Privacy Policy for Bright Osteopathy
This privacy notice outlines how Bright Osteopathy uses and protects any information that you give us. We are committed to ensuring that your privacy is protected. Please read this policy carefully as it contains important information about how we use your personal data.
Use of Our Website
We are committed to safeguarding the privacy of our website visitors.
- Google AdWords: If you visited this site via a Google advert, our Google AdWords application may store information regarding your search keywords, IP address, and geographical location. It does not store identifying personal information. Bright Osteopathy does not store or process this data, nor pass it to 3rd parties.
- Cookies: Our website uses cookies to help identify and track visitors and their access preferences. Visitors who do not wish to have cookies placed on their computers should set their browsers to refuse cookies before using our website.
- Contact Forms: We obtain your name, email, and telephone number when you fill in our contact form. We use this data solely to respond to your query.
How We Use Your Personal Data
Lawful Basis for Processing
To comply with the Data (Use and Access) Act and UK GDPR, we process your data under the following legal grounds:
- Contract & Legitimate Interest: For your contact details, appointment management, and reminders.
- Legal Obligation: For your medical records. As primary healthcare practitioners, we have a statutory duty under the Osteopaths Act 1993 to maintain accurate clinical records.
- Special Category Data Condition: We process your sensitive health data under the specific condition for the provision of health or social care.
Medical Records
For the purposes of providing osteopathic treatment, we require detailed medical information. We will only collect what is relevant and necessary for your treatment.
- Storage: Your records are stored electronically using a specialist medical records service that is fully compliant with UK data protection laws. Electronic access is password-protected.
- Disclosure: Your medical records are not shared with 3rd parties except for those involved in your direct care (e.g., GPs, consultants, or other Bright Osteopathy practitioners), or if required for medical insurance/legal claims. We will always inform you before sharing records unless we are under a specific legal obligation to comply with a governmental request.
Retention Periods
We are required by law to keep your medical records for a minimum period:
- Adults: 8 years after your most recent appointment.
- Minors: Until the child reaches the age of 25. After this period, you may request that we delete your records. Otherwise, we retain them indefinitely to provide the best possible longitudinal care.
Contacting You
- Clinical Communications: We use Legitimate Interest to contact you via SMS, email, or WhatsApp to confirm appointments or send reminders 24–48 hours prior to your visit.
- Marketing: We will only contact you with newsletters or feedback requests if we have your explicit Consent. You may withdraw this consent at any time.
Your Rights as a Data Subject
You have the following rights regarding your data:
- Right of Access: You may request a copy of your records at any time, free of charge. We aim to provide these within 10 working days, complying with the statutory maximum of 30 days.
- Right of Rectification: You may correct inaccurate or incomplete data.
- Right to be Forgotten/Restriction: In certain circumstances, you can ask for data erasure or restricted processing (subject to our 8-year legal retention obligation).
- Identification: To access your data, we require one piece of photographic ID (Passport/Driving Licence) and one supporting document (Utility bill under 3 months old).
Complaints
If you wish to make a complaint about how your personal data is being processed by Bright Osteopathy, you have the right to lodge a complaint directly with us.
- Internal Resolution: Please contact us at info@brightosteopathy.org, call 01273 732740, or write to our practice address. We will formally acknowledge your complaint within 30 calendar days and investigate the matter without undue delay.
- Escalation: If you are dissatisfied with our response, you have the right to lodge a complaint with the Information Commission (the UK supervisory authority).