What personal information do we collect?
In order to treat you, we will ask you to provide certain information. This includes:
· Date of birth
· Home address
· Email address
· Telephone number
· Medical history.
To this, over time, we will add details of the conditions for which you have consulted us and the remedies and other therapies that we have prescribed or recommended.
How do we collect this personal information?
All the information collected is obtained directly from you. This is usually at the point of your initial consultation. The information is collected via a ‘medical history form’ which we ask you to complete prior to or at the initial consultation. In order for us to treat you effectively we do need to obtain this information from you; the gathering and processing of this information is covered under the legal base of ‘legitimate interests’ and this term is defined within data protection regulation and law. All changes to this policy or the way in which your data will be processed will be discussed with you.
How do we use this personal information?
We use your personal information to analyse the conditions for which you have consulted us and to prescribe remedies and other therapies.
We will communicate with you by email, other digital methods, by telephone and by post.
With whom do we share your personal information?
We will not disclose any personal information that we hold on you to any unrelated third party, except where required by law.
How long do we keep your personal information?
We need to keep your information for as long as you continue to consult us. Since patients often return for more consultations after a period of absence, we will keep your information for seven years after your last consultation. In the case of children, 7 years after their 18th Birthday. At that point, your file will be securely destroyed and any digital information will be erased from my computer systems.
How your information can be updated or corrected
To ensure that we have accurate and up-to-date information, you need to inform us of any changes you believe we should make to the personal information we hold. You can do this by contacting us by any of the methods previously described.
Under data protection legislation, you have the right to request access to the information we hold about you. You can make a request to do so by contacting us in writing and we will endeavour to respond within 14 working days.
We take steps to protect your personal information against loss or theft, as well as unauthorised access, disclosure, copying, use, or modification. This includes:
· Using strong passwords for information held within computer systems
· Restricting access to computer and paper-based files
· Using password protection on laptops and PCs that contain or access personal information
· Using password protection or secure cloud systems
· Providing adequate virus protection and firewall software to secure computer-based systems.
We may collect information on how the website is accessed and used. This may include information like your IP address, browser type and version and the pages on our site that you visit, the time and date you visit, and the time spent on those pages. Including unique device identifiers and other diagnostic data.
Cookies and tracking technologies are used to track this activity on our website. Cookies are files with a small amount of data. This can include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies used are beacons, tags and scripts to collect and track information. This helps to improve our website and your experience online.
When you visit our website, you will be given the option to accept or decline cookies. Session cookies are used to operate our website, preference cookies – to remember your settings cookies and security cookies for security purposes.
Data may be used to maintain the website, to notify you about changes to the website, to gather information to improve the website, to monitor any technical issues with the website, to monitor usage of the website. It may also be used to give you news and special offers through the newsletter. It is also used to comply on a legal basis with processing personal data under General Data Protection Regulation (GDPR).
Were a data breach to occur, action shall be taken to minimise the harm. We will inform any patients where we believe their personal information has been compromised. Where necessary, the Information Commissioners Office would be notified.
If a patient contacts us to say that they feel there has been a breach, the patient will be asked to provide an outline of their concerns. If the initial contact is by telephone, he/she will be asked to follow this up with a letter or email detailing their concern. The concern will then be investigated fully, and a response made to the patient. Breach matters will be subject to a full investigation, records will be kept and all those notified of the outcomes.
Changes to this policy
This policy may change from time to time. If I make any material changes, we will make you aware of them.
If you have any queries about this policy, need it in an alternative format, or have any complaints about the privacy practices, please contact me:
The Old Haybarn, Paddock Farm
Policy review date: Every 2 years