This document refers to personal data, which is defined as information concerning any living person (a natural person who hereafter will be called the Data Subject) that is not already in the public domain.
The General Data Protection Regulation (GDPR) which is EU wide and far more extensive than its predecessor the Data Protection Act, along with the Privacy and Electronic Communications Regulations (PECR), seek to protect and enhance the rights of EU data subjects. These rights cover the safeguarding of personal data, protection against the unlawful processing of personal data and the unrestricted movement of personal data within the EU and its storage within the EEA.
1 - Your Practice The Perrymount Clinic, based at Hurstwood Grange, Hurstwood Lane, Haywards Heath, RH17 7QX, which hereafter for the purposes of this Privacy Notice will be referred to as the Osteopaths, is pleased to provide the following information:
2 - Who we are The Osteopaths diagnose and treat health conditions. Treatments are carried out in accordance with the Institute of Osteopathy’s patient charter http://www.iosteopathy.org/osteopathy/the-patient-charter/. The practice may also provide other treatments, about which our staff will be pleased to provide more details.
4 - Legal basis for processing any personal data To meet our contractual obligations obtained from explicit Patient Consent and legitimate interest to respond to enquiries concerning the services provided.
5 - Legitimate interests pursued by Osteopaths To promote treatments for patients with all types of health problems indicated for osteopathic care.
6 – Consent Through agreeing to this privacy notice you are consenting to Osteopaths processing your personal data for the purposes outlined. You can withdraw consent at any time by using the postal, email address or telephone number provided at the end of this Privacy Notice.
7 – Disclosure Osteopaths will keep your personal information safe and secure, only staff engaged in providing your treatment will have access to your patient records, although our administration team will have access to your contact details so that they can make appointments and manage your account. Osteopaths will not disclose your Personal Information unless compelled to, in order to meet legal obligations, regulations or valid governmental requests. The practice may also enforce its Terms and Conditions, including investigating potential violations of its Terms and Conditions to detect, prevent or mitigate fraud or security or technical issues; or to protect against imminent harm to the rights, property or safety of its staff.
8 - Retention Policy Osteopaths will process personal data during the duration of any treatment and will continue to store only the personal data needed for eight years after the contract has expired to meet any legal obligations. After eight years all personal data will be deleted, unless basic information needs to be retained by us to meet our future obligations to you, such as erasure details. Records concerning minors who have received treatment will be retained until the child has reached the age of 25.
9 - Data storage Our data is help with the clinic management service called Cliniko, which is GDPR compliant
10 - Your rights as a data subject At any point whilst Osteopaths are in possession of, or processing your personal data, all data subjects have the following rights: