It is important for all of our patients, be they long-term established patients, recent arrivals, or potential new patients, to feel comfortable with the personal information that is both requested and provided before, during and after consultations. The following policy document explains how the data (personal information that either identifies you or that could identify you) is collected, used and stored.
1. DATA CONTROLLER
Andrew Hoyes is the Data Controller for the purposes of the Data Protection Act 1998 and (from 25 May 2018) the EU General Data Protection Regulation 2016/679 (“Data Protection Law”), or GDPR and, as such, is responsible for your personal information and the processing thereof. If you have any questions or concerns, you may contact me by email at firstname.lastname@example.org or in writing at the address at the bottom of this document.
2. YOUR INFORMATION
Your personal information includes your name, address, date of birth, email address, telephone contact number(s), next of kin details, medical history and debit or credit card details. This information has been provided prior to, during, or following the consultation either face to face in clinic, over the telephone or via the website. This information is held on paper records stored in a locked filing cabinet or fully password protected clinical software locally.
3. LEGAL BASIS
Your personal information enables the clinic to meet mandatory requirements regarding medical notes. There is a legal requirement for the retention of health records for an adult eight years after the patient’s last appointment. This time frame also applies to deceased patients. For children and young persons under the age of 18, it is until their 25th birthday. For mentally disordered persons (within the meaning of the Mental Health Act 1983) records are retained for 20 years after their last treatment.
For customers who are not patients (but who have bought products from the business) any data provided by them will be kept for a minimum of six years in line with tax legislation.
After these statutory periods your details will be destroyed.
There may be occasions where it is necessary to share information with your General Practitioner, Practice Nurse or Consultant to allow continuity of care.
4. WHY I NEED YOUR INFORMATION AND HOW I USE IT
Data is collected to assist in the administration of my business to provide you with an efficient service. We would like to use your contact details to assist with the administration of your appointments; changes to scheduled appointments and/or reminders about appointments. Only in extreme cases where it is necessary for the clinic to contact you regarding treatment or an appointment will you receive an email. To further enhance our service to you we would like to be able to update you on any information regarding the practice, but there will be no direct marketing.
I engage certain trusted parties to perform functions and provide service to my business such as my clinic assistants. I will share your personal information with these third parties, but only to the extent necessary to perform these services.
Business transfers: If I sell or merge the business, I may disclose your information as part of that transaction, only to the extent permitted by law and with your consent.
Compliance with laws: I may collect, use, retain, and share your information if I am legally required.
5. YOUR RIGHTS
You have a number of rights in relation to your personal information. While some of these rights apply generally, certain rights only apply in certain limited cases:
- Access. You have the right to access and receive a copy of the personal information I hold about you by contacting me using the contact information below.
- Change, restrict, delete: You may also have rights to change, restrict use of, or delete your personal information. In the case of health records these are normally exempt from change and deletion requests.
- Object: You can object to my processing of some of your information.
- Complain: If you wish to raise a concern about my use of your information (and without prejudice to any other rights you may have) you have the right to do so with the Information Commissioner www.ico.org.uk
ANDREW HOYES – FOOT, HEALTH & LASER CLINIC, 27 MARKET PLACE, NORTH WALSHAM NR28 9BS