This privacy policy provides details of the way Olivia Emmett Acupuncture processes personal data when you are a patient of the above practitioner.
Personal data is processed in accordance with the General Data Protection Regulation (regulation (EU) 2016/79) and other applicable national and European privacy legislation and regulations (together with “data protection law”)
Scope
This privacy policy applies to all personal data the above practitioner has in her possession.
To the extent the above practitioner decides why and how the personal data is processed, the above practitioner is a data controller of such personal data.
The above practitioner may possess personal data of her patients.
Purpose
The purpose of this privacy policy is to explain what personal data the above practitioner possesses and how it is stored. In addition, this privacy policy outlines the duties and responsibilities regarding its protection.
This privacy policy is not an exhaustive statement of the data protection practices, we will give you notice of variations to the extent practical.
Types of Personal Data
Patients
| Nature of personal data | Type of personal data | Purposes for processing (collecting/having/using etc.) | Most likely lawful basis and Article 9 condition (if special category personal data) |
|---|---|---|---|
| 1. Patients/prospective patients’ contact details – name, address, telephone number, email address | Personal data | a) necessary to make or rearrange appointments
b) to send them marketing materials |
a) Legitimate interests
b) Consent |
| 2. Permanent attendance register which records all patients attending your clinic | Personal data | a) Necessary to keep a record of when the patient was treated in the event of a criminal prosecution, civil action, insurance claim or complaint
b) Necessary as a record for tax purposes |
a) Legitimate interests
b) Necessary for compliance with a legal obligation to which the controller (you) is subject |
| 3. Patient’s date of birth | Personal data | a) Necessary to help identify patients with the same name to avoid mistakes being made as to safe and appropriate treatment
b) Necessary if referring patient to another health practitioner c) Necessary if writing to registered medical practitioner so that they correctly identify patient
|
a) Legitimate interests
b) Legitimate interests c) Legitimate interests |
| 4. Presenting complaint and symptoms reported by the patient | Special category | Necessary for full traditional diagnosis, treatment strategy and treatment planning | Legitimate interests and
processing is necessary for the purposes preventative medicine, medical diagnosis, the provision of health treatment pursuant to contract with a health professional and the data is processed by the professional subject to the obligation of professional secrecy under EU or UK law |
| 5. Relevant medical and family history | Special category | Necessary for full traditional diagnosis, treatment strategy and treatment planning | Legitimate interests and
processing is necessary for the purposes preventative medicine, medical diagnosis, the provision of health treatment pursuant to contract with a health professional and the data is processed by the professional subject to the obligation of professional secrecy under EU law |
| 6. GP’s name and address | Personal data | Necessary in the event that you need to contact a patient’s GP including in an emergency | Legitimate interests |
| 7. Your clinical findings | Special category | Necessary for full traditional diagnosis, treatment strategy and treatment planning | Legitimate interests and
processing is necessary for the purposes preventative medicine, medical diagnosis, the provision of health treatment pursuant to contract with a health professional and the data is processed by the professional subject to the obligation of professional secrecy under EU law |
| 8. Any treatment given and details of progress of the case, including reviews of treatment planning | Special category | a) Necessary when reviewing diagnosis, treatment strategy and planning.
b) Necessary in the event of criminal proceedings, a civil claim, an insurance claim or complaint. |
a) Legitimate interests and
processing is necessary for the purposes preventative medicine, medical diagnosis, the provision of health treatment pursuant to contract with a health professional and the data is processed by the professional subject to the obligation of professional secrecy under EU law. b) Legitimate interests and processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity. |
| 9. Any information and advice that you give, especially when referring the patient to any other health professional | Special category | Necessary in the event of criminal proceedings, a civil claim, an insurance claim or complaint. | Legitimate interests and
processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity. |
| 10. Any decisions made in conjunction with the patient | Special category | Necessary in the event of criminal proceedings, a civil claim, an insurance claim or complaint. | Legitimate interests and
processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity. |
| 11. Accident records for patients, practitioner and staff (if any) | Special category | Necessary to comply with accident reporting legislation. | Necessary for compliance with a legal obligation to which the controller (you) is subject
and Processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller (you) or of the data subject (the patient/employee/injured person) in the field of employment and social security and social protection law in so far as it is authorised by EU law. |
| 12. Adverse incident reports if they identify the patient rather than being completed anonymously | Special category if they contain details of the patient’s health, sex life, sexual orientation, racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership | Necessary for helping to develop safe practice guidelines, as well as providing research data and information for interested parties. | Probably:
Legitimate interests and processing is necessary for reasons of ensuring high standards of quality and safety of health care and of medicinal products or medical devices, on the basis of EU law which provides for suitable and specific measures to safeguard the rights and freedoms of the data subject (the patient), in particular professional secrecy |
| 13. Records of the patient’s consent to treatment, or the consent of their next-of-kin | Special category | Necessary to prove that the patient (and/or parent/guardian/next of kin) has given informed consent to treatment in the event of a civil claim, criminal proceedings, insurance claim or complaint. | Legitimate interests
and Processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity.
|
| 14. Records of subscribers to newsletters | Personal data | For marketing purposes | Consent |
| 15. Emails/online enquiries received from patients, prospective patients and third parties | Usually personal data
May contain special category data if email contains details of the individual’s health, sex life, sexual orientation, racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership |
This depends what data you collect from patients and prospective patients and why.
Above). Use emails and online enquiry forms to collect patients and prospective patients’ contact details for arranging appointments only. |
a) Please see answer 4 above.
b) Please see answer 1 above. |
Individual Rights
Individuals have rights under data protection law:
Inspection and Access: you can request a copy of your file or to get your file removed and shredded
Correction/Addition/Removal: where you believe your personal data is inaccurate or incomplete, you are entitles to request us to correct, amend or delete your personal data
Security Measures
Personal data is stored in a locked file cabinet and the key is kept in the possession of Olivia Emmett at all times
Personal Data Breach
The company will manage a data breach in accordance with the prescribed reporting procedure assigned by relevant laws
Data Retention
The company will keep personal data only for as long as the retention of such personal data is deemed necessary for the purpose for which that personal data are processed. Personal data is retained in accordance with relevant laws
Role and Responsibilities
The company is responsible for the retention and processing of personal data. Olivia Emmett has overall responsibility for the company’s compliance with the privacy policy and will be the primary point of contact in relations to
- The processing of personal data of the company’s current and previous patients
- The preservation of the security and integrity of the personal data processed by the company
Complaints Procedure
You can ask a question or make a complaint about the privacy policy and/or the processing of your personal data by contacting Olivia Emmett.
