General Data Protection Regulation (GDPR) Privacy Notice
Crown House Osteopaths provides direct osteopathic care and health care advice for members of the public on the premises.
To treat appropriately it is necessary for the osteopath to write a case history during the initial consultation, which is then updated with each successive visit, detailing your main concerns and reasons for seeking osteopathic treatment, the osteopathic diagnosis and details of progression of treatment administered. This is handwritten on single copy only and is kept on the practice premises.
The case history may include the following information:
-Name, address, email address, phone contact, date of birth, family history, GP details, your referrer, details of appointments and other contacts we have had with you.
-Health information you have supplied e.g. previous medical history, current and historical medications, diet and lifestyle, results of tests performed by us or by other parties that you have shared with us, advice you have received and shared with us from other practitioners.
Information from Other Sources
Subject to giving your express consent and where necessary for providing the most appropriate treatment for you, we may obtain information about you from other healthcare providers or from testing companies.
How do we use this information?
The personal information that we hold will be used only to provide you with direct and appropriate osteopathic healthcare. The legal basis for holding your personal data is that of legitimate interest only.
How do we store this information?
This is recorded on handwritten notes on single copy, stored on the practice premises.
How do we use your personal data?
Your data will be used purely for the purposes of offering you the most effective treatment that we can. Only the practitioner, or practitioners, in this practice, giving you osteopathic treatment, will read it. It will only be shared with third parties with your express permission for the purpose of giving you the best treatment outcome or for insurance claims on your behalf.
We undertake to protect your personal data, including any health or contact details, in a manner consistent with our duty of professional confidence and the requirements of the General Data Protection Regulation (GDPR) concerning data protection. We also take reasonable security measures to protect your personal data storage.
We will never use your personal information for any promotional or marketing purposes.
Sharing your data with third parties
We will keep your personal information absolutely confidential. We will only disclose your personal information with your express consent to third parties such as:
-Our Registering body, and professional association for the processing of any complaint made by you.
-Anyone to whom, with your express consent, we may transfer responsibility for your osteopathic and general healthcare, referrals to specialists etc.
We will seek your express consent before sharing your information with your GP or other healthcare providers. However, if we believe your life is in danger then we may pass your information onto an appropriate authority (such as police, social services in the case of a child or vulnerable adult, or GP in case of self-harm) using the legal basis of Vital Interests.
What are your rights?
You have the right to see, amend, delete and have a copy of any data held that could identify you. You do not need to give reason to see your data. However, we have a professional duty to keep your records for 7 years.
If you wish to access your data you will need to make a subject access request in writing to the main osteopath giving you treatment at the practice postal or email address. Under special circumstances some information may be withheld. We shall respond within 20 days of receiving your request. Our response will include details of the personal data we hold on you including:
-Sources from which we acquired the information
-Purpose of holding and processing information
-Third parties with whom we share information
You have the right, subject to exemptions to ask to:
-Have your information deleted, corrected or updated where no longer accurate.
-Ask us to stop holding information about you where not required to do so by law.
-Receive a copy of your personal data, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit that data to another controller without hindrance from us.
– Object at any time to the processing of your personal data
-We do not carry out any automated processing that may lead to automated decisions based on your personal data.
If you would like to invoke any of the above rights then please write to the main osteopath administering your treatment at the practice postal or email address above.
What safeguards exist to secure your personal data?
We only process the information that may identify you in accordance with the GDPR. This requires us to process personal data only if there is legitimate basis for doing so and that any processing must be fair and lawful.
Within the health sector we also must follow the common-law duty of confidence, which means that where identifiable information about you has been given in confidence, it should be treated as confidential and only shared for providing direct healthcare. We will protect your information, inform you of how your information will be used and allow you to decide if and how your information can be shared.
How long do we keep this information?
Following the completion of your course of osteopathic treatment we retain your personal data for the period, recommended by the General Osteopathic Council (GOsC), of 7 years. The information will then be professionally shredded.
If you have a complaint regarding the use of your personal data please contact us by writing to your main osteopath at the practice postal or email address.
If your complaint is not resolved to your satisfaction and you wish to make a formal complaint to the Information Commissioners Office (ICO), you can contact them on 0303 123 1113
Cookies are not used on this site at this time.