Privacy Notice
When you supply your personal details to this clinic, they are stored and processed for four reasons (the terms in bold refer to definitions in the Data Protection Act 2018, which includes the General Data Protection Regulation – i.e., the law):
-
We need to collect personal information about your health to provide you with the best possible treatment. Your request for treatment and our agreement to provide that care constitutes a contract. You can, of course, refuse to provide the information, but if you choose to do so, we would not be able to provide treatment.
-
We have a Legitimate Interest in collecting that information because, without it, we couldn’t do our job effectively and safely.
-
We also find it essential to contact you to confirm appointments or to update you on matters related to your care. This also constitutes a Legitimate Interest, specifically your interest in receiving care updates.
-
Provided we have your consent, we may occasionally send you general health information in the form of articles, advice, or newsletters. You may withdraw this consent at any time by letting us know through any convenient method.
We are legally required to retain your records for 8 years after your most recent appointment (or until age 25 if this is longer, as per UK health record laws). After this period, you may request that we delete your records if you wish. Otherwise, we will retain them indefinitely to ensure we can provide you with the best possible care should you need to see us in the future.
Your records are stored electronically (“in the cloud”) using a specialist medical records service, Cliniko. This provider has assured us of full compliance with the General Data Protection Regulations.
Access to this data is password-protected, and passwords on our office computers are updated regularly. Please see Cliniko's Security Policy for more details.
We will never share your data with anyone who does not need access without your written consent. Only the following people/agencies will have routine access to your data:
-
The medical records service (Cliniko), which stores and processes our files.
-
Your practitioner(s) to ensure they can provide you with treatment.
-
Our reception staff, who organize practitioner diaries and coordinate appointments and reminders (but do not have access to your medical history or sensitive personal information).
-
Administrative staff, such as our bookkeeper, who will only have access to essential contact details but not medical notes.
-
We may use Mailchimp to coordinate our marketing. If you opted to be added to our marketing list, your name and email address may be saved on their server. Please note that Mailchimp, which may store data internationally, complies with GDPR regulations. If you did not opt-in, you may be added on email request. You can unsubscribe via the link on the latest newsletter.
Occasionally, we may employ consultants for tasks that could grant them access to your personal data (but not your medical notes). We will ensure they are fully aware of their responsibility to maintain confidentiality and will require them to sign a non-disclosure agreement. Tasks may include IT support, systems troubleshooting, or other administrative assistance.
You have the right to view any personal data we hold on you and may ask us to correct any factual errors. Provided the legal minimum period has elapsed, you can also request that we erase your records.
We want you to feel absolutely confident that we are treating your personal data responsibly and doing everything possible to ensure that only those with a genuine need can access it.
If you have any concerns that we are mishandling your data, you have the right to complain.
Complaints should be directed to our Data Controller. Here are the relevant contact details:
Catherine Barber
cbarber@bristol-chiropractic.co.uk
0117 9620100
2 Kellaway Avenue, Bristol BS6 7XR
If you are not satisfied with our response, you have the right to raise the matter with the Information Commissioner’s Office (ICO).