GDPR Privacy notice
What is a Privacy Notice?
Under new data protection laws, you as a patient of Chirocare Scotland have specific rights. To communicate these rights in a clear and concise manner we have provided you with this privacy notice.
1. How we use your personal information
This notice tells you how Chirocare Scotland ltd. collects information about you and/or your child and how this information may be used. We are Chirocare Scotland. Ltd, 432 A Shields Road, Glasgow G41 1NS tel: 07534 801141 email :- and for the purposes of processing your personal data we are the Controller. We have obtained your personal data directly from you via your new chiropractic treatment and record card forms.
The health care professionals, who provide your care, maintain records about your health and any treatment or care you have received here or previously. These records help provide you with the best possible health care. Our records are electronic and on paper and we use a combination of working practises and technology to ensure your information is kept confidential and secure. Records which this clinic holds about you may include the following information:
Details about you, such as your address, contact details, previous medical history and previous investigations
Any contact with the clinic has had with you, such as appointments, clinics visits, advice given over the phone or email, missed appointments etc
Notes about your and/or your child’s health
Details about your and/or your child’s treatment and care
Relevant information from other health care professionals
Information may be used within the clinic for clinical audit purposes to monitor the quality of the services we provide. All of your information is held securely on our premises and may be used for statistical purposes. Where we do this, we take strict measures to ensure that individual patients cannot be identified. Sometimes your information may be requested for research purposes – in such instances we will always ask your consent before releasing such information.
2. How do we maintain the confidentiality of your records
2.1 We are committed to protecting your privacy. Our lawful basis for collecting and storing this data is contract and we are allowed to use and store your health data as we are a recognised health provider. We will only use information collected lawfully in accordance with:
General Data Protection Rules 2018
Human Rights Act 1998
Common Law Duty of Confidentiality
General Chiropractic Council Code of Conduct
2.2 Every member of staff who works at Chirocare Scotland ltd has a legal obligation to keep information about you confidential
3. Who do we share your information with?
3.1 We only ever pass on information about you to others, if there is a genuine need for it and you have given your consent. This may be your GP, dentist or other health care professionals, a solicitor or for court proceedings.
3.2 We will not disclose any information about you to any third party without your written permission or in case of a child’s information the parental consent, unless there are exceptional circumstances (i.e. Life or death situations) where the law requires information to be passed on and/or in accordance with the Caldecott principles
4. Access to your personal information
4.1 You have a right under the General Data Protection Rules 2018 to request access to view or obtain copies of what information Chirorcare Scotland ltd holds about you and to have it amended should it be inaccurate. In order to request this you need to do the following:
Your request must be made in writing to the clinic
There is no charge for copies of your records
We are required to respond to you within 40 days
You will need to give us proof of name (photo ID) so that your identity can be verified
5. How long we keep your data for
In line with data protection principles we only keep your data for as long as we need it for, which will be at least for the duration your being a patient with us and we are legally required by the Chiropractic regulator, to keep this data for eight years after your last treatment. In the case of children this will be until their 25th birthday.
To determine any appropriate retention period for personal data beyond eight years we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means and the applicable legal requirements. Once we no longer have a lawful use for retaining your information, we will dispose of it in a secure manner that maintains data security.
6. Your Rights in relation to your data
The law on data protection give you certain rights in relation to the data we hold on you.
The right of access. You have the right to access the data that we hold on you. To do so you should make a subject access request either in writing or by email to Chirocare Scotland.
The right for any inaccuracies to be corrected.
The right to be informed. This means that we must tell you how we use your data and this is the purpose of this privacy notice. We must also inform you of any changes in how we use your data.
The right to have your information deleted. You have the right to ask us to delete information from our systems where you believe there is no reason for us to continue processing it.
The right to restrict the processing of the data. For example, if you believe the data we hold is incorrect we will stop processing the data (whilst still holding it) until we have ensured that the data is correct.
The right to portability. You may request the transfer of the data that we hold on you for your own purposes.
7. The Right to withdraw consent
Where you have provided consent to the collection, processing and transfer of your data, you have the right to withdraw that consent at any time. There will be no consequences for withdrawing your consent. However, in some cases, we may continue to use the data were so permitted by having a legitimate legal reason for doing so. For example the General Chiropractic Council rules oblige us to keep your (adult) data for 8 years. To withdraw consent please contact Tracy Naddell.
8.1 Should you have any concerns about how your information is managed at the clinic, please contact the reception staff in the first instance. If you are still unhappy following a review by the clinic owner Tracy Naddell you can then complain to the Information Commissioner’s office via their website (www.ico.gov.uk)
9. Change of Details
9.1 It is important that you tell the person treating you if any of your details such as your name/ address or phone number have changed or if any of your details such as date of birth is incorrect in order for us to correct it.
10. Automated decision making and profiling
We do not use any system which uses automated decision making or profiling in respect of your personal data.
11. Notification & Data Controller
11.1 Tracy Naddell is registered with the Information Commissioner’s Office as the Data Controller for Chirocare Scotland Ltd.