Privacy Policy
At Epsom OsteoCare we are committed to protecting and respecting the privacy of anyone coming to use our services.
This policy sets out how we process any personal data we collect from you or that you provide to us through our website. We confirm that we will keep your information secure and that we will comply fully with all applicable UK Data Protection legislation and regulations. Please read the following carefully to understand what happens to personal data that you choose to provide to us, or that we collect from you when you visit this site.
By visiting our website you are accepting and consenting to the practices described in this policy.
1: Scope of this privacy policy
This privacy policy applies only to the actions of Epsom OsteoCare and Users with respect to this Website. It does not extend to any websites that can be accessed from this Website including, but not limited to, any links we may provide to social media websites.
For purposes of the applicable data protection laws, Epsom OsteoCare is the “data controller”. This means that Epsom OsteoCare determines the purposes for which, and the manner in which, your data is processed.
2: Personal Details and Consent
We need to collect personal information about your health in order to provide you with the best possible treatment.
Your requesting treatment and our agreement to treat you constitutes a contract. You are free to refuse to provide the information we request, but without this information we may not have enough data for us to create a full diagnosis and provide the best treatment.
Because we work in the medical field we have a ‘Legitimate Interest’ in collecting the data because without it we would not be able to do our jobs effectively and safely. We also have a ‘Legitimate Interest’ in providing you with appointment confirmations, appointment reminders, and aftercare advice. Having a ‘Legitimate Interest’ means that we do not need to ask you for specific consent for these types of communications.
We do, however, need to ask you for specific consent to send you newsletters, information about events, or any other information that could be construed as marketing.
3: Personal Details; what we keep and for how long
We have a legal obligation to retain patient notes under our Code of Practice dictated by the GOsC for a minimum of 8 years and children’s notes should be kept until their 25th birthday.
Our patient notes include:
- Patients personal details (age, date of birth, telephone number, email and home address
- Any problems or symptoms reported by the patient
- Relevant medical and family history
- Clinical findings
- Information and advice provided
- Information given to the patient about risks of treatment
- Records of Consent (we have forms for consent to Dry Needling and intimate area examination and treatment, Chaperone requests and we seek ongoing verbal consent for all other treatment, which we record in your file)
- Treatment provided, reaction to treatment and ongoing evaluation of findings.
- Any correspondence about the patient (with consent requested and recorded) with other health professionals.
- Whether anyone else was present in the consultation.
4: Personal Details, where and how we store your data:
We store our case histories electronically on the Cliniko system
Your name, address, email address, date of birth and telephone numbers are additionally stored on a booking system called Cliniko regardless of whether the notes are also stored there.
When you first register with Cliniko you are asked whether you consent to our Privacy policy (which is this document). As stated, we only need your consent to send you marketing. We otherwise have legitimate interest to process your data and this consent is not necessary.
Cliniko also provides details on how they store information about you and ask for your consent to this when you make an online booking. Their privacy policy is also available here: https://www.cliniko.com/policies/privacy. When we no longer need to store your data in Cliniko (after our statutory obligation to hold data for 8 years passes, or until you reach the age of 25years old and 8 years have passed), we will delete your records.
For patients who have been prescribed a program of exercise, we sometimes use a system called RehabMyPatient, which stores your name, date of birth and email address (for the purposes of being able to send you the exercise program) and no other data. This data is held securely. RehabMyPatient does use GoogleAnalytics to collect anonymised data which they use to improve the site. From this they record: the computer you used to access the site, your general location, how long you stayed on the site. The details are available in their Privacy Statement available here: www.rehabmypatient.com/gdpr. Their data is stored in a Digital Ocean data centre in London, who are GDPR compliant.
5: Controlling your Personal Details
You have rights concerning the information we hold about you:
- You can request a copy of all the data we hold about you. Upon request we will provide you scanned copies of the personal data we hold.
- If you change your name, address or email address, please contact us so that we can keep our data up to date.
- You have the right to request erasure of your personal data that we are not legally obligated to keep for a minimum of 8 years.
- We do not sell your information to third parties.
- We do not share your data with third parties for marketing or any other purpose, without prior consent by you (for example sharing your data with other healthcare professionals)
- We do not gather sensitive personal data such as political opinions, religious or philosophical beliefs, trade union membership, sexual orientation or criminal convictions)
6: Other ways in which personal your data may be collected
With regard to each of your visits to our website we may automatically collect information including the following:
- technical information, including a truncated and anonymised version of your Internet protocol (IP) address, browser type and version, operating system and platform.
- information about your visit, including what pages you visit, how long you are on the site, how you got to the site (including date and time); page response times, length of visit, what you click on, documents downloaded and download errors.
- we may also collect your data automatically via cookies, in line with the cookie settings on your browser. For more information about cookies, and how we use them on the website, see the section below, headed “Cookies”.
7: Our use of your Data
Any or all of the above collected data may be required by us from time to time in order to provide you with the best possible service and experience when using our website. Specifically, data may be used by us for the following reasons:
- To provide you with information and/or services that you request from us;
- To provide you with marketing and informational newsletters. There is an ‘Opt in’ box on our case history forms allowing you to give consent to receive this material. You can withdraw this consent at any time.
- To administer our site including troubleshooting and statistical purposes;
- To improve our site to ensure that content is presented in the most effective manner for you and for your computer;
- For security and debugging as part of our efforts to keep our site safe and secure.
- This information is collected anonymously and is not linked to information that identifies you as an individual. We use Google Analytics to track this information. Find out how Google uses your data at https://support.google.com/analytics/answer/6004245
8: Who we share Data with
Any information you provide to us will either be emailed directly to us or may be stored on a secure server. We use a trusted third party hosting provider (Hostinger) to facilitate the running and management of this website.
We do not rent, sell or share personal information about you with other people or non-affiliated companies, any external sources required by your website such as mailing lists from service providers such as mailchimp, sendinblue etc, are subject to your own user agreement per the terms of your account with the provider themselves.
We will use all reasonable efforts to ensure that your personal data is not disclosed to regional/national institutions and authorities, unless required by law or other regulations.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
9: Your rights as a data subject
At any point whilst Osteopaths are in possession of, or processing your personal data, all data subjects have the following rights:
- Right of access – you have the right to request a copy of the information that we hold about you.
- Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
- Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
- Right to restriction of processing – where certain conditions apply you have a right to restrict the processing.
- Right of portability – you have the right to have the data we hold about you transferred to another organisation.
- Right to object – you have the right to object to certain types of processing such as direct marketing.
- Right to object to automated processing, including profiling – you also have the right not to be subject to the legal effects of automated processing or profiling.
In the event that your request under rights of access is refused, we will provide you with a reason as to why, which you have the right to legally challenge. At your request we can confirm what information it holds about you and how it is processed.
10: You can request the following information:
- Identity and the contact details of the person or organisation (Osteopaths) that has determined how and why to process your data.
- Contact details of the data protection officer, where applicable.
- The purpose of the processing as well as the legal basis for processing.
- If the processing is based on the legitimate interests of Osteopaths and information about these interests.
- The categories of personal data collected, stored and processed.
- Recipient(s) or categories of recipients that the data is/will be disclosed to.
- How long the data will be stored.
- Details of your rights to correct, erasure, restrict or object to such processing.
- Information about your right to withdraw consent at any time.
- How to lodge a complaint with the supervisory authority (ICO).
- Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and the possible consequences of failing to provide such data.
- The source of personal data if it wasn’t collected directly from you.
- Any details and information of automated decision making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing.
The following forms of identification (ID) when information on your personal data is requested: a copy of your driving licence, passport, birth certificate and a utility bill not older than three months. A minimum of one piece of photographic ID listed above and a supporting document is required. If we are dissatisfied with the quality, further information may be sought before personal data can be released.
All requests should be made to Epsom OsteoCare by email info@epsomosteocare.co.uk
11: Third party links
Our site may, from time to time, contain links to and from the third party websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
12: Cookies
This Website may place and access certain Cookies on your computer. Epsom OsteoCare uses Cookies to improve your experience of using the Website and to improve our range of services. Epsom OsteoCare has carefully chosen these Cookies and has taken steps to ensure that your privacy is protected and respected at all times.
All Cookies used by this Website are used in accordance with current EU Cookie Law as well UK law.
Before the Website places Cookies on your computer, you will be presented with a message bar requesting your consent to set those Cookies. By giving your consent to the placing of Cookies, you are enabling Epsom OsteoCare Ltd to provide a better experience and service to you. You may, if you wish, deny consent to the placing of Cookies; however certain features of the Website may not function fully or as intended.
This Website may place the following Cookies:
Strictly necessary cookies – are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of
Analytical/performance cookies – They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
Functionality cookies – These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
Targeting cookies – These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.
You can find a list of Cookies that we use in the Cookies Schedule.
You can choose to enable or disable Cookies in your internet browser. By default, most internet browsers accept Cookies but this can be changed. For further details, please consult the help menu in your internet browser. You can choose to delete Cookies at any time; however you may lose any information that enables you to access the Website more quickly and efficiently including, but not limited to, personalisation settings.
It is recommended that you ensure that your internet browser is up-to-date and that you consult the help and guidance provided by the developer of your internet browser if you are unsure about adjusting your privacy settings.
For more information generally on cookies, including how to disable them, please refer to aboutcookies.org. You will also find details on how to delete cookies from your computer.
Cookies Schedule
The following types of cookies may be used when you visit the Site:
Advertising Cookies – Advertising cookies are placed on your computer by advertisers and ad servers in order to display advertisements that are most likely to be of interest to you. These cookies allow advertisers and ad servers to gather information about your visits to the Site and other websites, alternate the ads sent to a specific computer, and track how often an ad has been viewed and by whom. These cookies are linked to a computer and do not gather any personal information about you.
Analytics Cookies – Analytics cookies monitor how users reached the Site, and how they interact with and move around once on the Site. These cookies let us know what features on the Site are working the best and what features on the Site can be improved.
Our Cookies – Our cookies are “first-party cookies”, and can be either permanent or temporary. These are necessary cookies, without which the Site won’t work properly or be able to provide certain features and functionalities. Some of these may be manually disabled in your browser, but may affect the functionality of the Site.
Personalization Cookies – Personalization cookies are used to recognize repeat visitors to the Site. We use these cookies to record your browsing history, the pages you have visited, and your settings and preferences each time you visit the Site.
Security Cookies – Security cookies help identify and prevent security risks. We use these cookies to authenticate users and protect user data from unauthorized parties.
Site Management Cookies – Site management cookies are used to maintain your identity or session on the Site so that you are not logged off unexpectedly, and any information you enter is retained from page to page. These cookies cannot be turned off individually, but you can disable all cookies in your browser.
Third-Party Cookies – Third-party cookies may be place on your computer when you visit the Site by companies that run certain services we offer. These cookies allow the third parties to gather and track certain information about you. These cookies can be manually disabled in your browser.
13: Changes to this privacy policy
Epsom OsteoCare reserves the right to change this privacy policy as we may deem necessary from time to time or as may be required by law. Any changes will be immediately posted on the Website, and you are deemed to have accepted the terms of the privacy policy on your first use of the Website following the alterations. You may contact Epsom OsteoCare by email at info@epsomosteocare.co.uk
14: Complaints
In the event that you wish to make a complaint about how your personal data is being processed, you have the right to complain to us. If you do not get a response within 30 days, you can complain to the ICO.
The details for each of these contacts are:
Alexis Weiner-Roup
Epsom OsteoCare
White House Health and Wellness Centre
16 Waterloo Road
Epsom
KT19 8EX
Tel: 07852279822
or
ICO
Wycliffe House,
Water Lane,
Wilmslow,
SK9 5AF
Tel: 0303 123 1113
https://ico.org.uk/global/contact-us/email/
Privacy Policy Correct as of 20/6/24
