The Village Clinic Ltd
Privacy Policy 11.01.21
The Village Clinic are committed to protecting your personal and sensitive health data. We make every attempt to keep your data secure and safe. If you have any questions regarding this privacy policy please contact us on 01242 673507 or mail@villageclinic.co.uk. The Village Clinic Ltd are duty bound to keep your personal and medical details confidential to comply with UK data protection law and the HCPC medical confidentiality guidelines.
It is your responsibility to contact us to inform us of any changes in your personal details. This is very important.
1. What Personal Data do we collect about you.
We will need to collect the following personal data from you, before your appointment in order to register you as a patient, and to manage our ongoing relationship with you:
• name, address and contact telephone numbers
• email address
• date of birth
• GP surgery
• mobility status (e.g. if you are able to go upstairs)
• next of kin details where appropriate
• your financial details if you pay by Credit / debit card on by online bank transfer
• If you use our website, it collects anonymised data to allow us to monitor the use of our website. Please see our website privacy policy for more information.
2. Sensitive Health data
In order to treat you we have a legal obligation to obtain and record sensitive health data. This can be collected in the following forms:
• verbally from yourself during our consultations
• through our physical examination of you
• records of treatments performed and advice given
• via medical questionnaires, outcome forms and treatment consent forms
• from referral letters / reports from other medical professionals e.g. GP’s, Consultants.
• from other referrers e.g. health insurance companies, intermediary claim companies
• any other medical data you choose to share with us via emails, letters, copies of previous medical consultations or results.
To treat you within our professional rules of conduct we are required to obtain details of your medical and drug history, as well as details of the current condition you are presenting to us for treatment.
3. How we use your personal and sensitive health data:
We collect and store your sensitive personal health data listed above. This data will be used by our clinicians to assess and treat you. We may pass your sensitive health data on to other health care professionals if we feel it necessary. We will gain your written consent to pass your health details on to anyone else e.g. your employer, health insurance company. We may also use your treatment data to analyse and audit the type and quality of our treatments.
To enable us to manage our relationship with you we will use your personal data to:
• creating, reminding you or changing appointments
• to respond to your queries
• to re-call you for appointments due
• to contact you if products you have ordered have arrived or discuss products with you
• for financial reasons: to take payment from you, to send invoices due for payment, statements etc and for billing insurance companies
• send you personalised exercise sheets in the post or email
• send you outcome measure forms that require completing or any other forms that require signing in relation to your treatment e.g. satisfaction surveys.
• ask you to provide reviews of our service
• send copies of medical correspondence in relation to your condition
• inform you of any new treatments / updates that we feel may benefit you (you can opt out)
• send you any offers / loyalty vouchers (you can opt out)
• send you our newsletter (you can opt out)
• for audit purposes and research purposes (data will be anomlyised)
• responding to any requests for data where we have a legal obligation to do so
For many of these activities you can specify a preference for how you would like them to be sent e.g. phone call, text, email or you can opt out at any time by contacting our receptionists.
We will not share your details with third parties for marketing purposes
4. Our lawful ground of processing
Our grounds for processing your sensitive health data is legal obligation. Our legal grounds for processing personal data are for performance of a contract with you and are necessary to develop our products/services and grow our business and to recover monies owed.
5. Disclosure of your personal data
We may have to share your personal data with (i) Health insurance companies or Intermediary Claim companies who have referred you for treatment (ii) to other health care professionals for the purposes of discussing your treatment or onwards referral (iii) service providers who provide IT and system administration support (iv) professional advisors including lawyers, bankers, auditors and insurers (v) HMRC and other regulatory authorities (vi) third parties to whom we sell, transfer or merge parts of our business or our assets.
We require all of these third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. They are only allowed to process your personal data on our instructions.
6. International transfers
Some of our third party providers are businesses outside of the EEA in countries which do not always offer the same levels of protection for your personal data. We do our best to ensure a similar degree of security by ensuring that contracts, code of conduct or certification are in place which give your personal data the same protection it has within Europe. If we are not able to do so, we will request your explicit consent to the transfer and you can withdraw this consent at any time.
7. Data security
We have put in place security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We also limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know such data. They will only process your personal data on our instructions and are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breaches and will notify you and any applicable regulator where we are legally required to do so.
We may anonymise your personal data (so that you can no longer be identified from such data) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
8. Data retention
We will only keep your personal data for as long as is necessary to fulfil the purposes for which we collected it. In accordance with our legal healthcare obligations, anyone who has attended treatment your personal data and medical notes will be kept for a minimum of 8 years (longer for children, pregnant ladies and any notes deemed necessary by the clinicians). Once you have attended for treatment, we have a legal obligation to keep your data so you no longer have the right to ask us to delete your data.
Anyone who registers as a patient and does not attend an appointment or contacts us with an enquiry your data will be kept for a shorter length of time as deemed necessary to fulfil our business needs and requirements.
9. Your rights
You may be able to exercise certain rights in relation to your personal data that we process. These are set out in more detail at
https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
In relation to a Subject Access Right request, you may request that we inform you of the data we hold about you and how we process it. We will not charge a fee for responding to this request unless your request is clearly unfounded, repetitive or excessive in which case we may charge a reasonable fee or decline to respond.
We will, in most cases, reply within one month of the date of the request unless your request is complex or you have made a large number of requests in which case we will notify you of any delay and will in any event reply within 3 months.
If you wish to make a Subject Access Request, please send the request to The Village Clinic Ltd, 11 Tarlings Yard, Bishops Cleeve, Cheltenham, GL52 8RN or mail@villageclinic.co.uk marked for the attention of The Directors
10. Keeping your data up to date
We have a duty to keep your personal data up to date and accurate so from time to time we will contact you to ask you to confirm that your personal data is still accurate and up to date.
If there are any changes to your personal data (such as a change of address) please let us know as soon as possible by telephoning, writing to or emailing the address above.
11. Complaints
We are committed to protecting your personal data but if for some reason you are not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).
We should be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you.
12. Updating this policy
From time to time we may update this privacy policy, the latest version will be on our website and available at reception at any time
13. Our Third Party data processors
Rushcliff ( Private Patient Software) https://www.rushcliff.com
Physiotools http://www.physiotools.com/
1&1 webhosting and email provider https://www.1and1.co.uk
Rehab My Patient https://www.rehabmypatient.com/
Jotform https://www.jotform.com/gdpr-compliance/dpa/