My practice complies with its obligations under the Data Protection Act 2018, which includes the General Data Protection Regulation (GDPR) by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate measures are in place to protect personal data. Your personal data is used for the purposes set out below.
Why your data is collected and what do I do with it
I have a legitimate interest in collecting information about your health to provide you with the best possible treatment. Without this information I would not be able to do my job.
Your request for treatment and my agreement to provide it constitutes a contract. You can refuse to provide the information, but if you were to do so, I would not be able to provide treatment.
I need to be able to contact you about your appointments and treatment, which is in your legitimate interest.
I do not share your information with any third parties, nor do I use it for marketing purposes.
Your records are stored on paper in a locked filing cabinet in my office and I am the only one who has access to it. The office is always locked when unattended. I do not use electronic files. I have a legal obligation to retain your records for seven years in compliance with the British Acupuncture Council’s regulations.
You have to right to see what personal data of yours is held and to request the correction of any factual errors.
If you feel that your data has been mishandled in any way, you have the right to complain to me in writing by email to [email protected]
If you are not satisfied with the response, then you have the right to raise the issue with the Information Commissioner’s Office(ICO). Further details: ICO.org.uk