Privacy Policy

POUNDBURY CHIROPRACTIC

DATA PRIVACY NOTICE

Definitions

“we”, “us”, “our”, “clinic” pertains to Poundbury Chiropractic.

Poundbury Chiropractic ensures full compliance with the EU General Data Protection Regulation (GDPR). The purpose of GDPR is to provide a set of standard data protection laws across the European Union related to the processing of personal data.

For the purposes of the GDPR, Poundbury Chiropractic is the Controller of your Personal Data. Personal Data is then received by JaneApp, the client management system used by Poundbury Chiropractic, who acts on behalf of the Company as Data Processors.

The personal data we collect may include: client’s personal details; case history of client; consent to assessment, diagnostic imaging such as x-rays and ultrasound and acknowledgement of informed consent; assessment and re-assessment notes on client’s health; diagnosis/rationale for care; notes on individual treatments and progress seen; any referrals; clinical images; copies of correspondence.

We will use your personal data to:

– Ensure you client record is up-to-date, complete, accurate and legible

– Keep an accurate reflection of the clinical encounter with you in the clinic, including any information regarding ongoing care and general health

– communicate directly with you about your care (i.e., text reminders, confirmation emails, touch base communications and for appointment scheduling and booking)

– provide exercises using a web-based service

– with ‘opt-in’ consent, provide details of in-clinic promotions/health talks/marketing purposes

We do not share your Personal Data with anyone outside of Poundbury Chiropractic which doesn’t have a direct link to providing our service to you. To allow us to provide our service, we will/may disclose personal data to:

–JaneApp– our cloud-based clinic management system who store and process our client records and diary information

– Physiotrack– to allow us to provide you with care specific exercises to support your care with us. This is limited to your name and email address only

–Inger Roug DACBR – a specialist in diagnostic imaging who may provide diagnostic support on client imaging

-At times we may be required to share your information with other healthcare practitioners (i.e. GPs, Consultants, Surgeons, Physiotherapists, Chiropractors, Occupational Therapists, Speech and Language Therapists, Psychologists, Care Agencies, Medical Insurance Companies, Administrative Staff and law enforcement agencies as well as other persons that you have authorised us to share information with).

Your information is treated in the strictest confidence and if legally required may be shared. (i.e. in a medical emergency with the relevant personnel, we may be required to share information about you).

Data is processed within Poundbury Chiropractic under the following Lawful Basis:

LEGITIMATE INTERESTS

Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child. (Article 6(1)(f).

Special Category Data is personal data which the GDPR says is more sensitive and so more protection is required. Health is deemed a special category data. An additional condition for processing special category data is required. As outlined in Article 9(2) of the GDPR, the Company cites the following as the relevant condition:

Processing is necessary for the purposes of preventative or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health of social care systems and services on the basis of the Union or Member State law or pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3.

OUR OBLIGATIONS

Storing

Janeapp complies with leading security policies and frameworks, including ISO 27001, SOC 1 and SOC 2 and is also GDPR and PCI compliant. Janeapp ensures full compliance through their third party privacy policy available at https://jane.app/legal/privacy-policy.

We have a legal obligation to retain your records for eight years after termination of your care with us. Your hard-copy records are stored securely in the clinic and on our web-based client management system which is password protected and securely protected against unauthorised/unlawful access. Additionally the General Chiropractic Council requires us to take and process records and documentation to ensure safe and effective care.

 

YOUR RIGHTS

You have the right to:

– Know how and why we are using your information

– Rectify or complete incorrect information

– Erasure/’be forgotten’

– Restrict the way we use your personal data

– Withdraw consent

– Lodge a complaint

Further details on your individual rights can be found on the Information Commissioner’s Office website – www.ico.org.uk

For all matters pertaining to data protection please contact Martyn Clark. If you would like a copy of this Privacy policy emailed to you or have any further questions regarding any of the content of this notice, please contact him directly on info@PoundburyChiropractic.om.

We are registered with the ICO.

You can download our privacy policy for your records here.