The General Data Protection Regulations (GDPR) come into force on 25th May 2018 to replace The Data Protection Act 1998. This privacy policy has been produced in response to these new requirements for us to be transparent in the way in which we process your personal information. This notice explains what data we collect, the purposes for which it is used and how we keep your information private as required under the General Data Protection Regulations 2018.
Wheatley foot & Body Clinic Is the Data Controller. Wheatley Foot & Body clinic is the trading name for Gemma Johnson BSc MRCPod, William Johnson-Coleman BSc MSMA, Lynn Grandi Dip FH and Jennifer Williams Dip FH.
Any enquiry regarding Data Protection should be made to Gemma Johnson, Wheatley Foot & Body Clinic, Unit 15 Wheatley Business Centre, Old london road, Wheatley, Oxford, OX33 1XW
Information Collected
Contact Information: To make appointments you will normally provide us with certain information, such as your name, email address, postal address, DOB, medical information and payment information. This may be done over the phone or via e-mail.
When you attend the clinic or a therapist visits your house you are asked to complete a registration form, which ensures the information we hold is up to date and enables the appropriate consents to be documented where applicable. We may also collect information of next of kin, but they would only be contacted in the case of vital interest (if you were taken seriously ill whilst in clinic) It is in our legitimate interest to process this data.
Clinical Information: To establish the nature of your symptoms and provide effective treatment and management, we am bound by our professional duty of care to ask you about and record your symptoms and medical information. This information is normally given by you but we may also receive it from the medical professional who has referred you. As registered Health Professionals we are required by law to keep records of our assessment and treatment of your physical health condition and medical history. Therefore, in addition to our legitimate interest we also have a legal obligation under GDPR to keep and maintain clinical records.
Payment/funding information: If you are self funding you may wish to pay by credit or debit card, in which case we will make card transactions using a third party provider for this service. we comply with PCI DSS (payment card industry data security standards) and currently use sumup to process card transactions. We do not print or store card receipts. If you pay by telephone with your card no information is stored for use at a later date.
We also keep financial records using accounting software in order to maintain accurate accounts and fulfil our legal accounting and taxation obligations. This information includes name, address, accounts payable, dated invoices or receipts of payment and insurance membership numbers or claim numbers.
Information Sharing and Disclosure
Information about our patients/customers is important to our business. We share your personal information for very limited reasons and in limited circumstances, as follows:
• Medical professionals. With your consent we will share information with medical professionals such as your GP or consultant to allow continuity of care.
• Business transfers. If we sell or merge our business, we may disclose your information as part of that transaction, only to the extent permitted by law and with your consent.
• Compliance with laws. We may collect, use, retain, and share your information if we are legally required to.
How long is your information kept?
We are required by law to retain Medical records for a minimum of eight years, or until children reach 25 years old. Records that are disposed of are done so securely by shredding in-house.
How is your data stored and protected?
Your name and contact details are stored on our dedicated work mobile’s which is encrypted and password protected. We keep a paper diary with your name an appointment details which is stored securely in a locked filing cabinet when not in use.
Physical clinical records are stored securely as hard copies in a locked filing cabinet within the clinic and not removed from the premises unless on our person to visit you at home.
Appointment booking, computerised note writing and Accounting software is stored on our computers and has restricted access control and is password protected.
Data Breach
We take the protection of your information seriously. We have put in place appropriate technical and organisational measures to mitigate the risk of a data breach. However, it is recognised that no system is 100% fail-safe. If we become aware of a data breach this will be investigated promptly and the required action taken as soon as practicable. It will be assessed and reported to ICO if necessary.
Your Rights
You have the right to
• request what information we hold about you
• to have your information kept up to date and rectify any errors.
• ask us to stop processing some of your data. However this is not an absolute right and may be overridden by our legal or contractual obligations to retain the data.
• to withdraw your consent at any time for those purposes for which it has been explicitly sought.
You may request details of the information that we hold about you by writing to Gemma Johnson, William Johnson-coleman, Lynn Grandi or Jennifer Williams at the clinic address.
