Orpington Chiropractic Clinic
DATA PROTECTION POLICY
About this Policy
- This policy explains when and why Orpington Chiropractic Clinic (OCC) collect personal information about our patients, supporters and staff, and how OCC will use it and keep it secure together with the rights of data subjects.
- OCC may collect, use and store your personal data, as described in this Data Protection Policy and as described when OCC collect data from a data subject.
- OCC reserve the right to amend this Data Protection Policy from time to time and without prior notice. All are advised to check our website www.orpchrio.co.uk regularly for any amendments (but amendments will not be made retrospectively). This policy will be dated as a means for checking versions.
- OCC will always comply with the General Data Protection Regulation (GDPR) and other extant legislation when dealing with personal data. Further details can be found at the website for the Information Commissioner (www.ico.gov.uk). For the purposes of the GDPR, OCC will be the controller of all personal data held about patients, supporters and former patients.
- To accompany this Policy, a Data Privacy Notice is on our website to expand on the new rules governing personal data.
- Who Are We?
- We are the Orpington Chiropractic Clinic (OCC) (sometimes referred to in this policy as the ‘clinic’ or the ‘practice’). OCC can be contacted at:
10 High Street
- What Information OCC collect and why?
|Type of Information||Purposes||Legal Basis for Protection|
|Patient’s name, address, telephone and e-mail address(es)||To manage thePatient’s treatment and keep them informed of clinic occurrences, events and appointments.||Performing the Practice’s contract with the Patient. For the purposes of our legitimate interests in operating the Clinic.|
|Type of Information||Purposes||Legal Basis for Protection|
|Potential and former Patient’s name, (supporters) address, telephone and email address (es). (Former Patients are those patients that have not attended the clinic as a patient for over 9 months)||To inform about Clinic/Practice events, occurrences and offers.||By providing consent to promote the Practice.|
|Photos and videos of Patients/supporters.||Placing on the Clinic’s website and social media pages.||We will seek a supporter’s/patient’s consent to use this material. The patient/supporter may withdraw their consent at any time by contacting us by email or letter.|
|Patient Data||To enable professional diagnosis, treatment and recording of such, of the patient health data||Legitimate Interest and Contract and as required by the General Chiropractic Council. In addition the data is processed as special category data (health data) under the provisions of health and social care treatment.|
|Bank account and credit/debit card details of the Patient||Managing thePatient’ payment details.||Contracting to complete payments with patients.|
|Staff personal details: name, address, telephone number, email address(es), date of birth, National Insurance Number, and Bank account details.||Manage the staff member and providedetails to payroll toensure prompt payment of wages and pension.||For the purposes of ourlegitimate interests/contract in managing the staff member and performing the Practice and employee’s employment contract.|
- The Practice will protect personal data by:
- Not transferring personal data outside the EEA without the data subject’s approval.
- Implemented generally accepted standards of technology and operational security in order to protect personal data from loss, misuse, or unauthorised alteration or destruction.
- Maintaining a Privacy Notice (dated for version control) on the OCC website to inform all patients and supports as well as the general public of how OCC will handle and treat personal data in accordance with the law.
- Notifying data subjects promptly in the event of any breach of their personal data which might expose them to serious risk.
- Who else has access to the information?
- Personal data will not be sold or shared with other parties without your prior consent (which can be withhold) except where to do so by law or as set out in the table above or paragraph 5.2 below.
- Personal data may be passed to third parties who are service providers, agents and subcontractors to the practice for the purposes of completing tasks and providing services to data subjects on OCC’s behalf. However, OCC disclose only the personal data that is necessary for the third party to deliver the service and a contract is put in place that requires them to keep your information secure and not to use it for their own purposes.
- How long is data kept?
- OCC will hold personal data on OCC systems for as long as the data subject is a patient of the Practice and for as long afterwards as is necessary to comply with legal obligations (GCC require 7 years and we will hold for 10 years). All personal data will be reviewed every quarter to establish whether OCC is still entitled to process it. If OCC decide that there is no entitlement, OCC will stop processing personal data except that OCC will retain your personal data in an archived form in order to be able to comply with future legal obligations e.g. compliance with tax requirements and exemptions, and the established exercise or defence of legal claims.
- OCC will securely destroy all personal data and financial information once it is no longer legally entitled to retain it.
- Data Subject Rights
- Data subjects have rights under GDPR:
- to access their personal data;
- to be provided with information about how their personal data is processed;
- to have their personal data corrected;
- to have their personal data erased in certain circumstances;
- to object or to restrict how their personal data is processed;
- to have personal data transferred to themselves or to another business, in certain circumstances.
- Data Subjects have the right to take any complaints about how OCC process their personal data to the Information Commissioner:
0303 123 1113
Information Commissioner’s Office
Wycliffe House, Water Lane Wilmslow, Cheshire SK9 5AF
For more details, please address any questions, comments or requests regarding our data Protection practices to OCC via e-mail firstname.lastname@example.org or in writing to
OCC, 10 High Street, Orpington, KENT, BR6 0JG
1 March 2018