Website Privacy Notice and Cookies
(Why we collect your personal data and what we do with it)
When you supply your personal details to the clinic, they are stored and processed for 4 reasons (the bits in bold are the relevant terms used in the General Data Protection Regulation – ie the law):
1. We need to collect personal information about your health in order to provide you with the best possible care. Your requesting care and our agreement to provide that care constitutes a contract. You can, of course, refuse to provide the information, but if you were to do that we would not be able to provide care.
2. We have a “Legitimate Interest” in collecting that information, because without it we couldn’t do our job effectively and safely.
3. We also think that it is important that we can contact you in order to confirm your appointments with us or to update you on matters related to your health care. This again constitutes “Legitimate Interest”, but this time it is your legitimate interest.
4. Provided we have your consent, we may occasionally send you general health information in the form of articles, advice or newsletters. You may withdraw this consent at any time – just let us know by any convenient method.
We have a legal obligation to retain your records for 8 years after your most recent appointment (or age 26, if this is longer).
Every member of staff who works at Aceso Chiropractic has a legal obligation to keep information about you confidential. We have put in place measures to protect the security of your information against accidental loss or disclosure, alteration, unauthorised access, destruction or abuse. We have implemented processes to guard against such. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
We will never share your data with anyone who does not need access without your written consent. Only the following people/agencies will have routine access to your data:
• The health record service PracticeHub who store our files
• Your practitioner(s) in order that they can provide you with care
• Our reception team, because they organise our practitioners’ diaries, and coordinate appointments and reminders
In the event of illness or holiday, we may need to use locum practitioners to cover. This helps to maintain capacity at the centre and your level of care whilst your practitioner is off. This will give them access to your personal data and your medical notes which they will need in order to understand your care and provide you with the best level of care whilst your practitioner is off. We enter into contracts with practitioners for locum cover with confidentiality agreements in place to ensure that patient information is treated with the highest levels of care.
We are under an obligation to inform the Information Commissioners Office of any data breeches within 72 hours.
Other 3rd Parties
MailChimp is the provider we use to coordinate our communication e-mails. Your name and email address will be held on their server. Their processes are compliant with GDPR.
Rehab My Patient is the provider we use to coordinate our rehabilitation programs.Your name and email address will be held on their server. Their processes are compliant with GDPR.
We may record phone conversations for the purpose of staff training.
You have the right to request the details of your personal data which we hold. You have the right to ask us to update your information if it is not correct and you also have the right to be forgotten, providing that the minimum medical requirements (mentioned above) are adhered to. You can also object to the processing of your data or question the grounds for which we are processing your data under ‘legitimate reasons’. You can exercise these rights by getting in touch on the details at the bottom of this page where we will provide a response within 30 days.
Cookies are small text files that are placed on your computer's hard drive by your web browser when you visit any website. They allow information gathered on one web page to be stored until it is needed for use on another, allowing a website to provide you with a personalised experience and the website owner with statistics about how you use the website so that it can be improved.
Some cookies may last for a defined period of time, such as one day or until you close your browser. Others last indefinitely.
Your web browser should allow you to delete any you choose. It also should allow you to prevent or limit their use.
If you choose to prevent their use through your browser settings, you will not be able to use all the functionality of our website.
1.1. to track how you use our website
1.2. to record whether you have seen specific messages we display on our website
1.3. to keep you signed in our site
1.4. to record the conversation thread during a live chat with our support team
2. personal identifiers from your browsing activity
Requests by your web browser to our servers for web pages and other content on our website are recorded.
We record information such as your geographical location, your Internet service provider and your IP address. We also record information about the software you are using to browse our website, such as the type of computer or device and the screen resolution.
We use this information in aggregate to assess the popularity of the web pages on our website and how we perform in providing content to you.
If combined with other information we know about you from previous visits, the data possibly could be used to identify you personally, even if you are not signed in to our website.
We want you to be absolutely confident that we are treating your personal data responsibly, and that we are doing everything we can to make sure that the only people who can access that data have a genuine need to do so.
Of course, if you feel that we are mishandling your personal data in some way, you have the right to complain. Complaints need to be sent to what is referred to as the “Data Controller”. Here are the details you need for that:
25 Moreton Road