In terms of the GDPR, we are the Data Controllers and you are the Data Subject. Your rights under the GDPR are written in italics.
As a data subject, you have rights regarding your data under the GDPR. As the Data Controllers, it is our responsibility to inform you of rights that are relevant to our contract with you. This is your Right to be Informed.
What data do we collect, and why?
As a patient, it is necessary for you to provide information about yourself, so that we may provide you with the services we offer.
This information includes your name, date of birth and contact details, so we can manage your appointments and provide relevant information via email and text messages.
We also collect information about your medical history, general health and wellbeing, as well as your lifestyle. This enables us to perform clinical assessments, provide appropriate treatment and offer clinical advice.
It is important to keep us updated of any changes to the above data, so we can continue to provide the best service possible.
You may request to have changes made to the information we have collected if it is inaccurate. The GDPR defines this as the data subject’s “Right to Rectification”.
How and where do we store your data?
Your data is collected electronically and/or on paper.
If you attend an appointment with Marie Ayres, electronic data is collected and stored using a cloud based patient management service called Clinko, which is fully GDPR compliant. In terms of the GDPR, they are the Data Processor. A secure password is required each time to sign in to Cliniko’s website to access the service.
Data on paper is stored safely in a filing box or cabinet, which is locked in a secure location.
For how long do we keep your data?
As registered chiropractors, we are required to keep your data for eight years after the date of your last visit. As a Data Controller we have what the GDPR define as “Legal Basis” to retain your data for this period of time.
In the case of children, the data is stored until his/her 25th birthday, or the 26th birthday if he/she was 17 years old when the treatment ended.
After the eight years, as a data subject, you may request that your data is erased. The GDPR call this the “Right to be Forgotten”.
Who has access to your data?
At the practice in Canton, Clive Taylor, Anne O’Donohue and Marie Ayres have access to your data held at that location. If you are a patient at Shanee Taylor's Heath practice, she has access to the data she holds regarding her contract with you.
To fulfil our contract we may share your data with a third party (e.g. referral to another health professional), but not without obtaining your consent first.
You, have access to your data on request. This request must be made in writing and is known as a Subject Access Request. GDPR call this the “Right to Access”.
We will provide the information requested in an easy-to-read format that is easily transferrable. GDPR define this as the “Right to Portability”.
If you wish to know more about the GDPR, further information is available from the Information Commissioners Office, also known as the ICO. Here is a link to their website.