Sandford Chiropractic Privacy Notice
(Why we collect your personal data and what we do with it)
When you supply your personal details to Sandford Chiropractic they are stored and processed for 4 reasons (the bits in bold and underlined are the relevant terms used in the General Data Protection Regulation – ie the law):
- We need to collect personal information about your health in order to provide you with the best possibleCare.You are requesting care by attending an appointment and our agreement to provide that care constitutes a contract. You can, of course, refuse to provide any information, but if you were to do that we would not be able to provide any services to you.
- We have a “Legitimate Interest” in collecting that information, because without itChiropractic Care could not be performed to the highest standards of safety and efficiency.
- We also think that it is important that we can contact you in order to confirmand remind you ofyour appointments with us, or to update you on matters related to your care. This again constitutes “Legitimate Interest”, but this time it is your legitimate interest.
- Provided we have yourconsent, we may occasionally send you general health information in the form of articles, advice orpractice newsletters. You may withdraw this consent at any time – just let us know by any convenient method.
We have a legal obligation to retain your records for a minimum of 8 years after your most recent appointment (or age 25, if this is longer), but after this period you can ask us to delete/destroy your records if you wish, we cannot legally delete/destroy them during the 8 year period. If no request is received we will likely retain your records beyond the 8 year time frame in order that we can provide you with care should you need to see us at some future date.
Your records are stored in the following ways:
On paper, in locked filing cabinets, and the offices are always locked and alarmed out of working hours.
Electronically (“in the cloud”), using a specialist clinical management software. This provider has given us their assurances that they are fully compliant with the General Data Protection Regulations. Access to this data is via online servers and password protected, and the password is changed regularly. We do not store any personal information on the computer hard drives in the event of a theft of said computers.
We will never share your data with anyone without your express consent. Only the following people will have routine access to your data:
- The cloud based management software mentioned above
- The practitioner supplying care
- Reception staff, because they organise our practitioners’ diaries, and coordinate appointments and reminders (but they do not have access to your medical history or sensitive personal information)