At Hitchin Osteopathy we take the security of personal data seriously and are committed to keeping you fully informed of your rights under the General Data Protection Regulation (GDPR). We aim to act transparently at all times and to provide you with accessible information on how we use your personal data.
Information we collect
We will collect personal data on our website only if it is directly provided to us by you, the user, and therefore has been provided by you with your consent. We may collect the following information: your email address, name, job title, home or work address and telephone number. Normally you will only provide such details if you submit the contact form or web form on our website or sign up for our free newsletter or other resources such as downloadable PDFs.
When you supply your personal details to this clinic they are stored and processed for 4 reasons (the bits in bold are the relevant terms used in the Data protection Act 2018, which includes the General Data Protection Regulation – ie the law):
We have a legal obligationto retain your records for 8 years after your most recent appointment (or age 25, if this is longer), but after this period you can ask us to delete your records if you wish. Otherwise, we will retain your records indefinitely in order that we can provide you with the best possible care should you need to see us at some future date.
Your records are stored
We will never share your data with anyone who does not need access without your written consent. Only the following people/agencies will have routine access to your data:
From time to time, we may have to employ consultants to perform tasks that might give them access to your personal data (but not your medical notes). We will ensure that they are fully aware that they must treat that information as confidential, and we will ensure that they sign a non-disclosure agreement.
You have the right to see what personal data of yours we hold, and you can also ask us to correct any factual errors. Provided the legal minimum period has elapsed, you can also ask us to erase your records.
We also use analytical and statistical tools that monitor details of your visits to our website and the resources that you access, including but not limited to, traffic data, location data, weblogs and other communication data (but this data will not identify you personally).
We use Google products including: Google Analytics, Google Search Console and Google Adwords. We use these products to understand how the website is being used in order to improve the user experience. User data is all anonymous. The types of data collected includes: IP address, browser-generated information e.g. browser type, operating system, date and time of access, how long a person looks at a website, what they look at etc. Click here for an overview of Google’s privacy policies.
The legal basis for our use of your information
We may hold and process personal data that you provide to us in accordance with the GDPR.
The information that we collect and store relating to you is primarily used to enable us to provide our services to you, and to meet our contractual commitments to you, including internal record keeping. In addition, we may use the information for the following purposes:
To notify you about any changes to our website, such as improvements or product/service changes that may affect our service
If you are an existing customer, we may contact you with information about products and services similar to those that were the subject of a previous sale to you and that we think may be of interest to you
If you have consented to receive our e-newsletters, we will include you in our monthly newsletter sends, which you can opt out of at any time
Disclosure of your information
We may disclose your information to regulatory bodies to enable us to comply with the law and to assist fraud protection and minimise credit risk.
Please note that we do not reveal information about identifiable individuals to our advertisers, but we may from time to time, provide them with aggregate statistical information about our visitors.
Controlling the use of your data
If you have given us consent to use your data for a particular purpose, you can revoke or vary that consent at any time. If you do not want us to use your data or want to vary the consent that you have provided you can write to us at Hitchin Osteopathy, 9 Alexander House, 40a Wilbury Way, Hitchin, Herts SG4 0AP, or email us at email@example.com.
Where we store and transfer your data
As part of the services offered to you, for example through our website, the information you provide to us may be transferred to and stored in countries outside of the European Economic Area (EEA) as we use remote website server hosts to provide the website and some aspects of our service, which may be based outside of the EEA, or use servers based outside of the EEA – this is generally the nature of data stored in “the Cloud”. It may also be processed by staff operating outside the EEA who work for one of our suppliers, e.g. our website server host, or work for us when temporarily outside of the EEA.
We do not use or disclose sensitive personal data, such as race, religion or political affiliations without your explicit consent.
Otherwise, we will process, disclose or share your personal data only if required to do so by law or in the good faith belief that such action is necessary to comply with legal requirements or legal processes served on us or our website.
You have the right to opt out of us processing your personal data for marketing purposes by contacting us at firstname.lastname@example.org.
Some emails that we send you have no tracking in at all, e.g. service emails with invoices attached. Other emails include tracking so that we can tell how much traffic those emails send to our site, but we do not know who has clicked so the data is anonymous, e.g. our monthly newsletter. For some emails we can track, at an individual level, whether the user has opened and clicked on links in the email. We use the latter information at a personal level, to understand open and click rates on our emails to try to improve them. If you want to be sure that none of your email activity is tracked, then you can opt out of Hitchin Osteopathy’s emails which you can do by emailing “UNSUBSCRIBE” to email@example.com.
The transmission of information via the internet or email is not completely secure. However, we have put security measures in place by installing a Secure Socket Layer (SSL) on our website which encrypts all data submitted via the online contact forms and web forms and protects your personal data. We cannot guarantee the security of data while you are transmitting it to our site; any such transmission is at your own risk. Once we have received your personal data, we will use our strict procedures and security features to try to prevent unauthorised access.
Third party links
You may find links to third party websites on our website. These websites should have their own privacy policies, which you should check. We do not accept any responsibility or liability for their policies whatsoever as we have no control over them.
On many of the pages of our website you will see ‘social buttons’. These enable users to share or bookmark the web pages. There are buttons for: Twitter, Facebook, LinkedIn, Instagram, Google+ and YouTube. In order to implement these buttons and connect them to the relevant social networks and external sites, there are scripts from domains outside of [insert company name]. You should be aware that these sites may collect information about what you are doing on the internet, including on Hitchin Osteopathy’s website. So, if you click on any of these buttons, these sites will be registering that action and may use that information. In some cases, these sites will be registering the fact that you are visiting Hitchin Osteopathy and the specific pages you are on, even if you don’t click on the button while you are logged into their sites. You should check the respective privacy policies of each of these sites to see exactly how they use your information and to find out how to opt out, or delete, such information if you wish.
We want you to be absolutely confident that we are treating your personal data responsibly, and that we are doing everything we can to make sure that the only people who can access that data have a genuine need to do so.
The GDPR gives you the right to access information held about you by us. Please write to us or contact us by email if you wish to request confirmation of what personal information we hold relating to you. You can write to us at Hitchin Osteopathy, 9 Alexander House, 40a Wilbury Way, Hitchin, Herts SG4 0AP, or email us at firstname.lastname@example.org to charge for requesting that we provide you with details of the personal data that we hold. We will provide this information within one month of you requesting the data.
You have the right to change the permissions that you have given us in relation to how we may use your data. You also have the right to request that we cease using your data or that we delete all personal data records that we hold relating to you. You can exercise these rights at any time by writing to us at Hitchin Osteopathy, 9 Alexander House, 40a Wilbury Way, Hitchin, Herts SG4 0AP, or email us at email@example.com.