Website privacy & cookies
This document sets out why we collect your personal data and what we do with it.
We are allowed to process your data only if we have a legitimate reason to do so, such as when it is in our joint legitimate interest in order to provide you with treatment, when you consent to it or in order to comply with aspects of the law.
When you supply your personal details to Tolworth Chiropractic, they are stored and processed for the following reasons:
We need to be able to identify you, provide a service and take payments.
We need to collect your personal health related information in order to provide you with treatment. By contacting us and requesting treatment and our agreement to provide you with treatment constitutes a contract. If you were to refuse to provide the information, we would not be able to provide you with any treatment.
We have a legitimate interest in collecting your health information because without this we could not provide you with the level of care or treatment which is specific and tailored to your health or contact you about your health, when needed.
We believe that it is your legitimate interest that we are able to contact you to confirm your appointments with us or to update you on matters related to your care.
We need to collect personal details in order to respond to you when you have provided us with feedback regarding your care and our service.
Marketing or informative communications
Provided we have your consent, we may occasionally send you communications in the form of articles, advice or newsletters/offers, new patients need to expressly opt into marketing preferences.
You can always withdraw your consent to receiving any of our marketing communications. Every communication will give you a clear option to unsubscribe.
Legally, we have an obligation to retain your medical records for anyone up to the age of 25 or for 8 years following your most recent appointment. After this period you have the right to be forgotten and you can ask us to delete your records. Otherwise, your records will be retained indefinitely in case you come back to see us in the future. We would then be in the best position to resume your care.
Storage of data
Patient records are stored on paper files, in locked filing cabinets, in clinics which are always locked out of hours. Your records are also stored electronically, using specialist software for managing our patient base and diary management.
Access to data is password protected, with passwords being changed regularly. Our office computers are password-protected.
Safety & Security
CCTV signs are clearly displayed on all entrances. Audio and Video recording is running in public areas to ensure the safety and security of our premises, our staff and our customers whilst within our clinics; this is in our joint interest. No recordings of any type take place in any treatment areas other than still images for the purpose of postural analysis.
Access to any recordings is limited to only senior management when there is legitimate reasons for viewing it and is secured with passwords.
Other 3rd Parties
MailChimp is the provider we use to coordinate our marketing communication e-mails. Your name and email address will be held on their server. Their processes are compliant with GDPR and their data is not moved outside of the EU/EEA.
Access to your data
We will never share information with anyone who does not need access to your data without your written consent. The only people who will have routine access to your data are:
- Your practitioner in order that they can provide you with care.
- Our reception team, because they manage our patient data, diary systems, assist in the provision of care and prepare files.
- Other staff at head office. This will be limited to Service and Operational Managers only who will only need to access the details if there was a need to do so in the provision of your care. Other administrative staff will not have access to your medical notes, just your essential contact details.
- In the event of illness or holiday, we may need to use locum practitioners to cover. This helps to maintain capacity in our clinics and maintain your level of care whilst your practitioner is off. This will give them access to your personal data and your medical notes which they will need in order to understand your care and provide you with the best level of care whilst your practitioner is off. We enter into contracts with practitioners for locum cover with confidentiality agreements in place to ensure that patient information is treated with the highest levels of care.
We are under an obligation to inform the Information Commissioners Office of any data breeches within 72 hours.
Cookies are small text files that are placed on your computer’s hard drive by your web browser when you visit any website. They allow information gathered on one web page to be stored until it is needed for use on another, allowing a website to provide you with a personalised experience and the website owner with statistics about how you use the website so that it can be improved.
Some cookies may last for a defined period of time, such as one day or until you close your browser. Others last indefinitely.
Your web browser should allow you to delete any you choose. It also should allow you to prevent or limit their use.
If you choose to prevent their use through your browser settings, you will not be able to use all the functionality of our website.
1.1. to track how you use our website
1.2. to record whether you have seen specific messages we display on our website
1.3. to keep you signed in our site
1.4. to record your answers to surveys and questionnaires on our site while you complete them
1.5. to record the conversation thread during a live chat with our support team
- Personal identifiers from your browsing activity
Requests by your web browser to our servers for web pages and other content on our website are recorded.
We record information such as your geographical location, your Internet service provider and your IP address. We also record information about the software you are using to browse our website, such as the type of computer or device and the screen resolution.
We use this information in aggregate to assess the popularity of the webpages on our website and how we perform in providing content to you.
If combined with other information we know about you from previous visits, the data possibly could be used to identify you personally, even if you are not signed in to our website.
You have the right to request the details of your personal data which we hold. You have the right to ask us to update your information if it is not correct and you also have the right to be forgotten, providing that the minimum medical requirements (mentioned above) are adhered to. You can also object to the processing of your data or question the grounds for which we are processing your data under ‘legitimate reasons’.
Concerns or complaints
If you have any concerns or complaints with how we have dealt with your personal data, you have the right to complain. Complaints or any general queries need to be sent to Gopal Handa at firstname.lastname@example.org
Telephone number: 0800 2118256
Or write to us at:
Tolworth Chiropractic, 140 The Broadway, Tolworth, KT6 7HT
If our response is not satisfactory, you have the right to raise the issue with the Information Commissioner’s Office.