On the 25th May 2018, the EU wide General Data Protection Regulation (GDPR) came into effect. This piece of legislation together with the Privacy and Electronic Communications Regulations (PECR) is aimed at giving you more control over your data, improving the safeguarding of your data and ensuring that your data is processed in a lawful manner.
It is important that you read this privacy notice together with any other privacy notice or fair processing notice we may provide on specific occasions so that you are fully aware of how and why we are using your data. Please note that this privacy notice supplements any other notices and is not intended to override them. Bansel Osteopathy and Holistic Health respects your privacy and is committed to protecting your personal data. We do not share or sell your personal data to any third party.
Who we are:
Bansel Osteopathy and Holistic Health is the data controller and is responsible for your personal data.
Bansel Osteopathy and Holistic Health is located at The Avondale House Clinic, Avondale House, 63 Sydney Rd, Haywards Heath, West Sussex, RH16 1QD.
Bansel Osteopathy and Holistic Health operates the website:www.banselosteopathy.co.uk
Purpose of this privacy notice:
This privacy notice will outline:
· How we collect and process personal data both in the clinic and when you visit our website regardless of where you visit it from, for example when you contact us or sign up to our newsletter. Please note that our website is not intended for children.
· How your data is stored.
· Your legal rights.
· Data retention policy.
· Disclosure of your personal data policy.
· Breach of personal data policy.
· Complaint’s procedure policy.
· Data Privacy manager’s contact details.
· Useful terms.
How we collect and process your data
We use different methods to collect data about you, these include:
• Direct interactions. You may give us your Identity and Contact Data by contacting us or by requesting marketing to be sent to you.
Bansel osteopathy and Holistic Health will only collect information we need to be able to provide you with the best treatment and service, i.e information that we have a legitimate interest in. We will only use your data when we have your consent to do so. It is important that the personal data we hold about you is accurate and current, so please keep us informed if your personal data changes during your relationship with us.
Bansel Osteopathy and Holistic Health collects the following personal information:
1. Identity Data including first name, last name.
2. Contact Data including telephone numbers, postal and email addresses. This information is used for:
· Responding to enquires.
· Appointment reminders/rescheduling/cancellations.
· Providing information relating to your treatment.
· Updating you about clinic information and offers via our monthly newsletter and social media platforms. Please note that we use Mailchimp for our newsletters and that your name and email address may be saved on their server. Mailchimp is GDPR compliant.
· Providing interesting up to date information relating to your health and well being.
Please note that you have the right to opt out of any of the above communications at any time should you so wish.
3. Personal Data including a detailed medical history. As previously mentioned, we will only collect what information is deemed relevant and necessary for us to provide you with the best treatment. In some instances, we may need to share your medical records with other healthcare practitioners, such as your GP or consultant. Should this be necessary, we will always ask for your consent to sending your information prior to doing this.
4. Technical Data includes: internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access Bansel Osteopathy and holistic Health’s website.
5. Usage Data includes information about how you use our website.
6. Aggregated Data such as statistical or demographic data for any purpose.
We do not collect any special categories of personal data about you-this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership and biometric data. Nor do we collect any information about criminal convictions and offences.
How your data is stored
Your data is always held securely. Your medical data is not accessible by anyone who is not involved in your treatment. Your contact data is accessible by the reception staff who need access to this information in order to efficiently handle your enquires and appointments.
Your legal rights under the GDPR
Under the new GDPR legislation to, you have the right to:
i. Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
ii. Request a correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you updated and corrected.
iii. Request your personal information to be erased. This enables you to ask us to delete or remove any personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law.
iv. Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
v. Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
vi. Request the transfer of your personal information to another party.
vii. Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
Disclosure of personal data:
Should you wish to exercise any of the above rights, please note:
· You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
· We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
· We try to respond to all legitimate requests within one month.
We have a legal obligation to retain your records for 8 years after the last treatment session or in the case of a child, up until they are 25. If you would like your records deleted after this period, please put your request in writing to the data privacy manager. If we do not hear from you after the 8 year period or after the age of 25 in the case of a child, we will retain your records so as to be able to provide you with the best treatment should you need to revisit the clinic again in the future.
Breach of your personal data:
In the highly unlikely event of a data breach, you will be contacted and notified of the breach and it’s extent immediately. The Information Commissioner’s Office (ICO) will also be notified and we will keep you updated as the investigation proceeds.
You have the right to make a complaint at any time to Bansel Osteopathy and Holistic Health or the ICO-the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
Data Privacy manager:
We have appointed a Data Privacy Manager who is responsible for overseeing any queries in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the Data Privacy Manager using the details set out below:
Name: Bansel Osteopathy and Holistic Health.
Name or title of Data Privacy Manager: Miss Jasveer BanseL
Email address: firstname.lastname@example.org
Telephone number: 01444 200 575.
Address: The Avondale House Clinic, Avondale House, 63 Sydney Road, Haywards Heath, West Sussex, RH16 1QD.
-Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests.
-Consent means that you have given us clear consent for us to process your data for a specific purpose. You have the right to withdraw consent to marketing at any time by contacting us.