Annabel James, Chiropractic Clinic Privacy Policy
(Last reviewed: August 2024)
What does this Privacy Policy explain?
This privacy policy explains what data we hold and process when you make enquiries to Annabel James, Chiropractic Clinic (AJCC) or become a patient of the clinic It also outlines the reasons for holding this data, how it is held securely and shows the clinic’s compliance with the General Data Protection Regulation (GDPR), the Data Protection Act (2018),and other UK data protection legislation.
Our contact details
Name: Annabel James, Chiropractic Clinic (AJCC)
Address: Oxford
Phone Number: 07970 967774
E-mail: annabel@oxfordchiropractor.com
Website: www.oxfordchiropractor.com
The type of personal information we collect
We currently collect and process the following information:
- Personal identifiers, such as but not limited to: first name, last name, date of birth, gender, cookies and data usage.
- Identity data, such as but not limited to: contact telephone numbers, postal addresses, e-mail addresses.
- Special category data, such as but not limited to: detailed information about your current health status, medical history, details of appointment dates and times, genetics, sexual orientation, race, ethnic origin, religion, details regarding any medical insurance you may hold, details of your GP and other health care professionals you have consulted.
- Financial data, including but not limited to: bank account and payment card details.
- Transaction data, including but not limited to: payments that you have made to AJCC.
- Aggregated data: This is data that we collect verbally, in written form and electronically via e-mail and our website that is not defined as personal data as it does not directly reveal your identity. It is used by us to for statistical purposes and to analysis patient experience in the clinic (e.g. appointments attended, how you heard about the clinic). This aggregated data used with the personal data that we hold could identify you. This privacy policy, therefore, also covers this form of combined data.
How we get your personal information and why we have it
Most of the personal information we process is provided to us directly by you by telephone, telehealth consultations, completion of online forms, e-mail and face to face appointments. Examples of other sources, which are indirect, include solicitors, insurance companies and other professionals who refer you to the clinic for treatment.
We use the information that you have given us in order to:
- provide the highest level of chiropractic health care that we can.
- fulfil our legal obligations.
- provide you with the services or information that you have requested.
- keep a record of your relationship with us.
- send you correspondence and communicate with you.
- protect your vital interests.
- respond to or fulfil any requests, complaints or queries that you may have.
- share your data with other parts of the health system such as local hospitals, GPs, social workers, and other health and care professionals, if required or if you consent.
- understand how we can improve our services or information.
- generate reports on our work and service.
- safeguard ourselves.
Our legal basis for processing personal data
By law, we need a legal basis for processing the personal data of a client. We will process your data using the legal basis of consent, legal obligation, vital interests and legitimate interests.
Consent
Consent is given where we ask you for permission to use your information in a specific way and you agree to this. You have the right to withdraw your consent at any time. This can be done by contacting us via the details at the start of this document.
Legal obligation and public interest
We have a basis to use your personal information where we need to do so to comply with one of our legal or regulatory obligations. For example, in some cases we may need to share your information with other health care providers or the police, if there is a safeguarding issue.
Vital interests
We have a basis to use your personal information where it is necessary for us to protect life or health. For example, there may be a safeguarding issue which requires us to share information with emergency services, the police or social care.
Legitimate interests
We have a basis to use your personal information if it is reasonably necessary for us to do so and in our “legitimate interests” (provided that what the information is used for is fair and does not unduly impact your rights). For example, we have a legitimate interest to keep your personal data on our systems in order to keep it secure, process it and to provide you with a service. We only rely on legitimate interests where we have considered any potential impact on you, whether or not our processing is excessive and that our processing does not override your right
How we store your personal data
Paper versions of notes and other documents containing personal data are held in a limited access locked storage area at the clinic, 30 Beaumont Street, Oxford, OX1 2NY. Electronic versions of notes and other documents containing personal data are held using the software provider Cliniko. They hold all the saved data in secure servers based only in the UK.
How long we hold your personal data
We will keep your personal data for as long as you are using our services and for a period of 8 years after cessation of this. In the case of those under 18 when first attending for care data will be kept until they are 25 years of age. We keep your data as you may need on-going care or access to your records in the future.
After this time paper files will be shredding and securely disposed of, and electronic files will be permanently deleted from the Cliniko software.
Who we may share data with
Subject to our legal basis and your informed consent, we may share data with:
- Other parts of the health system such as local hospitals, GPs and other health and care professionals
- Other professionals such as solicitors or insurers, upon your request
- Organisations we have a legal obligation to share information with for safeguarding purposes
- The courts, police or other law enforcement agencies if we must by law, court order or at your request
- Our legal advisors and consultants
- Our regulators (The General Chiropractic Council, The Royal College of Chiropractors, The McTimoney Chiropractic Association, The Alliance of UK Chiropractors)
- Our insurance providers (Balens Insurance Limited)
- Our software providers, Cliniko.
We do not transfer any personal data we hold out of the EU or EEA.
Your data protection rights
Under data protection law, you have rights including:
Your right of access: You have the right to ask us for copies of your personal information.
Your right to rectification: You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure: You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing: You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Your right to object to processing: You have the the right to object to the processing of your personal information in certain circumstances.
Your right to data portability: You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Please contact us at by e-mail, annabel@oxfordchiropractor.com, if you wish to make a request.
How to complain
If you have a complaint or concern about the way we are collecting or using your personal data, please raise this with us in the first instance, by contacting:
Annabel James
annabel@oxfordchiropractor.com
07970 967774
You can also raise your complaint or concern to the Information Commissioner’s Office (ICO):
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk
This privacy policy will be periodically reviewed and updated to reflect changes in legislation or other privacy practices.