We gather and use certain information about individuals in order to provide products and services and to enable certain functions on this website. We also collect information to better understand how visitors use this website and to present timely, relevant information to them.
What data we gather
We may collect the following information:
How we use this data
Collecting this data helps us understand what you are looking from the company, enabling us to deliver improved products and services.
Specifically, we may use data:
Cookies and how we use them
What is a cookie?
A cookie is a small file placed on your computer’s hard drive. It enables our website to identify your computer as you view different pages on our website. Cookies allow websites and applications to store your preferences in order to present content, options or functions that are specific to you. They also enable us to see information like how many people use the website and what pages they tend to visit.
Analyse our web traffic using an analytics package. Aggregated usage data helps us improve the website structure, design, content and functions. Identify whether you are signed in to our website. A cookie allows us to check whether you are signed in to the site. Test content on our website. For example, 50% of our users might see one piece of content, the other 50% a different piece of content. Store information about your preferences. The website can then present you with information you will find more relevant and interesting. To recognise when you return to our website. We may show your relevant content, or provide functionality you used previously. Cookies do not provide us with access to your computer or any information about you, other than that which you choose to share with us.
Please click here to read our GDPR statement. GDPR Statement
This document tells you what data we record, why we need it, and how we process it.
Your Medical Records
We have a legal obligation to maintain medical records pertaining to your treatment, including associated correspondence such as referral letters and reports. We require your name, address and date of birth to identify your records correctly.
Your medical records are stored on paper in a locked filing cabinet and/or on a secure server, accessible only to practitioners at The Malmesbury Clinic. They are not passed on to any 3rd party, except: other healthcare professionals; another osteopath if you relocate or if ownership of this practice changes; your insurance company or legal representative in the case of a medico-legal investigation.
We would not do so without your consent. Statutory minimum storage times for medical records are 8 years after the date of the last appointment or 25 years of age (if longer), after which you may request that we destroy them. Otherwise, we retain them indefinitely so that we can provide you with the best possible care should you require further treatment in the future.
You may request a copy of your records, free of charge, at any time. We aim to do so within 5 working days, and will comply with the statutory maximum of 30 days.
We use your email address and telephone number(s) in order to contact you regarding your appointments, or with appointment reminders, or with information and advice relating directly to your treatment. The legal basis for this is termed legitimate interest. We may also contact you occasionally with information (eg. newsletters) that you may find of interest regarding our services, or with requests for feedback. We would seek your consent prior to doing so, and you may subsequently withdraw your consent if you wish – simply let us know, and we shall stop doing so within 5 working days.
CCTV at the practice
To ensure that you’re confident that we’re using CCTV and other similar devices responsibly we’ve noted our obligations below. In this policy “CCTV” relates to Closed Circuit Television, and other surveillance systems that capture personal data.
References to we, our, or us in this policy are to The Malmesbury Clinic Ltd. Our Data Protection Officer (DPO) has overall responsibility for data protection compliance in our firm.
If you have any questions about this policy or how we handle your personal information please contact the DPO.
1.1 Before installing the CCTV we carried out a privacy impact assessment to ensure we were balancing our need for CCTV with the impact on your privacy.
1.2 We have installed CCTV to:
As well as being the purposes for which we use your personal information, all of the above are also legitimate reasons for us to use and store personal data
Images captured by CCTV may be monitored and recorded and kept for up to seven days after the recording was made. After this time it is automatically deleted via cloud storage.
1.3 Any information captured by CCTV will be viewed in a restricted area and only by the DPO and any authorised people.
1.4 All CCTV is maintained and overseen by our DPO. They are responsible for carrying out compliance audits and reviewing the need for CCTV.
1.5 You have the right to view any personal data recorded by our CCTV. We may take time though to redact the personal data of anyone else on the recordings. We will first give you the opportunity to view the recordings that have been identified. We may be able to supply you with a copy of the recording unless that isn’t technically possible or to do so puts us to disproportionate effort.
1.7 It is a criminal offence to misuse CCTV.YOUR RIGHTS IN RELATION TO YOUR PERSONAL INFORMATION
You have the following rights in relation to your personal information:
Please note that some of these rights to object may not always apply as they have specific requirements and exemptions which apply to them and they may not apply to personal information recorded and stored in our CCTV system.
More information about your legal rights can be found on the Information Commissioner’s website at https://ico.org.uk/for-the-public/. To exercise any of the above rights, or if you have any questions relating to your rights, please contact us by emailing the DPO email@example.com.If you are unhappy with the way we are using your personal information you can also complain to the ICO. However we would encourage you to contact us firs to see if we can resolve your complaint.
With your consent, we store information regarding your condition (eg. the location, duration and severity of symptoms, and your response to treatment) in a secure database, accessible only to practitioners at The Malmesbury Clinic. This is used for statistical purposes to measure and publish data about the effectiveness of our treatment (clinical audit) and for research purposes. The database is NOT passed on to any 3rd party and the statistical analysis does NOT make use of any identifying data, so it is NOT possible to identify patients from the results. We store this information for the same duration as your medical records. You may subsequently withdraw your consent if you wish – simply let us know, and we shall remove your details within 5 working days.
Online Appointment Booking
This facility uses Cliniko appointment software. Should you wish to use this facility, we request your email address and mobile telephone number to confirm your appointment and send you appointment reminders. Your contact details are stored within the database.The Malmesbury Clinic Ltd Potters Yard, Cross Hayes, Malmesbury, SN16 9BE Registered in England. Company Number 1134427 Tel: 01666 817123 www.themalmesburyclinic.co.uk We do NOT share or pass on your personal details to any 3rd party. We may also send you a questionnaire after your first appointment to ask you for your feedback. If, subsequently, you would like us to remove your personal contact details from our database, let us know, and we shall do so within 5 working days. Unfortunately, you will not be able to use the on-line booking facility without providing this information. However, you will still be able to make appointments via the practice telephone on 01666 817123.
Therapies other than Osteopathy
All other therapists at The Malmesbury Clinic (acupuncture, counselling, remedial massage, nutrition and hypnotherapy) are self-employed, and are responsible for their own medical records and management of patients’ personal information as per the General Data Protection Regulation. Please refer to your specific therapist for their privacy statement and for details of how they manage your information.
For further information regarding the storage and processing of your personal data, or if you feel that there is an error in the data we hold, or if you would like us to remove your contact details from our database, please contact the practice manager, Richard Puddle on 01666 817123 or via email on firstname.lastname@example.org. The Malmesbury Clinic is registered with the Information Commissioner’s Office, registration number ZA322878.
If you feel that we have not managed your personal information correctly, please contact us, and we shall endeavour to address your concern immediately. You also have the right to object to the Information Commissioner’s Office at https://ico.org.uk/concerns/ or by phone on 0303 123 1113.
Controlling information about you
When you fill in a form or provide your details on our website, you will see one or more tick boxes allowing you to:
Send an email to email@example.com.
We will never lease, distribute or sell your personal information to third parties unless we have your permission or the law requires us to. Any personal information we hold about you is stored and processed under our data protection policy, in line with the Data Protection Act 1998.
We will always hold your information securely. To prevent unauthorised disclosure or access to your information, we have implemented strong physical and electronic security safeguards. We also follow stringent procedures to ensure we work with all personal data in line with the Data Protection Act 1998.
Links from our site
Our website may contain links to other websites. Please note that we have no control of websites outside the themalmesburyclinic.co.uk domain. If you provide information to a website to which we link, we are not responsible for its protection and privacy. Always be wary when submitting data to websites. Read the site’s data protection and privacy policies fully.