Haverhill Osteopaths


Haverhill Osteopaths, HAVERHILL

GDPR | Privacy Policy

The Haverhill Osteopaths does its utmost to protect your privacy. If you make an appointment or sign up for information this policy explains which data we collect, how we store this, how we use it and the conditions under which we may disclose it to others.

Core principles
The core principles of this policy are as follows.

  1. The Haverhill Osteopaths collects individual patient details only where there are legitimate business reasons to do so.
  2. The Haverhill Osteopaths collects data only when we are legally entitled to do so.
  3. We are clear with individuals as to what information we will collect.
  4. We only use personal data for the purpose(s) in which it was collected.

Personal information we collect
When you contact us by email, telephone, website, letter or in person to enquire about our services or make an appointment we must collect personal details in order to fulfil your request.

Patient Confidentiality
All staff abide by confidentiality agreement rules.  We respect your right to privacy and keep all you health information confidential and secure.  It is important that we keep accurate and up to date records about your health and treatment so that those treating you can give you the best possible care.
This information may be used for management and audit purposes.  However, it is usually only available to and use by those involved in your care.  You have the right to know what information we hold about you.

Access to Medical Records
The practice is registered and complies with the Data Protection Act and the Access to Health Records Act. Any request for access to notes by a patient, patient’s representative or outside body will be dealt with in accordance with the Act. Please contact the Practice Manager for further information.  There may be an administration charge. No information will be released without the patient consent unless we are legally obliged to do so.

How we use and retain your personal data
We may retain personal details for the following reasons.

Confidentiality & Medical Records
The practice complies with the data protection and access to medical records legislation.  Identifiable information about you will be shared with others in the following circumstances:

Reception and administration staff require access to your medical records in order to do their jobs.  These members of staff are bound by the same rules of confidentiality as the medical staff.

We make every effort to give the best service possible to everyone who attends our practice.  However we are aware that things can go wrong resulting in a patient feeling that they have a genuine cause for complaint.  If this is so, we would wish the matter to be settled as quickly and as amicably as possible.
To pursue a complaint please contact the practice manager who will deal with your concerns appropriately. 

Your rights
Your rights under data protection law are:
a) The right to access;
You have the right to know what personal data we hold about you and an explanation of the categories of data being processed, purposes of such processing, categories of third parties to whom the data may be disclosed.
You have the right to a subject access request (SAR) to obtain a copy of your personal data. We will supply you with a copy of your personal data in a concise, transparent and easily accessible form. The first copy will be provided free of charge, but additional copies may be subject to a fee.
(b) The right to rectification;
You have the right to have any inaccurate personal data we hold about you rectified.
(c) The right to erasure;
You have the right to have your personal details erased without delay unless we have to comply with a legal obligation. This applies where the data is no longer needed for their original purpose, where the processing is based on consent and the data subject withdraws that consent.
(d)The right to object to processing;
You have the right to object to the processing of personal data.
If the processing is based on the justification ‘necessary for a public interest’ or ‘necessary for the purposes of the legitimate interests pursued by the controller’; If personal data is processed for marketing purposes; and
If personal data is processed for scientific, historical research or statistical purposes
(e) The right to data portability;
You have the right to request a copy of your personal data from the data controller in a commonly used format.
You have the right to request a transfer of your personal data from one controller to another.
(f) The right to complain to a supervisory authority;
If you feel that the way in which we process your personal data infringes data protection legislation you have the right to submit a complaint to the supervisory authority.
(g) The right to withdraw consent;
We can only process your personal information with your consent and you have the right to withdraw that consent at any time.

How to exercise your rights.
You may exercise any of your rights in relation to your personal data by contacting us.