Corby Chiropractic patient privacy statement
Corby Chiropractic is aware of its obligations under the General Data Protection Regulation (GDPR) and is committed to protecting the privacy and security of your personal information. We are legally required, by the Chiropractic regulator, to keep your data for eight years after your time as a patient has ended. We will then dispose of it in a secure manner.
Data protection principles
We will comply with data protection law which says your personal information must be:
processed fairly, lawfully and in a clear, transparent way
collected only for valid reasons and not used in any way that is incompatible with those purposes
only used in the way that we have told you about
accurate and up to date
kept only as long as is necessary
process it in a way that ensures it will not be used for anything that you are not aware of or have consented to (as appropriate), lost or destroyed
Types of information we hold about you
Personal data or information means any information about an individual from which that person can be identified. It does not include data where the identity has been removed.
We hold many types of data about you, including your personal details including your name, address, date of birth, email address, phone numbers, gender, marital status, personal medical or health information, including past medical history, information concerning examination and treatment at your first and subsequent visits and letters of referral to or from the clinic regarding your treatment with us.
Special categories of data
There are "special categories" of more sensitive personal data which require a higher level of protection, such as information about a person's health, genetic data or sexual orientation. We will only use your special category data to ensure the care you receive at the clinic is appropriate to your condition and to determine reasonable adjustments that should be made for access to the clinic or to treatment.
We will process special categories of data when the following applies:
you have given explicit consent to the processing (on our consent form)
we must process the data in order to carry out our legal obligations
we must process data for reasons of substantial public interest
Less commonly, we may process this type of information where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else's interests) and you are not capable of giving your consent, or where you have already made the information public.
As with all cases of seeking consent from you, you will have full control over your decision to give or withhold consent and there will be no consequences where consent is withheld. Consent, once given, may be withdrawn at any time. There will be no consequences where consent is withdrawn.
How we collect your data
We collect data about you in a variety of ways and this will usually start when you make an enquiry to the clinic and continue when you attend your first and subsequent appointments. At this clinic, we keep paper and electronic records. Information we write down on paper may be transferred to our electronic system. We may receive information about you from your GP or other health care provider regarding your referral or, with your permission, additional information that will help us continue with your treatment. We may also hold the results of tests that you have undertaken and that are relevant to your treatment with the clinic.
Why we process your data (How we will use information about you)
The law on data protection allows us to process your data for certain reasons only, these are classified as legitimate interests. Most commonly, we will use your personal information in the following circumstances:
in order for us to carry out our contract with you (your requesting treatment and our agreement to provide it constitutes a contract) which will include confirming appointments, informing you of changes to appointments or clinic arrangements, or services at the clinic.
in order to provide you with the best possible treatment by recording health and treatment information which would be in your best interest.
in order to carry out legally required duties
where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests
We may use your personal information in these rare situations:
where we need to protect your or someone else’s interests
where it is needed in the public interest or for official purposes
If you do not provide your data to us
One of the reasons for processing your data is to allow us to carry out our duties in line with your contract of care with us. If you do not provide us with the data needed to do this, we will be unable to perform that care to ensure your best interests are being maintained. We may also be prevented from continuing with your treatment with us due to our legal obligations.
Change of purpose
We will only use your personal information for the purposes for which we collected it unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Sharing your data
We may share your data with third parties in order to facilitate a referral to another healthcare practitioner, investigation or to keep your GP informed about your progress with treatment
Data Security - Protecting your data
We have put in place measures to protect the security of your information against accidental loss or disclosure, alteration, unauthorised access, destruction or abuse. We have implemented processes to guard against such, including locked filing cabinets for paper notes, and data encryption and password security for electronic information. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
Your duty to inform us of changes
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your time as a patient with us.
Your rights in relation to your data
The law on data protection gives you certain rights in relation to the data we hold on you.
If you want to access your data, review, verify or correct your data, object to the processing of your personal data, withdraw consent or request that we transfer a copy of your personal information to another party, please contact Katharine Clarke in writing.
Making a complaint
If you have any questions about this Privacy Notice or how we handle your information, please contact Katharine Clarke at the address below.
You have the right to make a complaint at any time to the supervisory authority in the UK for data protection matters, the Information Commissioner’s Office (ICO).
Data controller details
Katharine Clarke (trading under Corby Chiropractic) is the data controller and determines the processes to be used when using your personal data. Her contact details are firstname.lastname@example.org
Request an appointment today
Get in touch with Katie at Corby Chiropractic for effective pain relief.