The processing of personal data is governed by the Data Protection Regulation 2016/679 (the GDPR). This legislation will replace current data privacy law, giving more rights to you as an individual and more obligation to organisations holding your personal data.
One of the rights is a right to be informed, which means we must give you even more information than we do now about the way in which we use, share and store your personal information.
This means that we will be publishing a new privacy notice, so you can access this information, along with information about the increased rights you have in relation to the information we hold on you and the legal basis on which we are using it.
At Beckenham Therapy Rooms we take your data protection very seriously and have subsequently outlined how your data is protected. We are registered with the ICO and the Data Protection Officer is Pamela D'alberto 102a Bromley Road, Beckenham, Kent BR3 5NP.
How do we process your personal data?
We do not ever sell our give out your data to any third parties.
We comply with our obligations under the GDPR by keeping personal data up to date: by storing and destroying securely: by not collecting or retaining excessive amounts of data: by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data. We use your personal data for the purposes set out below.
1. We use your name, address, telephone number and email address to make and rearrange appointments. We are unable to send or receive encrypted emails, so you should be aware that any emails we send or receive may not be fully protected in transit. We will also monitor any emails sent to us, including file attachments, for viruses or malicious software.
2. We use your name and email address only if we have explicit consent to send you marketing materials.
3. Some patients and prospective patients tell us about their medical conditions and medication by email or an online enquiry form. We are unable to send or receive encrypted emails, so you should be aware that any emails we send or receive may not be protected in transit. We will monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send us is within the bounds of the law.
4. We keep a permanent attendance register which records all appointments for patients attending our clinic to keep a record of when you were treated for tax purposes and to secure potential evidence in the event of a criminal prosecution, civil litigation, insurance claims or complaint to my regulatory body, the British Acupuncture Council.
5. We may use you date of birth to help identify patients with the same name to avoid mistakes being made as to safe and appropriate treatment, for identification purposes if referring a patient to another health practitioner and for identification purposes if writing to a registered medical practitioner so that they correctly identify the patient.
6. We use your presenting complaint and symptoms reported by you for the purpose of making a full traditional Chinese Medicine diagnosis, formulating treatment strategy and treatment planning.
7. We use relevant medical and family history you have told us for making a full traditional Chinese Medicine diagnosis, formulating treatment strategy and treatment planning.
8. We use your GP's name and address if we need to contact your GP and because it is a mandatory requirement in the British Acupuncture Council Code of Professional Conduct.
9. We use clinical findings about your health and wellbeing for making a full traditional Chinese Medicine diagnosis, and formulating treatment strategy and treatment planning.
10. We record and refer to that record of any treatment given and details of progress of your case, including reviews of treatment planning to enable us to: review the full traditional Chinese Medicine diagnosis, treatment strategy and planning and to secure evidence in the event of criminal proceedings, civil litigation, an insurance claim or complaint.
11. We record and use any information and advice that we have given, especially when referring patients to other health professional, to help you to receive the most appropriate treatment and to secure evidence in the event of criminal proceedings, an insurance claim or complaint.
12. We record any decisions made in conjunction with you to help you to receive the most appropriate and to secure evidence in the event of criminal proceedings, civil litigation, an insurance claim or complaint.
13. All medical records are recorded on paper only and stored in locked filing cabinets at Beckenham Therapy Rooms, 102a Bromley Road, Beckenham Kent BR3 5NP.
14. We keep accident records for any Reporting of Injuries, Diseases and Dangerous Occurrences Regulations (RIDDOR) to comply with the law and to secure evidence in the event of criminal proceedings, civil litigation and insurance claims or complaint.
15. In the event of an adverse incident occurring to any of our patients we report the matter to the British Acupuncture Council and our insurance company to enable the insurance company to deal with any potential claims and to help the British Acupuncture Council to develop its safe practice guidelines, as well as providing research data and information for BacC'S insurers and other interested parties.
16. Where relevant we maintain records of the patient's consent to treatment,or the consent of their next of kin in order to be able to prove that the patient (and/or parent or guardian/next of kin) has given consent to treatment to secure evidence in the event of a civil claim criminal prosecution, insurance claim or complaint.
Section 17 applies to those who complain about our services
17. When we receive a complaint from a person we make up a file containing the details of the complaint. This normally contains the identity of the complainant and any other individuals involved in the complaint.
We will only use the personal information we collect to process the complaint and to check on the level of service we provide. We usually have to disclose the complainant's identity to whoever the complaint is about. If a complainant doesn't want information identifying him or her to be disclosed, we will try to respect that. However, it may not be possible to handle a complaint on an anonymous basis. We may need to provide personal information collected and processed in relation to complaints to the British Acupuncture Council or our insurance company.
We will keep personal information contained in complaint files in line with our retention policy. This means that information relating to a complaint will be retained for two years from closure. It will be retained in a secure environment and access to it will be restricted according to the 'the need to know' principle.
Similarly where enquiries are submitted to us we will only use the information supplied to us to deal with the enquiry and any subsequent issues and to check on the level of service we provide.
When someone visits our website we use a third party service, StatCounter, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make and do not allow StatCounter to make, any attempt to find out the identities of those visiting our website.
We use a third party service to host our website. For more information please see https://www.virtualtapestry.co.uk/privacy.php
Sharing your personal data
Your personal data will be treated as strictly confidential and will be shared:
- With named third parties with your explicit consent;
- With the relevant authority such as the police or a court, if necessary for compliance with a legal obligation to which we are subject e.g. court order;
- With your doctor or the police if necessary to protect yours or another persons life;
- With the police or a local authority for the purpose of safeguarding a child or vulnerable adult;
- With my regulatory body, the British Acupuncture Council and the Association of Traditional Chinese Medicine, or my insurance company in the event of a complaint or insurance claim brought against me; or my solicitor in the event of any investigation or legal proceedings being brought against me.
How long do we keep your personal data?
We keep your personal data for no longer than reasonably necessary.
We keep patients' records for 7 years in accordance with the British Acupuncture Code of Professional Conduct.
At any time you may request that changes are made to your contact details.
Your rights and your personal data
Unless subject to an exemption under the GDPR you have certain rights with respect to your personal data as set out below.
The right to request a copy of your personal data which we hold about you.
The right to request a copy of your personal data which we hold about you.
The right to request that we correct any personal data if it is found to be inaccurate or out of date.
The right to request your personal data is erased where it is no longer necessary for us to retain such data.
The right to withdraw consent to processing at any time. This does not apply where we are processing information using a lawful purpose other than consent.
The right to request that we provide you with your personal data and where possible to transmit that data directly to another data controller, (known as the right to data portability this right only applies where the processing is based on legitimate interests or the performance of a task in the public interest/exercise of official authority): direct marketing and processing for the purposes of scientific/historical research and statistics.
The right to be informed if your data is lost. We shall also inform the ICO in accordance with the time limits in the GDPR.
The right to lodge a complaint with the Information Commissioner's website.
If we wish to use your personal data for a new purpose not covered by this Privacy Notice then we will provide you with a new notice, explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek prior consent to the new processing details.
To exercise all relevant rights queries and complaints, please contact in the first instance Pamela D'alberto, 102a Bromley Road, Beckenham Kent BR3 5NP. 0208 658 5544 Email: firstname.lastname@example.org
You can contact the Information Commissioner's Office (ICO) on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the ICO Wycliffe House, Water Lane, Wilmslow Cheshire SK9 5AF.
The information we hold about you is in paper format and is held in a secure cabinet under lock and key to which only two people have access to.
To further secure the data the cabinet is then placed in a locked room overnight where access is by a key pad, the numbers of which are known only to myself Pamela D'alberto and Lisa Sayers.
All data files are removed from the premises after 6 months if no longer required and placed at Beehive Cottage, Old School Road, Whepstead, Suffolk IP29 4UA in a locked cupboard. These files are kept for 8 years then destroyed by incineration.
All e-mails sent to Beckenham Therapy rooms via our website have been secured.
We no longer send out newsletters and any data that you may have given to use prior to January 2018 has been removed from our data.