Privacy Policy for New and Existing Patients

PRIVACY POLICY FOR NEW AND EXISTING PATIENTS

Falcon Chiropractic Ltd ("we", "our", "us") respects your privacy and is committed to protecting your personal data. This privacy notice informs you how we look after your personal data when you visit our clinic on Cold Bath Road or use our website, and details your privacy rights under UK law.

1. IMPORTANT INFORMATION AND WHO WE ARE

Falcon Chiropractic Ltd is the Data Controller responsible for your personal data. Under the Chiropractors Act 1994 and the UK GDPR, we are required to collect personal and sensitive health data as an essential part of delivering patient care.

If you have any questions about this privacy notice, please contact our Data Protection Officer at the clinic or via email. You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).

2. THE DATA WE COLLECT ABOUT YOU

We collect, use, store, and transfer different kinds of personal data, categorised as:

  • Identity Data: Title, first name, last name, date of birth, and gender.

  • Contact Data: Billing address, home address, email address, and telephone numbers.

  • Financial & Transaction Data: Bank account, payment card details, and records of services purchased from us.

  • Special Category Data: Explicitly limited to health, medical history, clinical notes, and physical assessment data necessary to perform safe chiropractic treatment. We do not collect any other sensitive personal data.

3. OUR LAWFUL BASIS FOR PROCESSING DATA

We process your data under the following legal frameworks required by the UK GDPR:

  • Contractual Necessity: To register you as a patient and deliver scheduled chiropractic care.

  • Legal Obligation: To maintain accurate medical records as mandated by UK health regulations.

  • Special Category Processing: We process your health data under Article 9(2)(h) of the UK GDPR, which permits the processing of sensitive data for the management of health or social care systems and services.

4. HOW WE RETAIN AND SECURE YOUR DATA

All electronic patient records are cloud-based, encrypted in transit and at rest, and protected by multi-factor authentication (MFA). Physical clinic documentation is kept in securely locked filing suites accessed only by authorized clinical personnel.

  • Retention Period (Adults): We retain adult patient records for a minimum of 8 years following the date of your last appointment.

  • Retention Period (Children): If a patient is a minor, their records are legally retained until their 25th birthday (or 26th birthday if they were 17 when treatment concluded).

  • Once the legal retention period expires, all digital and physical records are securely and permanently destroyed.

5. YOUR LEGAL RIGHTS

Under certain circumstances, you have rights under UK data protection laws, including the right to request access to your personal data, request corrections to inaccurate records, or object to the processing of your data. To exercise any of these rights, please contact the clinic directly.