Who we are
We are North Beds Osteopaths Ltd, 2a Grange Lane, Bromham, Bedfordshire MK43 8NP, Telephone number 01234 823621, email address firstname.lastname@example.org. For the purposes of processing your personal data we are the Controller. We value your privacy and want you to understand why we collect your personal data and what we do with it.
Why we store your data
When you supply your personal details to this practice they are stored and processed for 4 reasons.
- We need to collect personal information about your health in order to provide you with the best possible treatment. Your requesting treatment and our agreement to provide that care constitutes a contract. You can refuse to provide this information but if you were to do so we would not be able to provide treatment.
- We have a “Legitimate Interest” in collecting that information in order to do our job safely and effectively.
- We think it is important that we can contact you in order to confirm your appointments or to update you on matters related to your care. This constitutes “Legitimate Interest” on your part.
- We may occasionally send you general health information in the form of advice, newsletters or articles. You may withdraw your consent for this at any time – just let us know by emailing email@example.com, by calling us on 01234 823621 or by writing to us at our address at the end of this document.
How long we will keep your data
We have a legal obligation to retain your records for 8 years after your most recent appointment (or until you are aged 25 if this is longer). After this period you can ask us to delete your records if you wish. Otherwise, we may retain your records indefinitely in order that we can provide you with the best possible care should you need to see us at a future date. If you ask us to delete your data, we may not be able to delete all of it for legal reasons but we will not use the data held to contact you.
How your records are stored
- On paper, in locked filing cabinets. Our offices are alarmed and locked out of working hours.
- Electronically using a specialist medical records service. This provider has given us their assurance that they are fully compliant with General Data Protection Regulation. Access to this data is password protected and passwords are changed regularly.
- On our office computers which are password protected and regularly backed up. Our offices are alarmed and locked out of working hours.
Who has access to your information and why
Your information is only shared with other people with your permission (this would usually be other health professionals). Information would be shared without consent under the extremely rare circumstance of a legal order or in cases of serious safety risks.
Access to medical records is restricted to the following people who have signed a Data Protection Agreement:
- Practitioner/s in order that they can provide you with treatment
- Our reception staff in order to organise appointments, file notes and manage your account
In the course of practice, we may need to employ external persons or agencies who may have access to data for the reasons listed below:
- The medical records service who store our files (which is fully GDPR compliant).
- We may use Mailchimp to co-ordinate messages so your name and email may be stored on their server (which is fully GDPR compliant).
- From time to time, we may have to employ consultants to perform tasks that may give them access to your contact details (but not your medical information). We will ensure that they are fully aware that they must treat that information as confidential and we will ensure that they sign a Data Protection Agreement.
You have the right to:
- see what personal data of yours we hold. To make such a request, please contact us in writing or by email at the address shown. Please provide the following information: your name, address, telephone number, email address, proof of identity and details of the information you require.
- ask us to correct any factual errors
- ask for the data we hold about you to be deleted from our records (in certain circumstances)
- request to move the data we hold about you to another organisation
- object to certain types of processing such as marketing. You can opt out of marketing from us at any time by emailing firstname.lastname@example.org
Through agreeing to this privacy notice you are consenting to North Beds Osteopaths processing your personal data for the purposes outlined. You can withdraw consent to us sending you information at any time by emailing email@example.com, by calling us on 01234 823621 or by writing to us at our address at the end of this document.
Should your personal data be lost, stolen or otherwise breached, where this constitutes a high risk to your rights and freedoms, we will contact you without delay. We will give you the contact details of the person who is dealing with the breach, explain to you the nature of the breach and the steps we are taking to deal with it.
You have the right to complain if you feel that we are mishandling your data. You can do this by contacting Joanne Pinny at the following addresses:
Postal Address: North Beds Osteopaths, 2a Grange Lane, Bromham, Bedfordshire MK3 8NP.
If you have concerns about how we use your information and don’t feel able to discuss it with anyone at the practice, you can also contact the Information Commissioner’s Office at the details below:
Telephone: 0303 123 1113
Postal Address: ICO, Wycliffe House, Water Lane, Wilmslow, SK9 5AF