From 25th May 2018, the new Data Protection Act 2018 comes into place and I need to inform you of what data I hold about you, why I need it, what I will be doing with your data, who I might share it with and when I will destroy it.
What information do I hold, why do I have it and who might I share it with?
Currently I hold a completed consultation form and treatment records with your details. These include your name, address, date of birth and various means of contacting you. Plus details of your health and medical history. These are all required so I can contact you and tailor your treatment to meet your needs. I will never share this information with a third party, without your consent.
Health Related Data:
Consultation Form: All clients must complete a consultation form, so that I have a full understanding of your medical and health history. I need this for insurance reasons, but it is also to check that it is safe to treat you and for me to understand how best I can help you.
Treatment Records: These are my notes detailing what I have found during my assessment of you and how you felt immediately after that treatment.
Storage of your Personal Data:
It is a condition of my Insurance Policy to take and retain client records for at least 7 years following the last occasion on which treatment was given. In the case of treatment to minors, records shall be kept for 7 years after they reach the age of 18.
I may need to share your data with authorised legal, regulatory and insurance authorities, if required to defend myself. This will be the professional membership body I am registered with and the insurance company I hold my professional indemnity insurance with.
After 7 years following the last occasion on which treatment was given, I will destroy all of your records by shredding them.
NB: All Consultation forms and Treatment records are kept in a secure filing cabinet within my clinic. I am the only person with access to these records and I will take all appropriate steps to protect the confidentiality, integrity, availability and authenticity of your data.
Your Individual Rights under the Data Protection Act 2018, you have:
the right of access to your personal data
the right to object to the processing of your personal data
the right to restrict the processing of your personal data
the right to rectification of your personal data
the right to erasure of your personal data
the right to data portability (to receive a copy of your personal data)
My Rights:
In exercising your Individual Rights, you should understand that in some situations I may be unable to fully meet your request, for example if you make a request for me to delete all your personal data, I may be required to retain some data for taxation, legal, regulatory and insurance purposes.
You should understand that when exercising your rights, a substantial public or vital interest may take precedence over any request you make. In addition, where these interests apply, we are required by law to grant access to this data for law enforcement, legal and/or health related matters.
Complaints:
If you are dissatisfied with the way in which I process your personal data, you have the right to complain to the UK’s Data Protection Supervisory Authority, the Information Commissioner’s Office (ICO). The ICO may be contacted via its website which is https://ico.org.uk/concerns , by live chat or by calling their helpline on 0792 609 4542.
How to contact me:
If you have any questions regarding the use of your data and your Individual Rights, please contact me via the enquiry section of my website.
Thank you.