This notice explains why I collect your personal data and what I do with it, ensuring that I am in accordance with General Data Protection Regulation (GDPR).
What Information Do I Need & Why?
When you supply your personal details to me, when we communicate by email, and when I take notes in the clinic, this information is stored and processed for four reasons in line with the GDPR requirements:
I need to collect personal information about your health in order to provide you with the best possible treatment. Your requesting treatment and our agreement to provide that care constitutes in law an (unwritten) contract.
I have a legitimate interest in collecting that information, because without it I couldn’t practise acupuncture and herbal medicine effectively and safely.
I keep records of your contact information because I think that it is important that I can contact you in order to confirm your appointments with me and to update you on matters related to your medical care.
Provided I have your consent (and this only needs to be verbal consent), I may occasionally send you individualised health information by email in the form of articles or advice. I will not send out generalised leaflets or advertisements. You may withdraw this consent at any time – just let me know by any convenient method.
Retention & Sharing of Information
I have a legal obligation to retain your records for 8 years after your most recent appointment (or after you have reached age 25, if this is longer), after which time they are destroyed.
Your clinical records are temporarily stored on paper, in individual files, in a secure cabinet in my clinic at home. These paper records are later transferred to electronic files that are password protected on my computer. The original paper records are shredded. Any emails I might receive are also stored on my password protected computer. I am the only person who has access to your records and emails. I will never share your information with anyone who does not have a legal right of access without your written consent. In the event that anything should happen to me which would render me unable to oversee your records, then, and only in this event, I have entrusted the handling of my clinical records to a fellow practitioner.
In practice, the only circumstances that your information is likely to be shared with someone else is if you explicitly ask for them to be sent to another health professional or an insurance company.
Access to your information and correction
You have the right to see the personal data of yours I hold, and you can also ask me to correct any factual errors. I am legally required to respond to any request from a client to see their personal data within a timescale of 30 days. However, I will respond as soon as I possibly can to any reasonable request for access to personal records.
Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity.
For further information visit: www.aboutcookies.org.
You can set your browser not to accept cookies and the above website will tell you how to remove cookies from your browser.
Any concerns can be addressed directly to myself or with the Information Commissioner’s Office:
Edmond Williams - 2021