General Data Protection Regulations (GDPR)
To ensure that the service we provide to you is the best it can be, we collect and process information using a third party GDPR registered and compliant computerised service (Cliniko).
As a professional organisation we take your rights as an individual seriously and thus the data we hold about you is only that which, we believe, is necessary for us to provide an effective service.
Because the data we hold about you (health information amongst others) is classified as a special category of personal data under GDPR (Article 9), we need to specifically ask for your consent to obtain, store and process this data.
Your rights:
- You should consent to us holding personal information about you.
- You have the right to withhold that consent, although this may impact our ability to treat you effectively.
- If you do provide consent:
- You have the right to request a copy of all data we hold about you. To obtain a copy you should email jane@janeeastwood.com;
- We will provide you with a copy of our records within 14 working days, following your request, subject to any necessary security checks on your identity;
- You may request correction or removal of any or all data we hold about you for any reason, subject to any limitations imposed on us for legal, insurance or regulatory compliance reasons or for the prevention or detection of crime;
- In the unlikely event of any breach of security or loss of your data, we will inform the regulatory authorities and you within 72 hours of us becoming aware of the breach.
We will only use your data for the purposes for which it was collected:
- To allow us to provide you with services as your complementary healthcare practitioner and to ensure that any treatments given are appropriate to your condition(s);
- To allow us to contact you, for example to rearrange an appointment;
- To keep financial records;
- To keep records of your treatment and any advice we give to you as required by our insurance company and regulatory body best practice guidance;
- We may pass information to a suitably qualified practitioner to seek a second opinion. However, in this instance all means of identifying you will be removed prior to the data being shared;
- Other than as stated above, we will never pass your data to third parties (either in the UK or elsewhere) for marketing or any other reasons, except at your specific request, unless we are required to:
- for legal reasons by the appropriate authorities;
- for insurance and regulatory body compliance reasons.
- We may from time to time contact you with details of new services or special offers we are providing;
- As required by our insurers, your data will be retained, for 7 years (with the exception of children and young persons, where the data will be stored for 7 years after they reach the age of 18) after either the completion of a course of treatment or your last treatment. If you commence another course of treatment within that period, we may use your existing information as input into a new treatment plan;
- All data is kept secure and password protected by our third party data processor;
- All original paperwork and forms you provide will be securely stored for the same period as any computer data.
The personal data we hold about you and process:
Is either: provided by you directly, is a record of any treatments/advice we have given to you, or is provided by third party practitioners that you have personally authorised to pass information to us and is in three parts:
- Personal identifiers (Name, Address, Phone, Email, Date of Birth, etc.);
- Record of Appointments (Date, Time, Fees Paid, etc., but not Banking details such as Credit Card Numbers or Bank Account Numbers);
- Health and Treatment Information (such as Patient Initial Intake Form, Treatment Plans, Treatments/Advice Given).