Privacy Policy for Bright Osteopathy

This privacy notice outlines how Bright Osteopathy uses and protects any information that you give to Bright Osteopathy when you visit this website. Here at Bright Osteopathy we are committed to ensuring that your privacy is protected. Please take the time to read this privacy policy carefully as it contains important information about we use your personal data. When consulting with osteopaths at the practice, you will be asked for personal information. Please read below to find out what data we store, why we store it and and how we process it.

Use of Our Website

We are committed to safeguarding the privacy of our website visitors.

If you visited this site via a Google advert, then our Google AdWords application may store information regarding your search keywords, IP address and geographical location, but does not store any personal identifying information about you. Bright Osteopathy does not store or process the Google AdWords data, and does not pass it on to any 3rd party.

Our website does use cookies, which is a string of information that a website stores on a visitors computer and that the visitors browser provides to the website each time the visitor returns. WordPress.org uses cookies to help Bright Osteopathy to identify and track visitors and their website access preferences. Bright Osteopathy website visitors who do not wish to have cookies placed on their computers should set their browsers to refuse cookies before using our website.

We will obtain your personal data: your name, email, telephone number when you fill in our contact form. If you volunteer your personal data by completing our contact form we will use it to get in touch with you in order to respond to your query.

We do not store nor process any such information and we do not pass it on to any 3rd party.

How We Use Your Personal Data at Bright Osteopathy

Medical Records

For the purposes of providing osteopathic treatment, the osteopaths at Bright Osteopathy require detailed medical information. We have a legal obligation to maintain medical notes relating to your treatment, including associated correspondence such as referral letters and reports.We will only collect what is relevant and necessary for your treatment. We require your name, address and date of birth to identify your records correctly. When you visit our practice, we will make notes which may include details concerning your medication, treatment and other issues affecting your health. This data is always held securely, is not shared with anyone not involved in your treatment, although for data storage purposes it may be handled by pre-vetted staff who have all signed an integrity and confidentiality agreement. To be able to process your personal data it is a condition of any treatment that you give your explicit consent to allow Bright Osteopathy to document and process your personal medical data. Contact details provided by you such as telephone numbers, email addresses, postal addresses may be used to remind you of future appointments and provide reports or other information concerning your treatment. As part of our obligations as primary healthcare practitioners there may be circumstances related to your treatment, on-going care or medical diagnosis that will require the sharing of your medical records with other healthcare practitioners e.g GPs, consultants, surgeons and/or medical insurance companies. Where this is required we will always inform you first unless we are under a legal obligation to comply.

Your medical records are stored on paper in a locked filing cabinet and/or electronically, using a specialist medical records service. These are only accessible by osteopaths at Bright Osteopathy. They are not passed on to any 3rd party, except; other healthcare professionals, another osteopath at Bright Osteopathy or if you should relocate or if ownership of this practice changes, your insurance company or legal representative in the case of a medico-legal investigation. We would not do so without your consent.

Your records are stored electronically, using a specialist medical records service. The provider has given us their assurances that they are fully compliant with the General Data Protection Regulations. Access to this data is password protected and the passwords are changed regularly.

We are required by law to keep your medical records for 8years after your most recent appointment (or age 25: records concerning minors who have received treatment will be retained until the child has reached the age of 25.) but after this period you can ask us to deletes your records should you wish. Otherwise, we will retain your records indefinitely in order that we can provide you with the best possible care should you need to see us at any point in the future.

You many request a copy of your records, free of charge, at any time. We aim to do so with in 10 working days, which will comply with the statutory maximum of 30days.

Contacting You

Provided we have your consent, we would like to contact you via SMS message, email or Whatsapp to confirm your appointments, send reminder messages 24-48hours prior to your appointment, or with information and advice relating directly to your appointment. Under the GDPR, this is known at Legitimate Interest.

We may also contact you occasionally with information (e.g. newsletters) that you may find of interest regarding our services or with requests for feedback. We would seek your consent prior to doing so, but if you would prefer not to receive any direct marketing communications, you may subsequently withdraw your consent at any time. This also constitutes Legitimate Interest under GDPR.

Disclosure

Osteopaths will keep your personal information safe and secure, only staff engaged in providing your treatment will have access to your patient records, although our administration team will have access to your contact details so that they can make appointments and manage your account. Osteopaths will not disclose your Personal Information unless compelled to, in order to meet legal obligations, regulations or valid governmental requests. The practice may also enforce its Terms and Conditions, including investigating potential violations of its Terms and Conditions to detect, prevent or mitigate fraud or security or technical issues; or to protect against imminent harm to the rights, property or safety of its staff.

Your Rights as a Data Subject

At any point whilst Bright Osteopathy are in possession of, or processing your personal data, all data subjects have the following rights:

Right of access – you have the right to request a copy of the information that we hold about you.

Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.

Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.

Right to restriction of processing – where certain conditions apply you have a right to restrict the processing.

Right of portability – you have the right to have the data we hold about you transferred to another organisation.

Right to object – you have the right to object to certain types of processing such as direct marketing.

Right to object to automated processing, including profiling – you also have the right not to be subject to the legal effects of automated processing or profiling.

In the event that Bright Osteopathy refuses your request under rights of access, we will provide you with a reason as to why, which you have the right to legally challenge. At your request Bright Osteopathy can confirm what information it holds about you and how it is processed.

You can request the following information:

Identity and the contact details of the person or organisation (Bright Osteopathy) that has determined how and why to process your data.

Contact details of the data protection officer, where applicable.

The purpose of the processing as well as the legal basis for processing.

If the processing is based on the legitimate interests of Bright Osteopathy and information about these interests.

The categories of personal data collected, stored and processed.

Recipient(s) or categories of recipients that the data is/will be disclosed to.

How long the data will be stored.

Details of your rights to correct, erasure, restrict or object to such processing.

Information about your right to withdraw consent at any time.

How to lodge a complaint with the supervisory authority (ICO).

Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and the possible consequences of failing to provide such data.

The source of personal data if it wasn’t collected directly from you.

Any details and information of automated decision making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing.

To access what personal data is held, identification will be required

Bright Osteopathy will accept the following forms of identification (ID) when information on your personal data is requested: a copy of your driving licence, passport, birth certificate and a utility bill not older than three months. A minimum of one piece of photographic ID listed above and a supporting document is required. If Bright Osteopathy is dissatisfied with the quality, further information may be sought before personal data can be released. All requests should be made to info@brightosteopathy.org or by phoning 01273 732740 or writing to us at the address further below.

Complaints

In the event that you wish to make a complaint about how your personal data is being processed by Bright Osteopathy you have the right to complain to us. If you do not get a response within 30 days, you can complain to the ICO – please see the details below.

The details for each of these contacts are:

Carla-Maria Hole is the Data Protection Officer for Bright Osteopathy.

Telephone 01273 732740 / 07506 712114 or email: info@brightosteopathy.org

ICO

Wycliffe House, Water Lane, Wilmslow, SK9 5AF Telephone +44 (0) 303 123 1113 or email: https://ico.org.uk/global/contact-us/email/

If you have any questions about this privacy policy or our treatment of your personal data, please contact Bright Osteopathy on the details listed above or write to us by post to:

Bright Osteopathy, Clinic 33, 39B Salisbury Road, Hove, BN33AA.