Data protection law in the UK will change on 25 May 2018. This notice sets out your rights under the new law and how Liverpool Acupuncture Clinic collects, uses, retains and discloses your personal information. Personal information is information that identifies you and is about you. This privacy notice applies to patients, prospective patients, contractors, suppliers and visitors to our website.
This notice comes into effect on 25th May 2018.
WHO WE ARE
The data controller for Liverpool Acupuncture Clinic and Acupuncture at the Hewitt Centre is Rachael Sakwa, Liverpool Acupuncture Clinic, 28 Rodney Street, Liverpool, L1 2TQ.
To ensure that we process your personal data fairly and lawfully this notice informs you
why we need your personal information, how it will be used, who it will be shared with, and what rights you have in relation to the personal information we collect from you.
HOW THE LAW PROTECTS YOU
Your privacy is protected by law, which says that we can use your personal information only if we have a proper reason to do so. This includes sharing it with third parties. The reasons why we may process (i.e. obtain, store, update and archive) your personal information are:
- When you consent to it;
- To fulfil a contract we have with you;
- When it is our legal duty;
- When it is in our legitimate interest (if we rely on our legitimate interest, we will tell you what that is);
- Vital interest – we may process your personal data in order to protect your vital interests – for example, if you require emergency treatment.
Below is a list of the ways that we may use your personal information, and which of the reasons we rely on to do so. This is also where we tell you what our legitimate interests are.
|What we use your personal information for||Our reason(s) for processing||Our legitimate interests (where applicable)|
|To arrange and confirm appointments and respond to enquiries from patients and prospective patients||Legitimate interest||To provide an efficient and effective acupuncture service|
|To maintain a record of all patients attending clinic with details of dates, charges, cancellations and non-attendance||Legitimate interest
Performance of contract
|To keep a record of patient appointments for billing and HMRC purposes and to enable patients and clinic to claim treatment costs from health insurers|
|To evaluate treatment outcomes in order to improve the service and help patients make informed choices for treatment||Consent|
|To contact your GP in case of an emergency or if you ask us to write to your GP about your treatment||Vital interest
|To produce written case notes containing: your presenting condition; relevant medical history and lifestyle and social circumstances; traditional diagnosis; treatment notes; lifestyle advice given, and decisions made in conjunction with you.||Performance of contract
|Providing appropriate, high quality, safe acupuncture treatment and maintaining a written document of treatment in the event of criminal proceedings, a civil claim, an insurance claim or a complaint.
|To record and report accident or adverse incidents involving any patients, visitors or acupuncturists and report these to relevant bodies (HSE, RIDDOR, NHS, Br, insurers)||Legal requirement|
|To retrieve payment for services from health insurer on behalf of patient||Fulfilment of contract between patient/insurer and Liverpool Acupuncture Clinic|
|Record of patient’s consent to treatment, or the consent of their next of kin or carer in the case of vulnerable adults to show that informed consent to treat has been sought||Legitimate interest||In the event of a civil claim, criminal proceedings, insurance claim or complaint|
|To investigate complaints and feedback received from patients||Legitimate interest||To resolve problems and improve patient care|
|Advice and business services from accountants, web developer and solicitors||Fulfilment of contract|
WHAT TYPES OF PERSONAL INFORMATION DO WE HANDLE?
We process personal information to enable us to support the provision of acupuncture services to patients, maintain our own accounts and promote our services. The types of personal information we use include:
- Personal identity – such as name, date of birth;
- Contact details – such as address, telephone and mobile numbers, email address;
- Family details – such as next of kin or partner’s name;
- GP – name and address;
- Lifestyle and social circumstances – such as questions about smoking and drinking and general lifestyle;
- Appointment record and payments made;
- Health insurance company details;
- Messages you send us via our website;
- Details of when you contact us and when we contact you (including copies of written communications such as emails or text messages);
- Any consents you have given us in relation to your treatment and the processing of your information.
For the provision of acupuncture services to you it will be necessary to collect and process information which the Data Protection Act defines as “sensitive” that may include:
- Data concerning health;
- Medical history;
- Fertility assessment.
In such cases we will always explain what information we require and why it is needed. Such data will always be processed and stored securely.
WHERE WE COLLECT PERSONAL INFORMATION FROM
Personal information you give to us:
- When you contact us (for example by phone, email, text messages, letter or via the website);
- When you come for acupuncture treatment.
Information gathered from our website www.liverpoolacupuncture.co.uk
IF YOU CHOOSE NOT TO GIVE PERSONAL INFORMATION
We may need to collect personal information by law or under the terms of the contract we have with you.
If you choose not to give us this personal information, it may delay or prevent us from meeting our obligations. It may also mean that we cannot provide you with acupuncture services. We will notify you if your choice not to give personal information to us would result in a delay or prevent us from meeting our obligations.
Any personal information that is optional will be clearly marked at the point of collection.
WHO WE SHARE YOUR PERSONAL INFORMATION WITH
We may share your personal information with:
- Acupuncture associates to support the essential delivery of acupuncture services
- Liverpool Women’s Hospital Trust in the provision of financial and administrative services
- With named third parties with your explicit consent
- Regulatory and advisory bodies such as the British Acupuncture Council (BAcC), professional and public liability insurers and solicitors in case of adverse incidents, complaints and insurance claims
- With relevant authorities if necessary to comply with a legal obligation to which we are subject, such as a court order or HM Revenue and Customs.
- Where there is a vital interest that overrides confidentiality such as need for emergency treatment or safeguarding vulnerable adults or children
OUR COMMITMENT TO YOUR PRIVACY
We recognise the importance of protecting personal and confidential information in all that we do, and we take care to meet our legal duties by putting in place security and procedural controls to protect your personal information.
How long do we keep your personal information?
We will keep your personal information for no longer than is lawfully necessary to conduct our business with you and/or in accordance with our legal obligations for data retention.
- We will keep your personal information for 7 years following the last treatment or to age 25 in the case of children in order to respond to questions or complaints and to maintain records according to legal requirements.
- Electronic diaries are kept for 18 months before being deleted.
- Emails/website enquiries and letter enquiries from patients and prospective patients may be printed and placed in their case notes. Simple enquiries resulting in no advice or appointment are deleted after one month.
- Text messages are deleted after the enquiry is dealt with. Messages may be recorded in case notes.
- Accident or adverse incident records are kept for 3 years from the date of recording
Unless subject to an exemption under the GDPR, you have certain rights with respect to your personal information as set out below.
In order to exercise your rights under data protection law, please contact us by emailing firstname.lastname@example.org or writing to Rachael Sakwa, Liverpool Acupuncture Clinic, 28 Rodney Street, Liverpool, L1 2TQ.
TO GET A COPY OF YOUR PERSONAL INFORMATION
You can request a copy of your personal information, as well as why we have that personal information, who has access to that personal information and where we got that personal information from at any time. Once we have received your request we will respond within 30 days.
TO LET US KNOW IF YOUR PERSONAL INFORMATION NEEDS UPDATING
You have the right to question any information we hold on you that you think is wrong, out of date or incomplete. If you do, we will take reasonable steps to check its accuracy and correct it.
THE RIGHT TO WITHDRAW YOUR CONSENT TO PROCESSING AT ANY TIME
Where there is a dispute in relation to the accuracy or processing of your personal data, you can request a restriction is placed on further processing. If you want to object to how we use your personal information, or ask us to restrict how we use it, please contact us using the details above.
THE RIGHT TO REQUEST YOUR PERSONAL INFORMATION IS ERASED
You have the right to request your personal information is erased where it is no longer necessary for us to retain it. This is known as ‘the right to erasure’ or ‘right to be forgotten.
If you want us to erase your personal information, please contact us using the details above. When we receive your request, we will confirm whether the personal information has been deleted or tell you the reason why it cannot be deleted. There may be legal reasons why we need to keep your personal information.
THE RIGHT TO REQUEST WE PROVIDE YOU WITH YOUR PERSONAL DATA IN A PORTABLE FORMAT
The right to request that we provide you with your personal data and where possible, to transmit that data directly to another data controller. This right only applies where the processing is based on consent or is necessary for the performance of a contract with you and in either case that we are processing the data by automated means.
THE RIGHT TO BE INFORMED IF YOUR DATA IS LOST
We shall also inform the Information Commissioner’s Office in accordance with the time limits in the GDPR.
YOUR RIGHT TO COMPLAIN
If you are not satisfied with our response or believe that we are not processing your personal information in accordance with the law, you can complain to the Information Commissioner’s Office by emailing email@example.com or telephoning 0303 123 1113 or visiting their website: https://ico.org.uk/global/contact-us
If we wish to use your personal data for a new purpose, not covered by this Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.