Privacy Policy

Key details

This website privacy policy describes how we protect and make use of the information you give The Malmesbury Clinic when you use this website. If you are asked to provide information when using this website, it will only be used in the ways described in this privacy policy. This policy is updated from time to time. The latest version is published on this page.

This website privacy policy was updated on: 14/02/2020

Introduction

We gather and use certain information about individuals in order to provide products and services and to enable certain functions on this website. We also collect information to better understand how visitors use this website and to present timely, relevant information to them.

What data we gather

We may collect the following information:

  • Name and job title
  • Contact information including email address
  • Demographic information, such as postcode, preferences and interests
  • Website usage data
  • Other information relevant to client enquiries
  • Other information pertaining to special offers and surveys

    • How we use this data

    Collecting this data helps us understand what you are looking from the company, enabling us to deliver improved products and services.

    Specifically, we may use data:

  • For our own internal records.
  • To improve the products and services we provide.
  • To contact you in response to a specific enquiry.
  • To customise the website for you.
  • To send you promotional emails about products, services, offers and other things we think might be relevant to you.
  • To send you promotional mailings or to call you about products, services, offers and other things we think might be relevant to you.
  • To contact you via email, telephone or mail for market research reasons.

    • Cookies and how we use them

    What is a cookie?

    A cookie is a small file placed on your computer’s hard drive. It enables our website to identify your computer as you view different pages on our website. Cookies allow websites and applications to store your preferences in order to present content, options or functions that are specific to you. They also enable us to see information like how many people use the website and what pages they tend to visit.

    How we use cookies

    We may use cookies to:

    Analyse our web traffic using an analytics package. Aggregated usage data helps us improve the website structure, design, content and functions. Identify whether you are signed in to our website. A cookie allows us to check whether you are signed in to the site. Test content on our website. For example, 50% of our users might see one piece of content, the other 50% a different piece of content. Store information about your preferences. The website can then present you with information you will find more relevant and interesting. To recognise when you return to our website. We may show your relevant content, or provide functionality you used previously. Cookies do not provide us with access to your computer or any information about you, other than that which you choose to share with us.

    Controlling cookies

    You can use your web browser’s cookie settings to determine how our website uses cookies. If you do not want our website to store cookies on your computer or device, you should set your web browser to refuse cookies.

    However, please note that doing this may affect how our website functions. Some pages and services may become unavailable to you. Unless you have changed your browser to refuse cookies, our website will issue cookies when you visit it.

    GDPR

    Please click here to read our GDPR statement. GDPR Statement

    When consulting with osteopaths at the practice, you will be asked for personal information.

    This document tells you what data we record, why we need it, and how we process it.

    Your Medical Records

    We have a legal obligation to maintain medical records pertaining to your treatment, including associated correspondence such as referral letters and reports. We require your name, address and date of birth to identify your records correctly.

    Your medical records are stored on paper in a locked filing cabinet and/or on a secure server, accessible only to practitioners at The Malmesbury Clinic. They are not passed on to any 3rd party, except: other healthcare professionals; another osteopath if you relocate or if ownership of this practice changes; your insurance company or legal representative in the case of a medico-legal investigation.

    We would not do so without your consent. Statutory minimum storage times for medical records are 8 years after the date of the last appointment or 25 years of age (if longer), after which you may request that we destroy them. Otherwise, we retain them indefinitely so that we can provide you with the best possible care should you require further treatment in the future.

    You may request a copy of your records, free of charge, at any time. We aim to do so within 5 working days, and will comply with the statutory maximum of 30 days.

    Contacting You

    We use your email address and telephone number(s) in order to contact you regarding your appointments, or with appointment reminders, or with information and advice relating directly to your treatment. The legal basis for this is termed legitimate interest. We may also contact you occasionally with information (eg. newsletters) that you may find of interest regarding our services, or with requests for feedback. We would seek your consent prior to doing so, and you may subsequently withdraw your consent if you wish – simply let us know, and we shall stop doing so within 5 working days.

    CCTV at the practice

    To ensure that you’re confident that we’re using CCTV and other similar devices responsibly we’ve noted our obligations below. In this policy “CCTV” relates to Closed Circuit Television, and other surveillance systems that capture personal data.

    References to we, our, or us in this policy are to The Malmesbury Clinic Ltd. Our Data Protection Officer (DPO) has overall responsibility for data protection compliance in our firm.

    If you have any questions about this policy or how we handle your personal information please contact the DPO.

    1.1 Before installing the CCTV we carried out a privacy impact assessment to ensure we were balancing our need for CCTV with the impact on your privacy.

    1.2 We have installed CCTV to:

  • (a) prevent and detect crimes;
  • (b) identify, apprehend and prosecute offenders;
  • (c) dealing with any queries, complaints or enquiries;
  • (d) ensure the security of our and your property and that of our patients and contractors;
  • (e) ensure that our policies and procedures are being adhered to;
  • (f) to assist in any investigations or any disciplinary or grievance issue;
  • (g) monitor the security of our premises;
  • (h) monitor adherence to health and safety provisions and policies.

    • As well as being the purposes for which we use your personal information, all of the above are also legitimate reasons for us to use and store personal data

    Images captured by CCTV may be monitored and recorded and kept for up to seven days after the recording was made. After this time it is automatically deleted via cloud storage.

    1.3 Any information captured by CCTV will be viewed in a restricted area and only by the DPO and any authorised people.

    1.4 All CCTV is maintained and overseen by our DPO. They are responsible for carrying out compliance audits and reviewing the need for CCTV.

    1.5 You have the right to view any personal data recorded by our CCTV. We may take time though to redact the personal data of anyone else on the recordings. We will first give you the opportunity to view the recordings that have been identified. We may be able to supply you with a copy of the recording unless that isn’t technically possible or to do so puts us to disproportionate effort.

    1.7 It is a criminal offence to misuse CCTV.YOUR RIGHTS IN RELATION TO YOUR PERSONAL INFORMATION

    You have the following rights in relation to your personal information:

  • • the right to be informed about how your personal information is being used;
  • • the right to access the personal information we hold about you;
  • • the right to request the correction of inaccurate personal information we hold about you;
  • • the right to request the erasure of your personal information in certain limited circumstances;
  • • the right to restrict processing of your personal information where certain requirements are met;
  • • the right to object to the processing of your personal information;
  • • the right to request that we transfer elements of your data either to you or another service provider;
  • • the right to object to certain automated decision making processes using your personal information.

    • Please note that some of these rights to object may not always apply as they have specific requirements and exemptions which apply to them and they may not apply to personal information recorded and stored in our CCTV system.

    More information about your legal rights can be found on the Information Commissioner’s website at https://ico.org.uk/for-the-public/. To exercise any of the above rights, or if you have any questions relating to your rights, please contact us by emailing the DPO contact@themalmesburyclinic.co.uk.

    If you are unhappy with the way we are using your personal information you can also complain to the ICO. However we would encourage you to contact us firs to see if we can resolve your complaint.

    Data Processing

    With your consent, we store information regarding your condition (eg. the location, duration and severity of symptoms, and your response to treatment) in a secure database, accessible only to practitioners at The Malmesbury Clinic. This is used for statistical purposes to measure and publish data about the effectiveness of our treatment (clinical audit) and for research purposes. The database is NOT passed on to any 3rd party and the statistical analysis does NOT make use of any identifying data, so it is NOT possible to identify patients from the results. We store this information for the same duration as your medical records. You may subsequently withdraw your consent if you wish – simply let us know, and we shall remove your details within 5 working days.

    Online Appointment Booking

    This facility uses Cliniko appointment software. Should you wish to use this facility, we request your email address and mobile telephone number to confirm your appointment and send you appointment reminders. Your contact details are stored within the database.

    The Malmesbury Clinic Ltd Potters Yard, Cross Hayes, Malmesbury, SN16 9BE Registered in England. Company Number 1134427 Tel: 01666 817123 www.themalmesburyclinic.co.uk We do NOT share or pass on your personal details to any 3rd party. We may also send you a questionnaire after your first appointment to ask you for your feedback. If, subsequently, you would like us to remove your personal contact details from our database, let us know, and we shall do so within 5 working days. Unfortunately, you will not be able to use the on-line booking facility without providing this information. However, you will still be able to make appointments via the practice telephone on 01666 817123.

    Therapies other than Osteopathy

    All other therapists at The Malmesbury Clinic (acupuncture, counselling, remedial massage, nutrition and hypnotherapy) are self-employed, and are responsible for their own medical records and management of patients’ personal information as per the General Data Protection Regulation. Please refer to your specific therapist for their privacy statement and for details of how they manage your information.

    For further information regarding the storage and processing of your personal data, or if you feel that there is an error in the data we hold, or if you would like us to remove your contact details from our database, please contact the practice manager, Richard Puddle on 01666 817123 or via email on richard@themalmesburyclinic.co.uk. The Malmesbury Clinic is registered with the Information Commissioner’s Office, registration number ZA322878.

    If you feel that we have not managed your personal information correctly, please contact us, and we shall endeavour to address your concern immediately. You also have the right to object to the Information Commissioner’s Office at https://ico.org.uk/concerns/ or by phone on 0303 123 1113.

    This statement contains details of the personal information we take during your visit as a patient, why we require it, how we we use it, how we get consent, how you can withdraw consent, how you can ask for it to be corrected, and where you can complain if you feel we have not managed your personal data lawfully.

    We may update our privacy policy from time-to-time by posting a new version on our website. You should check this page occasionally to ensure you are happy with any changes.

    Controlling information about you

    When you fill in a form or provide your details on our website, you will see one or more tick boxes allowing you to:

  • Opt-in to receive marketing communications from us by email, telephone, text message or post.
  • Opt-in to receive marketing communications from our third-party partners by email, telephone, text message or post.
  • If you have agreed that we can use your information for marketing purposes, you can change your mind easily, via one of these methods:

    • Send an email to contact@themalmesburyclinic.co.uk.

    We will never lease, distribute or sell your personal information to third parties unless we have your permission or the law requires us to. Any personal information we hold about you is stored and processed under our data protection policy, in line with the Data Protection Act 1998.

    Security

    We will always hold your information securely. To prevent unauthorised disclosure or access to your information, we have implemented strong physical and electronic security safeguards. We also follow stringent procedures to ensure we work with all personal data in line with the Data Protection Act 1998.

    Links from our site

    Our website may contain links to other websites. Please note that we have no control of websites outside the themalmesburyclinic.co.uk domain. If you provide information to a website to which we link, we are not responsible for its protection and privacy. Always be wary when submitting data to websites. Read the site’s data protection and privacy policies fully.