Business privacy policy

This privacy policy sets out how Healing The Whole You uses and protects any information that you give Healing The Whole You when you use this website.

Healing The Whole You is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this privacy statement.

Healing The Whole You may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective from 01 February 2016

What we collect

We may collect the following information:

• name and job title
• contact information including email address
• demographic information such as postcode, preferences and interests
• other information relevant to customer surveys and/or offers

What we do with the information we gather

We require this information to understand your needs and provide you with a better service, and in particular for the following reasons:

• Internal record keeping.
• We may use the information to improve our products and services.
• We may periodically send promotional emails about new products, special offers or other information which we think you may find interesting using the email address which you have provide
• From time to time, we may also use your information to contact you for market research purposes. We may contact you by email, phone, fax or mail. We may use the information to customise the website according to your interests.

Security

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

Links to other websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

Controlling your personal information

You may choose to restrict the collection or use of your personal information in the following ways:

• whenever you are asked to fill in a form on the website, look for the box that you can click to indicate that you do not want the information to be used by anybody for direct marketing purposes
• if you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by writing to or emailing us at info@healingthewholeyou.co.uk

We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so. We may use your personal information to send you promotional information about third parties which we think you may find interesting if you tell us that you wish this to happen.

You may request details of personal information which we hold about you under the Data Protection Act 1998. A small fee will be payable. If you would like a copy of the information held on you please write to Healing The Whole You, Acupuncture in Reading, Berkshire & Basingstoke, Hampshire.

If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible, at the above address. We will promptly correct any information found to be incorrect.

Personal Data Policy

Nature of personal data

Type of personal data

Purposes for processing (collecting/having/using etc.)

Most likely lawful basis and Article 9 condition (if special category personal data)

1. Patients/prospective patients’ contact details - name, address, telephone number, email address

Personal data

necessary to make or rearrange appointments

 

  1. a)Legitimate interests 

  2. b)Consent 

2. Permanent attendance register which records all patients attending your clinic

Personal data

  1. a)Necessary to keep a record of when the patient was treated in the event of a criminal prosecution, civil action, insurance claim or complaint  

  2. b)Necessary as a record for tax purposes  

  1. a)Legitimate interests 

  2. b)Necessary for compliance with a legal obligation to which the controller (you) is subject 

3. Patient’s date of birth

Personal data

  1. a)Necessary to help identify patients with the same name to avoid mistakes being made as to safe and appropriate treatment  

  2. b)Necessary if referring patient to another health practitioner 

  3. c)Necessary if writing to registered medical practitioner so that they correctly identify patient 

 

  1. a)Legitimate interests 

  2. b)Legitimate interests 

  3. c)Legitimate interests 

4. Presenting complaint and symptoms reported by the patient

Special category

Necessary for full traditional diagnosis, treatment strategy and treatment planning

Legitimate interests and

processing is necessary for the purposes preventative medicine, medical diagnosis, the provision of health treatment pursuant to contract with a health professional and

the data is processed by the professional subject to the obligation of professional secrecy under EU or UK law

5. Relevant medical and family history

Special category

Necessary for full traditional diagnosis, treatment strategy and treatment planning

Legitimate interests and

processing is necessary for the purposes preventative medicine, medical diagnosis, the provision of health treatment pursuant to contract with a health professional and

the data is processed by the professional subject to the obligation of professional secrecy under EU or UK law

6. GP’s name and address

Personal data

Necessary in the event that you need to contact a patient’s GP including in an emergency

Legitimate interests

7. Your clinical findings

Special category

Necessary for full traditional diagnosis, treatment strategy and treatment planning

Legitimate interests and

processing is necessary for the purposes preventative medicine, medical diagnosis, the provision of health treatment pursuant to contract with a health professional and

the data is processed by the professional subject to the obligation of professional secrecy under EU or UK law

8. Any treatment given and details of progress of the case, including reviews of treatment planning

Special category

a) Necessary when reviewing diagnosis, treatment strategy and planning.

b) Necessary in the event of criminal proceedings, a civil claim, an insurance claim or complaint. 

a) Legitimate interests and

processing is necessary for the purposes preventative medicine, medical diagnosis, the provision of health treatment pursuant to contract with a health professional and

the data is processed by the professional subject to the obligation of professional secrecy under EU or UK law.

b) Legitimate interests and

processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity.

9. Any information and advice that you give, especially when referring the patient to any other health professional

Special category

Necessary in the event of criminal proceedings, a civil claim, an insurance claim or complaint. 

Legitimate interests and

processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity.

10. Any decisions made in conjunction with the patient

Special category

Necessary in the event of criminal proceedings, a civil claim, an insurance claim or complaint. 

Legitimate interests and

processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity.

11. Accident records for patients, practitioner and staff (if any)

Special category

Necessary to comply with UK accident reporting legislation (RIDDOR)

Necessary for compliance with a legal obligation to which the controller (you) is subject

and

processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller (you) or of the data subject (the patient/employee/injured person) in the field of employment and social security and social protection law in so far as it is authorised by EU or UK law.

12. Adverse incident reports if they identify the patient rather than being completed anonymously

Special category if they contain details of the patient’s health, sex life, sexual orientation, racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership

Necessary for helping the BAcC to develop its safe practice guidelines, as well as providing research data and information for the BAcC’s insurers and other interested parties.

Probably:

Legitimate interests

and

processing is necessary for reasons of ensuring high standards of quality and safety of health care and of medicinal products or medical devices, on the basis of EU or UK law which provides for suitable and specific measures to safeguard the rights and freedoms of the data subject (the patient), in particular professional secrecy

13. Records of the patient’s consent to treatment, or the consent of their next-of-kin

Special category

Necessary to prove that the patient (and/or parent/guardian/next of kin) has given informed consent to treatment in the event of a civil claim, criminal proceedings, insurance claim or complaint.

Legitimate interests

and

processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity.

 

14. Website cookies if your website is set up to collect such data from users of your website

Personal data

To improve user experience of your website by enabling your website to 'remember' users, either for the duration of their visit - using a 'session cookie' - or for repeat visits - using a 'persistent cookie'.

Consent

15. Emails/online enquiries received from patients, prospective patients and third parties

Usually personal data

May contain special category data if email contains details of the individual’s health, sex life, sexual orientation, racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership

This depends what data you collect from patients and prospective patients and why.

a) I understand that some practitioners ask their patients to return pre- 1st appointment questionnaires asking about medical conditions and medication (if so, please see answer 4 above).

b) Other practitioners only use emails and online enquiry forms to collect patients and prospective patients’ contact details for arranging appointments (if so, please see answer 1 above).

a) Please see answer 4 above.

b) Please see answer 1 above.

 

   Copyright © 2005 - 2018 Eic Content Management System Version 6.0 from Edge Impact Websites www.edgeimpact.co.uk