Bodywright Privacy Notice
Privacy notice last updated 29th October 2019
Our contact details
Bodywright, The Old Nurseries, Kiln Lane, Brockham, Betchworth, RH3 7LX
What type of information we collect
When you make a booking by email, telephone or text message, we may collect your name, email address and telephone number.
When you make a booking via our online booking service, we will collect your name, email address and telephone number. Our online booking service is provided on our behalf by Setmore, their full privacy notice can be found online at this address: www.setmore.com/privacy.
When you attend for an appointment as a patient we will need to collect further personal information such as your address, occupation and doctor’s (GP) details. For the purposes of providing treatment, we may also need to collect detailed medical information from you about your current health, medication and past medical history, but will only collect what is relevant and necessary.
Our website may contain links to external websites. If you choose to visit these external websites you should be aware that they will have their own privacy policies in place which may differ from ours.
How we collect this information
The majority of the information we collect about you will be provided to us directly by you. We do not actively collect any personal information about you by any indirect methods.
Why we collect this information
Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:
For your contact data (name, address, email address and telephone number) the lawful basis is that we have a legitimate interest to be able to provide you with information about your appointment and (with your permission) to promote osteopathic treatment through the use of promotions or special offers.
For medical information about you we have a lawful basis of contract. Your request for treatment and our acceptance of that request constitutes a contract. We need to process your personal data to be able to provide you with the most appropriate examination and treatment procedures.
Health data is considered to be special category data under the GDPR legislation, since processing of your personal data is necessary for diagnosis and the provision of health care or treatment (as described above), this also satisfies the additional condition required for processing special category data under GDPR.
What we do with the information we collect
When you make a booking using our online booking service, we will use the contact details you provide (name, email address and telephone number) to provide you with information about your appointment. This may include emails or text messages to confirm your appointment has been made, remind you of an upcoming appointment and confirm any re-scheduling or cancellations.
If you make a booking by telephone, email or text message we may also use the contact details you provide to send you information about your appointment such as confirmation, reminder, re-scheduling or cancellation notifications.
After your first appointment, with your permission, we may use your contact details to provide you with information about promotions or special offers. We will provide you with the opportunity to opt-in to receiving these communications at your first appointment.
We do not share, sell or rent your contact details.
Personal information such as your occupation, GP contact information and health related information (past and present) is used to allow us to provide you with the most appropriate examination and treatment procedures.
As part of our obligations as primary healthcare practitioners there may be circumstances related to your treatment, on-going care or medical diagnosis that will require sharing information from your medical records with other healthcare practitioners such as your GP, consultants or medical insurance companies. This information would only be disclosed to third parties with your explicit prior consent, the only exception to this would be if we were compelled to do so in order to meet legal obligations, regulations or a valid government request.
We may use anonymised data to conduct internal audits of subjects such as our clinic procedures, patient demographics or presenting complaints. These audits would be carried out to allow us to improve our clinic procedures or for the purposes of continuing professional development as required by the General Osteopathic Council (the regulatory body for osteopaths).
How we store your information
Your contact information will be stored on paper (as part of your medical records – see below) and may also be stored electronically. Any computers used to store your contact information will be password protected and access will only be provided to authorised staff.
Your medical information will be kept in the form of paper records which will be stored in filing cabinets, these will always be locked when access is not required and all keys stored off-site. Only the osteopath providing your treatment will have access to your medical information.
We will process your personal data during the duration of any treatment that you receive from us and will store the relevant personal data for a minimum period of 8 years after your last appointment with us to meet our legal and regulatory obligations. In the case of a minor we will store the relevant personal data at least until that person reaches the age of 25 to meet our legal and regulatory obligations.
Your data protection rights
Under data protection law, you have rights including:
Your right of access – You have the right to ask us for copies of your personal information.
Your right to rectification – You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing – You have the right to ask us to restrict the processing of your information in certain circumstances.
Your right to object to processing – You have the right to object to the processing of your personal data in certain circumstances.
Your right to data portability – You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Please contact us at firstname.lastname@example.org if you wish to make a request so that we can provide you with the correct form and further information about what information we will require from you to be able to fulfil your request.
How to complain
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Helpline number: 0303 123 1113