Who are we?
St James Chiropractic Clinic is a chiropractic and craniopathy clinic providing a range of chiropractic and health care services to a range of patients.
In order to provide an effective service to our patients it is necessary for us to process personal data, including sensitive personal data therefore acting as a data controller under the GDPR.
Your personal details
Your personal details may be given to us in a variety of ways, including, but not limited to the following:
- When you register for our services or for care given by us.
- When you use our website to make appointments for treatment at the clinic.
- When you attend the clinic for care.
- Medical records which may be given to us by you, or a third party in order for us to provide the correct care and rehabilitation methods to you.
We must have a legal basis for processing your personal data. For the purposes of being able to provide the best course of treatment and care for you we will only use your personal data in accordance with the terms of the following statement.
What are your rights?
- The right to be informed about the personal data that we process on you.
- The right of access to the personal data that we process on you.
- The right to rectification of your personal data.
- The right to erasure of your personal data in certain circumstances.
- The right to restrict processing of your personal data.
- The right to data portability in certain circumstances.
- The right to object to the processing of your personal data that was based on a public or legitimate interest.
- The right not to be subjected to automated decision making and profiling, and
- The right to withdraw consent at any time.
Where you have consented to us processing your personal data and sensitive personal data you have the right to withdraw that consent at any time by contacting the following e-mail address which is fully monitored by a trained individual:
Legal bases for processing your data
We believe that we have a legitimate interest in processing your data for the purposes of being able to access your personal data and sensitive personal data to decide on the best course of action, care, treatment and rehabilitation methods.
By processing your personal data, we believe that we are able to offer a more bespoke and personal care service and that this is in all party’s best interests.
Our organisation provide a service of care and treatment to patients. Information that we retain includes, but is not limited to the following:
- Details of your key contact methods, including addresses, email addresses, phone numbers.
- Medical records of all nature from sessions held with our practitioners, along with notes made from your past and present medical history
- Emails which may include personal data which have been sent to and from our organisation.
- Details of payments you have made, or are due to make
- Methods of payments that you have used
We retain this information as we believe that it falls within our legitimate interest in providing our services to our clients.
Giving your consent
Sometimes it will be necessary for us to obtain your consent to process and hold your data, in particular when processing sensitive data. In cases such as this you have the following rights:
- You have to give your consent freely
- You have to know what you are consenting to
- You should be able to control your consent
- We will keep a record of your consent
- You have the right to withdraw your consent
Collection of personal data
When working with patients and clients across our centre, we will collect data that will help us ensure a good and fair and effective relationship. Data we collect for this purpose will usually be basic, but will help us provide the correct and efficient treatment for our patients. This data could include, but is not restricted to:
- Date of Birth
- E-Mail Addresses
- Phone numbers
- IP addresses if you visit our website and agree to our cookies policy
- Car Registration numbers, should you visit us at our clinic, via our CCTV system.
- Details of your medical history including images and x-rays
- Details of payment methods and payments that you have made, or due to make
We collect personal data from you in the following ways:
Personal data that you give us:
- You contact us by phone or email
- We contact you by phone or email
- Information that you give us in person when you visit the centre
- When you make appointments and communicate with us via our website
- Personal data we receive from other sources
- Medical records that may be shared with us upon request
Personal data that we receive automatically:
- IP Addresses
- Information and data we collect via marketing tools and by using our website and opening emails.
Using your Personal Data
Our primary function is to provide you with health care, and in particular chiropractic treatment from our trainer practitioners. We will process your data in the following ways:
- Storing your data on our database or in our records system, enabling us to keep a history of your condition, and use the data to provide effective care and treatment.
- Recording notes, observations, treatments, images, or any other detail from your appointments that will help us provide care
- For targeted marketing campaigns
- To help establish, exercise or defend a legal claim
Sensitive Personal Data
From time to time we may need to collect and retain sensitive personal data such as
- information about health and medical conditions.
- Details on a scenario that may be sensitive or be deemed private and confidential, or one of the protected characteristics under the equality act.
In these scenarios, we will ask for your explicit consent, and you may withdraw this consent at any time.
If you have contacted us in the past, for example to use our services or attended the clinic for another service, we may use your details to send you details of services and opportunities that may benefit you. For any further marketing we will need your consent.
If you do not wish to receive any marketing from us, you may withdraw your consent at any time by unsubscribing through our email system. You may unsubscribe at any time.
Who we share your personal data with
We share your data with a variety of other parties during the course of conducting our business, in a number of ways, for a number of reasons.
They are as follows:
- Third party IT companies with whom we are contracted to and have appropriate processing agreements
- Third party services providers who perform work on our behalf (e.g. auditors, accountants)
- Tax and local authorities to enable us to comply with laws and regulations
- Marketing technology providers
How we safeguard your personal data
We make sure that all of your date is safe by using a range of technical safeguards. We also ensure that operationally we are sound and have carefully followed procedures and awareness within the business. We train our staff regularly and ensure we refresh knowledge when and where necessary.
In addition to these day to day safeguards, we also have a process in place to deal with any suspected breach of data.
If you suspect that your data has been misused, or has been compromised please contact us immediately at firstname.lastname@example.org
Keeping Your Data
We promise that we will never retain the data we hold on you longer than we need it. Sometimes we have to keep your data to comply with tax, legal or regulatory issues. We also hold your medical records for 8 years to ensure that we are able to give the correct advice, and care.
For the purposes of this policy, relevant contact means:
- Communicating with us via email, telephone or mail
- Attending appointments or sessions at the clinic
- Clicking through from any of our email communication.
Our website stores a number of different cookies on the computer or device that you use to access our website. Cookies are small text files used by browsers to store small bits of information about a device or computer, such as preferred settings or preferred languages.
Cookies do not take up much space (unless you have thousands of them) and cannot contain viruses or other harmful code.
The majority of our cookies are category 2 cookies, although other websites/services that we use, such as Facebook may store category 3 cookies on your computer when you visit our website or share content.
If you wish to complain about this privacy notice or any of the procedures set out in it please contact us on this email address which is monitored by a trained individual:
You also have the right to raise concerns with the Information Commissioner’s Office on 0303 123 1113 or at https://ico.org.uk/concerns/, or any other relevant supervisory authority should your personal data be processed outside of the UK, if you believe that your data protection rights have not been adhered to.
St James Chiropractic Clinic,
The Old Thatched House
219 Romsey Road