Date: May 01 2018
Next Review Date: May 01 2019
Author: Sandie Ennis
Who are we?
In this document, “we”, “our”, or “us” refer to Sandie Ennis T/A Osteopathy in Dulwich/Pilates in Dulwich. We provide healthcare advice and treatment, movement therapy and exercise rehabilitation services in the UK.
This Policy explains when and why we collect personal information, how we use it, the conditions under which we may disclose it to others and what choices you have. It relates to all our business activities, not just this website.
How do we collect information from you?
• We obtain information about you when you contact us about our services.
• We also collect information from you if you leave a comment on our blog or fill in our feedback or help forms.
• We collect information about you when you complete an online appointment booking or make a booking by phone, email or message.
• We collect medical information during your appointments.
What information do we collect & how is it used?
We collect information to respond to enquiries. We also collect information to allow us to fulfil our obligations to our patients – to fulfil appointments and to make a thorough assessment and diagnosis and keep a record of diagnostic reasoning and treatment. We also collect your information if you leave a comment on our blog. The section 3.3 below outlines what information we collect, and for what purpose.
Medical data is classified as Special Category Data. Our condition for processing this data is to fulfil our healthcare services. This is condition Article 9 2(h).
We do not gather other sensitive personal data (e.g. political opinions, religious or philosophical beliefs, trade union membership, sexual orientation, and criminal convictions). We expressly request that you do not provide any such sensitive data to us unless relevant to your health and wellbeing.
We will not sell or rent your information to third parties.
We will not share your information with third parties for marketing purposes.
We may pass your information to third party service providers who we have engaged to provide services to you on our behalf (for example, we may provide your contact details to your GP or other services in an emergency situation). We disclose only the personal information that is necessary to deliver the service.
We also use some 3rd party services to help us fulfil our contractual obligations. These 3rd party services are listed below; we have verified that these 3rd party services are GDPR compliant (or are working towards GDPR compliance), and are certified under the EU-US Privacy Shield Framework (or are working towards certification) where these organisations are based outside of the EU.
Your data will not be shared without your consent unless there is a legal requirement to do so.
Controlling your information
Updating or correcting your information. The accuracy of your information is important to us. If you change email address, or any of the other information we hold is inaccurate or out of date, please contact us so we may correct our records.
Access to your own information
At any time you may review or update personally identifiable information that we hold about you, by signing in to your account on our website.
To obtain a copy of any information that is not provided on our website you may send us a request by email. After receiving the request, we will tell you when we expect to provide you with the information, and whether we require additional information.
Deleting your information
You have the right to request erasure of your personal information. Unless there is a compelling reason for the data not to be erased (for example, if we need to use that data to fulfil our contractual or legal obligations), your personal data will be deleted on request.
We are unable to delete all the data we hold about you, as we have a legal obligation to keep the notes for adults for 8 years, and for children until they are 25 years old. After this time we will delete your record so if you come to the clinic again, we will start a new record.
Website Privacy: Cookies
The cookies we use are ‘1st party’ cookies. We don’t use any ’3rd party’ cookies (these are often used to track behaviour across a range of websites, so targeted advertising can then be applied. We don’t do this!!). The following list outlines exactly what cookies this website uses, and what they are used for:
Google Analytics sets cookies to help us accurately estimate the number of visitors to the website and what content is most popular. This helps to ensure that our website is responding to your needs in the best way possible. Google Analytics sets the following cookies:
__utma (Expiry: 2 years)
__utmb (Expiry: 30 minutes)
__utmc (Expiry: At the end of a session)
__utmz (Expiry: 6 months)
We use a technology called ‘Adaptive Images’ to display appropriately sized images across all screen sizes. This sets a cookie to store your screen size:
Use of site by children
We do not sell products or provide services for purchase by children, nor do we market to children.
If you are under 16, you may use our website only with consent from a parent or guardian. We collect data about all users of and visitors to these areas regardless of age, and we anticipate that some of those users and visitors will be children.
Such child users and visitors will inevitably visit other parts of the site and will be subject to whatever on-site marketing they find, wherever they visit.
We take security seriously. To protect your information from loss, misuse or unauthorised access or disclosure, we have put in place suitable and reasonable physical, electronic, procedural procedures to safeguard and secure the information we collect against loss or unauthorised access, use, modification, or deletion. These steps include the following:
• Data minimisation
• Password best practice
• Security best practice concerning devices (PCs, laptops, mobile devices), online accounts, website hosting, physical access and storage
• Staff training and accountability on data protection
However, no security programme is foolproof, and thus we cannot guarantee the absolute security of your personal or other information.
Our Data Security Policy includes a transparent process for handling a personal data breach, should one occur. Where appropriate, we will promptly notify you of any unauthorised access to your personal information.
If you wish to raise a complaint on how we have handled your personal information, you can contact us directly. If you are not satisfied with our response or believe we are processing your personal information, not by the law, you can complain to the Information Commissioner’s Office (ICO).
Compliance with the law
Changes to this Policy
We reserve the right to amend this policy at any time and will post all changes to this policy on our websites, so you should review the policy periodically. Any such amendments to this policy may apply to information we collect in the future as well as any information we obtained before such amendment. If we make a material change to this policy, we will provide appropriate notice as required by law. By using our services, you agree to be bound by this Policy. Any questions regarding this should be sent by email to firstname.lastname@example.org. or email@example.com.