Privacy Policy for New and Existing Patients
Falcon Chiropractic Ltd respects your privacy and is committed to protecting your personal data. Our privacy notice below will inform you as to how we look after your personal data and inform you about your privacy rights and how the law protects you.
The Falcon Chiropractic Clinic under GDPR is classed as a Data Controller. Under the Chiropractors Act 1994, we are required to collect personal and sensitive data as an essential part of our patient care.
Falcon Chiropractic is committed to your Data Protection:
· We recognise that your privacy is important and that we have a responsibility to you when handling your personal data.
· We only use your personal data to perform our role as Chiropractors.
· We constantly review and have taken appropriate steps to put adequate technical measures in place to protect your personal data against misuse.
· We will never provide your personal data to third parties for their marketing purposes.
· If we plan to make substantial changes to the way we use your personal data or the personal data we collect, we will undertake a Data Protection Impact Assessment in accordance with the ICO’s guidance.
· We will ensure your personal data is used according to the principles set out in the GDPR and the DPA unless an exemption applies.
THE DATA WE COLLECT ABOUT YOU
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We may collect, use, store and transfer different kinds of personal data about you. These are categorised as:
Identity Data includes title, first name, last name, date of birth and gender.
Contact Data includes email address, home address, billing address and telephone numbers.
Special Category Data includes information about your health, genetics, sex life, sexual orientation, race, ethnic origin and religion.
Financial Data includes bank account and payment card details.
Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
RETAINING YOUR PERSONAL DATA
All electronic information is cloud-based, encrypted in transit, and accessed only by a two factor/password-protected authentication. Only the practice personnel have access to this data. Clinic filing cabinets are securely locked at all times and only unlocked when retrieving data. We will be required to retain your personal data for a minimum of 8 years. This is from the date of your last appointment with us. After the 8 year period of the archive is over, we will legally dispose of your personal data.
YOUR RIGHTS
You may request a copy of your data held by us at any time. If you believe any of the personal data we hold on record is inaccurate or incomplete, please contact the clinic directly and any necessary corrections to your data will be made. If you would like to request the erasure of your data, (subject to our 8 year retention period) please contact the practice.
DATA BREACHES
Should your personal data that we control be lost, stolen or otherwise breached, where this constitutes a high risk to your rights and freedoms, we will contact you without delay. We will explain to you the nature of the breach and the steps we are taking to deal with it.
COMPLAINTS
If for any reason you are unhappy with how we control and process your personal information. Please contact us immediately. Our Data Controller will be happy to discuss and action any points you may have. You also have the right to contact the Information Commissioners Office (ICO) via their website: www.ico.org.uk should you wish to make a complaint about the way we are processing your personal data.