What is a Privacy Notice?
Under data protection law, you, as a patient of CM Chiropractic Ltd have specific rights. To communicate these rights to you in a clear and concise manner, we are providing you with this privacy notice.
Who We Are
Colchester Chiropractic Centre, 67-69a Mersea Road, Colchester, Essex, CO2 7QR. Tel: 01206 549809. Email: firstname.lastname@example.org. For the purposes of processing your personal data we are the Controller.
Data Protection Officer (DPO)
As we record and use sensitive data we take the protection of this data very seriously. We have therefore appointed a DPO, Dr. Lisa Callegari, who is your first point of contact for any matters regarding your personal data we process. She can be contacted by telephone, email and post as is given above.
The Personal Data We Process and What We Do with It
We record and use the following categories of personal data which may include: name, address, telephone numbers, email address and date of birth. Our lawful bases of processing this data are: consent to examine and treat you; contract to store your personal details and the right to process data as healthcare professionals.
Sharing Your Personal Data
We only share your personal data with your explicit consent, where, for example we need to contact a third party and give them your contact details in order to correspond regarding your treatment. Where third parties are used by us to store your personal data, we ensure they are compliant with the data protection law and any such data is not stored outside of the EU.
Retaining Your Personal Data
Whilst you are patient with us we will continue to store and use your personal data. We will retain your personal data for a period of 15 years, as we find it useful for returning patients to be kept longer (legitimate interest) than the statutory 8 years from the date of the last appointment or until the age of 25 years old for patients under 18. Limited information will be retained within our accounts systems indefinitely to maintain the integrity of the data.
As we process your personal data you have certain rights. These are a right of access, a right of rectification, a right of erasure and a right to restrict processing.
- You may request a copy of your data at any time. Please make such a request in writing or by email to the DPO.
- If you believe any of the personal data we hold on you is inaccurate or incomplete, please contact us directly and any necessary corrections to your data will be made without undue delay.
- If you believe we should erase your data, please contact the DPO.
- If you wish us to stop storing or using your data, please contact the DPO. Where you have provided explicit consent for us to use your data you have a right to withdraw this consent at any time.
Should your personal data that we control be lost, stolen or otherwise breached, where this constitutes a high risk to your rights and freedoms, we will contact you without delay. The DPO who is dealing with the breach will explain to you the nature of the breach and the steps we are taking to deal with it.
Should You Wish to Complain
You can contact the Information Commissioners’ Office via their website: www.ico.org.uk should you wish to make a complaint about the way we are processing your personal data.
Automated Decision Making and Profiling
We do not use any system which uses automated decision making or profiling in respect of your personal data.
CCTV is used on the premises for security monitoring purposes.