This privacy policy sets out how Healing The Whole You uses and protects any information that you give Healing The Whole You when you use this website.
Healing The Whole You is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this privacy statement.
Healing The Whole You may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective from 01 February 2016
We require this information to understand your needs and provide you with a better service, and in particular for the following reasons:
• Internal record keeping.
• We may use the information to improve our products and services.
• We may periodically send promotional emails about new products, special offers or other information which we think you may find interesting using the email address which you have provide
• From time to time, we may also use your information to contact you for market research purposes. We may contact you by email, phone, fax or mail. We may use the information to customise the website according to your interests.
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
You may choose to restrict the collection or use of your personal information in the following ways:
• whenever you are asked to fill in a form on the website, look for the box that you can click to indicate that you do not want the information to be used by anybody for direct marketing purposes
• if you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by writing to or emailing us at info@healingthewholeyou.co.uk
We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so. We may use your personal information to send you promotional information about third parties which we think you may find interesting if you tell us that you wish this to happen.
You may request details of personal information which we hold about you under the Data Protection Act 1998. A small fee will be payable. If you would like a copy of the information held on you please write to Healing The Whole You, Acupuncture in Reading, Berkshire & Basingstoke, Hampshire.
If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible, at the above address. We will promptly correct any information found to be incorrect.
|
Nature of personal data
|
Type of personal data
|
Purposes for processing (collecting/having/using etc.)
|
Most likely lawful basis and Article 9 condition (if special category personal data)
|
|
1. Patients/prospective patients’ contact details - name, address, telephone number, email address
|
Personal data
|
necessary to make or rearrange appointments
|
-
a)Legitimate interests
-
b)Consent
|
|
2. Permanent attendance register which records all patients attending your clinic
|
Personal data
|
-
a)Necessary to keep a record of when the patient was treated in the event of a criminal prosecution, civil action, insurance claim or complaint
-
b)Necessary as a record for tax purposes
|
-
a)Legitimate interests
-
b)Necessary for compliance with a legal obligation to which the controller (you) is subject
|
|
3. Patient’s date of birth
|
Personal data
|
-
a)Necessary to help identify patients with the same name to avoid mistakes being made as to safe and appropriate treatment
-
b)Necessary if referring patient to another health practitioner
-
c)Necessary if writing to registered medical practitioner so that they correctly identify patient
|
-
a)Legitimate interests
-
b)Legitimate interests
-
c)Legitimate interests
|
|
4. Presenting complaint and symptoms reported by the patient
|
Special category
|
Necessary for full traditional diagnosis, treatment strategy and treatment planning
|
Legitimate interests and
processing is necessary for the purposes preventative medicine, medical diagnosis, the provision of health treatment pursuant to contract with a health professional and
the data is processed by the professional subject to the obligation of professional secrecy under EU or UK law
|
|
5. Relevant medical and family history
|
Special category
|
Necessary for full traditional diagnosis, treatment strategy and treatment planning
|
Legitimate interests and
processing is necessary for the purposes preventative medicine, medical diagnosis, the provision of health treatment pursuant to contract with a health professional and
the data is processed by the professional subject to the obligation of professional secrecy under EU or UK law
|
|
6. GP’s name and address
|
Personal data
|
Necessary in the event that you need to contact a patient’s GP including in an emergency
|
Legitimate interests
|
|
7. Your clinical findings
|
Special category
|
Necessary for full traditional diagnosis, treatment strategy and treatment planning
|
Legitimate interests and
processing is necessary for the purposes preventative medicine, medical diagnosis, the provision of health treatment pursuant to contract with a health professional and
the data is processed by the professional subject to the obligation of professional secrecy under EU or UK law
|
|
8. Any treatment given and details of progress of the case, including reviews of treatment planning
|
Special category
|
a) Necessary when reviewing diagnosis, treatment strategy and planning.
b) Necessary in the event of criminal proceedings, a civil claim, an insurance claim or complaint.
|
a) Legitimate interests and
processing is necessary for the purposes preventative medicine, medical diagnosis, the provision of health treatment pursuant to contract with a health professional and
the data is processed by the professional subject to the obligation of professional secrecy under EU or UK law.
b) Legitimate interests and
processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity.
|
|
9. Any information and advice that you give, especially when referring the patient to any other health professional
|
Special category
|
Necessary in the event of criminal proceedings, a civil claim, an insurance claim or complaint.
|
Legitimate interests and
processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity.
|
|
10. Any decisions made in conjunction with the patient
|
Special category
|
Necessary in the event of criminal proceedings, a civil claim, an insurance claim or complaint.
|
Legitimate interests and
processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity.
|
|
11. Accident records for patients, practitioner and staff (if any)
|
Special category
|
Necessary to comply with UK accident reporting legislation (RIDDOR)
|
Necessary for compliance with a legal obligation to which the controller (you) is subject
and
processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller (you) or of the data subject (the patient/employee/injured person) in the field of employment and social security and social protection law in so far as it is authorised by EU or UK law.
|
|
12. Adverse incident reports if they identify the patient rather than being completed anonymously
|
Special category if they contain details of the patient’s health, sex life, sexual orientation, racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership
|
Necessary for helping the BAcC to develop its safe practice guidelines, as well as providing research data and information for the BAcC’s insurers and other interested parties.
|
Probably:
Legitimate interests
and
processing is necessary for reasons of ensuring high standards of quality and safety of health care and of medicinal products or medical devices, on the basis of EU or UK law which provides for suitable and specific measures to safeguard the rights and freedoms of the data subject (the patient), in particular professional secrecy
|
|
13. Records of the patient’s consent to treatment, or the consent of their next-of-kin
|
Special category
|
Necessary to prove that the patient (and/or parent/guardian/next of kin) has given informed consent to treatment in the event of a civil claim, criminal proceedings, insurance claim or complaint.
|
Legitimate interests
and
processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity.
|
|
14. Website cookies if your website is set up to collect such data from users of your website
|
Personal data
|
To improve user experience of your website by enabling your website to 'remember' users, either for the duration of their visit - using a 'session cookie' - or for repeat visits - using a 'persistent cookie'.
|
Consent
|
|
15. Emails/online enquiries received from patients, prospective patients and third parties
|
Usually personal data
May contain special category data if email contains details of the individual’s health, sex life, sexual orientation, racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership
|
This depends what data you collect from patients and prospective patients and why.
a) I understand that some practitioners ask their patients to return pre- 1st appointment questionnaires asking about medical conditions and medication (if so, please see answer 4 above).
b) Other practitioners only use emails and online enquiry forms to collect patients and prospective patients’ contact details for arranging appointments (if so, please see answer 1 above).
|
a) Please see answer 4 above.
b) Please see answer 1 above.
|
