The Parker Clinic is registered with the Information Commissioner's Office (ICO) and complies with the guidelines set out by the General Chiropractic Council as well the Data Protection Act 2018, which includes the General Data Protection Regulation (GDPR).
Basis for Processing Data
When you supply your personal details to the clinic, they are stored and processed for 4 reasons:
1. We need to collect personal information about your health in order to provide you with the best possible treatment. Your requesting treatment and our agreement to provide that care constitutes what the law calls a "Contract".
2. We have what is termed a "Legitimate Interest" in collecting that information, because without it we could not do our job effectively and safely.
3. We also think that it is important that we can contact you in order to confirm your appointments with us or to update you on matters related to your medical care. This again constitutes "Legitimate Interest", but this time it is your legitimate interest.
4. Consistent with our role as healthcare professionals, we may occasionally send you general health information in the form of articles, advice or newsletters. This again falls under the category of "Legitimate Interest".
Record Retention & Storage of Data
We have a legal obligation to retain your records for 8 years after your most recent appointment (or age 25, if this is longer), but after this period you can ask us to delete your records if you wish. Otherwise, we will retain your records indefinitely in order that we can provide you with the best possible care should you see us at some future date (or need us to transfer your records to someone else). Your records are stored electronically on a secure server which is backed up regularly. Access to all data is password protected. Any paper documents are scanned onto our system before being securely shredded.
Access to Data
We will never share your data with anyone who does not need access without your written consent. The only people who will have routine access to your data are your practitioner(s), in order that they can provide you with treatment, and our reception staff, who organise appointments and reminders, and can act as an intermediary between you and your practitioner(s).
It is good practice to liaise with other healthcare professionals, but we will seek separate consent for your permission to write to your GP, or to communicate with any other healthcare professional(s).
We use Care Response to monitor the progress of your treatment and limited information will be stored on their server. Your name and email address may be stored on the Mailchimp server (or similar) that we sometimes use to coordinate messages. Your data is also backed-up on the secure server of an external data management organisation. In all these circumstances, we ensure that outside agencies are compliant with the data protection regulations and are fully aware that all information is confidential. Although we have card payment facilities, we do not retain any card or other personal payment details.
You have the right to see what personal data of yours we hold, and you can also ask us to correct any factual errors. Provided the legal minimum period has elapsed, you can ask us to erase your records.
We want you to be absolutely confident that we are treating your personal data responsibly, and that we are doing everything we can to make sure that the only people who can access that data have a genuine need to do so. Of course, if you feel that we are mishandling your personal data in some way, you have a right to complain. Our Clinic Partner, Katriona Heaslip, is responsible for data protection, and can be contacted at the clinic by any of the usual methods, or by email at firstname.lastname@example.org .