maintaining records of our assessments, treatment and services, managing payments from you, and communicating with you in relation to our services.

  • Where we need it to comply with a legal obligation (legal obligation). This may include where law enforcement authorities require us to collect, use or share personal data, or where necessary to comply with other laws such as detailed in the General Chiropractic Council’s Code of Conduct.

  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests (legitimate interest). This may include, for example, using your data to respond to any enquiries, use of a CCTV system, and retaining or using your data to exercise or defend any legal claims, or otherwise to protect our legal rights.

  • Where we have obtained your specific consent. We will seek your consent before using your contact details to send you direct marketing communications (which you have not otherwise specifically requested from us).

We are required to have an additional legal ground in order to use data relating to your health (because it is special category data). As healthcare professionals, the applicable legal ground is that our use of health data is necessary to provide our health care and treatment services.

​

In exceptional circumstances, we may also use personal data (including special category data) where needed to protect your vital interests or those of another person, to detect or prevent unlawful acts, to establish, exercise or defend legal claims, or where it is in the public interest in the area of public health.

​

How do we collect your personal data?  

You provide us with most of the personal data about you that we hold and use. Other personal data about you is generated by us in the course of providing our services, for example records of our assessments and treatments, and information within internal communications or communications with you.

​

Some of the personal data about you that we hold and use may come from external sources. For example: if you have had previous treatment, we may, with your consent, request records from your previous healthcare provider or NHS services.

​

If you give us someone else’s personal data

Sometimes, you might provide us with another person’s personal data – e.g. details of a family member or next of kin. In such cases, we require you to inform the individual what personal data of theirs you are giving to us. You must also give them our contact details and let them know that they should contact us if they have any queries about how we will use their personal data, or, if we ask you to do so, you must pass on to them a separate privacy notice in which we explain what we do with their personal data that we receive from you.

​

Who do we share your personal data with?

We may share relevant personal data with the following parties (and our legal grounds for doing so are described in brackets).

  • Legal authorities or regulatory bodies, our legal and professional advisors or auditors, or other parties where we are required by law to do so (for compliance with a legal obligation, or otherwise in our legitimate interests to protect or enforce our rights, or to exercise, establish or defend legal claims).

  • Prospective or actual purchasers or our organisation or our business (in the legitimate interests of the purchaser).

  • Other parties with your consent (for example if you give your consent to share your records with another healthcare provider).

  • Other parties where necessary to protect your rights and interests, or the rights or interests of another individual (in our legitimate interests, or for compliance with a legal obligation).

  • Our service providers may also handle your data, such as providers of email, document management and accounting systems or online patient management systems. They act as processors on our behalf, meaning that we remain primarily responsible for how they use your data in line with the purposes and lawful bases identified in this Privacy Notice.

​

Consequences of not providing personal data

We only ask you to provide personal data when we have a good reason and there may therefore be consequences if you do not provide particular information to us.

​

Some of the personal data you provide to us, for example background information about you, is required in order for us to provide our services effectively and to perform our contract with you.

​

If you choose not to provide us with any personal data requested, we will tell you about the particular implications of any such decision at the relevant time.

​

How long will we keep your personal data?

We will not keep your personal data for longer than we need it for our legitimate purposes.

​

If you are a Patient, we generally keep records relating to our services to you (and associated assessments and treatment) for 8 years from the date of your last visit to us. (For Patients who are children, we keep these records until their 25th birthday, or 26th birthday if the Patient was 17 at the conclusion of treatment.)

​

If you are a Prospective Patient, we generally keep records of our communications with you for a period of 3 months following our last communication with you. Note that you also have the right to withdraw any consent you have given, and to object to use of your data for direct marketing purposes (see ‘Your rights’ below), in which case we may delete your personal data sooner. If we hold medical details such as within a patient screening service, your details will be held as if you were a patient.

​

Our retention periods may be changed in appropriate circumstances, for example we may need to retain your details for longer if there is a dispute in relation to our services. You may contact us for additional information about retention periods.

​

Please note that personal data that is held on IT back-up data sets for disaster recovery purposes may be retained for a different period. This is because it may not be possible to apply retention periods to individual records without erasing the whole back-up data set.

​

Transferring personal data outside the UK

We do not ordinarily transfer your personal data outside the UK.

​

Your rights

You have a number of legal rights relating to your personal data, as follows. 

  1. The right to withdraw any consent you have given in relation to the use of your personal data.

  2. The right to make a subject access request. This enables you to receive certain information about how we use your personal data, as well as to receive a copy of it.

  3. The right to request that we correct incomplete or inaccurate personal data that we hold about you.

  4. The right to request that we delete or remove personal data that we hold about you where there is no good reason for us continuing to process it, or where you have withdrawn any consent relating to that processing. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).

  5. The right to object to our processing your personal data where: (a) we use it for direct marketing purposes; or (b) where we are relying on our legitimate interest (or those of a third party) as our legal ground. In the case of (b), note that we may continue the processing if we can show a compelling reason to do so.

  6. The right to request that we restrict our processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.

  7. The right to request that we transfer your personal data to you or to another party, in a structured format. This right applies in respect of data that you have provided where our legal ground for using the data is that it is necessary for the performance of a contract or that you have consented to us using it (this is known as the right to “data portability”).

​

If you would like to exercise any of the above rights, or if you have any questions or concerns about how your personal data is being used by us please contact the Data Protector Manager, Amy Tappenden, info@ferndownchiroclinic.co.uk , Tel: 01202 893445 or 07393 421207. Note that these rights are not absolute and in some circumstances we may be entitled to refuse some or all of your request.

bottom of page