The Fishponds Practice Limited
834 Fishponds Road, Bristol BS16 3XA
Tel: 0117 949 1290
GDPR 2018 PRIVACY NOTICE
This document refers to personal data, which is defined as information concerning any person, referred to as the “Data Subject” or “you” that is not already in the public domain.
The General Data Protection Regulations (GDPR) which come into force on 25 May 2018 are EU wide and far more extensive than their predecessor the Data Protection Act. Along with the Privacy and Electronic Communications Regulations (PECR), they seek to protect and enhance the rights of EU data subjects. These rights cover the safeguarding of personal data, protection against the unlawful processing of personal data and the unrestricted movement of personal data within the EU and its storage within the EEA.
The Fishponds Practice Limited (Company No 7045958), based at 834 Fishponds Road, Bristol BS16 3XA, which, for the purposes of this Privacy Notice, will be referred to as “We”, is pleased to provide the following information about our compliance with GDPR.
Who we are
Martyn Morgan and Gabrielle Waldron are Osteopaths and joint directors of The Fishponds Practice Limited. Gabrielle Waldron is named as our Data Protection Officer for the purposes of GDPR. Working with us are a number of Associate Osteopaths and together we diagnose and treat patients in accordance with the Institute of Osteopathy’s patient charter. http://www.iosteopathy.org/osteopathy/the-patient-charter/. We employ a number of part-time administrative staff, all of whom have received training concerning patient confidentiality and protection of personal data.
Independent practitioners of other therapies also work within the practice and are responsible for their own patients/clients and their data.
We hold some general data about patients on computer for administration purposes. We will never sell your data and will keep your details secure. Our 2 computers are password protected. Each evening data is backed up in encrypted form onto a memory stick and taken off site.
We may use your contact details to remind you of future appointments, for example, or to provide reports or other information to you concerning your treatment.
We hold no financial data about patients, except on the merchant copy of credit card payment receipts where the full credit card number is shown. These copies are held in our safe, which has a combination lock, for one month, in case of query, and then shredded, using a cross-cut shredder, on site. We may hold Insurance Company membership details for those patients whose treatment costs are being paid by insurance.
In order to provide safe and appropriate osteopathic treatment, we need to record your medical details and to keep close records of the treatment we give. These records are sensitive and are therefore defined as “Special Category Personal Data” under the General Data Protection Regulations. In our practice these records are held on paper and are securely stored in cabinets which are locked overnight and the keys kept in a safe with a combination lock. The practice building is locked and alarmed when vacant.
By law we have to keep these records for a certain period after treatment has ceased. It is our practice to keep them for 12 years, or, in the case of a child, until the patient reaches age 25, whichever is the longer. After that time, your records will be securely destroyed by a professional shredding company
You may not always be treated by the same Osteopath, and so we may share your records between Osteopaths within the practice. Your records will also be handled by our trained and vetted administrative staff.
We may also use your information for internal practice research and audit. If the outcome of such research were likely to be of interest to the Osteopathic or medical profession generally, and were selected for publication, any data which appeared would be fully anonymised.
With your agreement, we may share details from your records with other medical practitioners, eg your GP, a Consultant Specialist, or Radiology Department.
We will never sell your data. We do not use social media or any third party marketing organisations.
However we may wish to contact you from time to time about changes or new developments in the practice and we may also promote the other independent practitioners based at our premises who are not employed by us. We need your explicit consent to do this. You may withdraw this consent at any time and ask to be removed from our marketing database by emailing or phoning the practice using the contact details shown at the head of this Privacy Notice.
All data is held in the United Kingdom. The Fishponds Practice Limited does not store personal data outside the EEA.
10 – Your rights as a Data Subject
Under GDPR you have the following rights:
Right of access – you have the right to request a copy of any information that we hold about you (or your child).
Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records. But please note, as stated above, we are required by law to hold medical records for a certain period of time.
Right of portability – you have the right to have the data we hold about you transferred to another organisation.
Right to object – you have the right to object to certain types of processing such as direct marketing.
Access to your data
Whilst you have the right of access to the data we hold about you (or your child) and the right to have that data transferred to another organisation, we will require identification.
We will accept the following forms of identification (ID) when information on your personal data is requested: a copy of your driving licence, passport, birth certificate and a utility bill not older than three months. A minimum of one piece of photographic ID listed above and a supporting document is required. If we are dissatisfied with the quality of the documentation provided, further information may be sought before personal data can be released. All requests should be made to Gabrielle Waldron, as our Data Protection Officer, in writing, by email or by phone. The contact details are shown at the head of this Privacy Notice.
Complaints concerning data processing
In the event that you wish to make a complaint about how we are processing your personal data you have the right to complain. Initially contact:-
Data Protection Officer
The Fishponds Practice Limited
In writing – 834 Fishponds Road, Bristol BS16 3XA
By ‘phone – 0117 949 1290
By email – firstname.lastname@example.org
If you do not get a response within 30 days, you can complain to the ICO (Information Commissioner’s Office
In writing – Wycliffe House, Water Lane, Wilmslow, SK9 5AF
By ‘phone – 0303 123 1113
By email – https://ico.org.uk/global/contact-us/email/