GDPR Privacy Policy

GDPR PRIVACY POLICY

We are committed to safeguarding the privacy of all patients who attend our centre; this policy sets out how we will treat your personal information. This document has been devised to reflect the new GDPR regulations which come into force from 25th May 2018. It may be updated from time to time in accordance with any new regulations.

  1. Who We Are

We are Norwich Spinal Health of: The Old Palace, 252 Heigham Street, Norwich, Norfolk, NR2 4LQ, tel: 01603 216430, email: gdpr@norwichspinalhealth.co.uk. For the purposes of processing your personal data, we are the data controller.

  1. What Personal Data do we collect and what do we do with it?

We record and collect the following categories of personal data: name, address, telephone numbers, date of birth, email address, health information including medical history, diagnosis and treatment data. Our lawful basis for processing this data is one of contract, and for the health information, the provision of health-related services as a provider of spinal health care. In addition, we will only examine or treat you with your prior explicit consent.

We would also like to send you occasional emails, newsletters or special promotions that we think may be of interest to you. You may withdraw this consent at any time – just let us know by any convenient method.

We will never share your data with anyone who does not need access without your written consent.

  1. Retaining Your Personal Data

Whilst you are under care at our centre we will continue to store and use your personal data. If you discontinue your care, we will be required to retain your personal data for a minimum of eight years. In the case of a child receiving care, after discontinuing care, personal data will be retained until the date of their 25th birthday; or 26th birthday if the child was age 17 when discharged. After this period, you can ask us to delete your records if you wish.

  1. Your Rights

As we process your personal data, you have certain rights. These are a right of access, a right of rectification, a right of erasure and a right to restrict processing.

You may request a copy of your data at any time. Please make such a request in writing; or by email to the data controller whose details are given above in point 1. Please provide the following information: your name, address, telephone number, email address and details of the information you require. We will need to verify your identity so we may ask for a copy of your passport, driving license and/or a recent utility bill.

If you believe any of the personal data we hold on you is inaccurate or incomplete, please contact the centre directly and any necessary corrections to your data will be made promptly.

If you believe we should erase your data, please contact the data controller, whose details are given above in point 1.

If you wish us to stop storing or using your data, please contact the data controller, whose details are given above in point 1.

  1. Data Breaches

Should your personal data that we control be lost, stolen or otherwise breached, where this constitutes a high risk to your rights and freedoms, we will contact you without delay. We will give you the contact details of the person who is dealing with the breach; explain to you the nature of the breach and the steps we are taking to deal with it.

  1. Should You Wish to Complain

You can contact the ICO via their website: www.ico.org.uk should you wish to make a complaint about the way we are processing your personal data.

  1. Automated Decision Making and Profiling

We do not use any system which uses automated decision making or profiling in respect of your personal data.

  1. Contact

If you have any questions about this privacy policy or our treatment of your personal information; please write to us at the address given above in point 1.

 

 

 

 

 

11/5/2018

 

 Facebooktwittergoogle_pluspinterestlinkedinmail