Rebecca Rance Chiropractic

Under data protection law you, as a patient of R J Rance Chiropractic, have specific rights. To communicate these rights to you I am providing you with this privacy notice.

 

Data Controller

I am the data controller, my contact details are 45 Brookmead Drive, Wallingford, OX10 9BG. Tel No. 01491 832433, rrance@tiscali.co.uk.

​

The Personal Data I Process and What I Do With It

I am committed to protecting your privacy and will only use information collected lawfully in accordance with General Data Protection Regulation 2018.

 

The data I hold on you is the data collected from you at each appointment i.e. name, address, contact details, date of birth, social history and special category data such as medical history, diagnosis and treatment information. Your data is stored on paper record cards in locked filing cabinets and locked desk drawers in the clinic room when unattended. I am required to keep your personal data for a minimum of 8 years after the last appointment and for minors age 25 (or 26 if 17 at last appointment). I may retain your medical records at the end of any contractual requirement indefinitely to provide you, the patient with the best possible potential future care. If, however, you would like your data destroyed after the minimum 8 years please contact me using the details above. I hold electronic encrypted, password-protected copies of GP letters and Insurance invoices which will be deleted at the same time the paper record cards are destroyed. I also hold name, patient identifier, date of birth, contact details, status and archive date in an encrypted, password-protected database, for admin purposes only. The database data will be held indefinitely and will not be used by or accessed by anyone other than myself. Please note that I use texts and emails for appointment booking and reminders.

 

The lawful basis for processing your data is a contractual requirement i.e. it is necessary for the purposes of health diagnosis and treatment.

 

Your data is not processed or stored by anyone else and will not be shared by anyone else unless consent has explicitly been given, I am legally obliged to do so or to protect the health of the public.

​

Your Rights

You have the right to request data correction, erasure (after 8 years) or copies of your data and can do so by contacting me via the details above. Any request for copies of data held must be in writing, either by letter or email, with name, address, telephone number, email address and date of birth for identity purposes and must state clearly what information is being requested. I will need to verify your identity so may ask for a copy of your passport, driving license and/or recent utility bill. Once identity has been confirmed the data will be supplied within one calendar month. The first copy will be free of charge.

​

Data Breaches

Should your personal data that I control be lost, stolen or otherwise breached, where this constitutes a high risk to your rights and freedoms, I will contact you without delay. I will explain to you the nature of the breach and the steps I am taking to deal with it.

​

Complaints

If you are dissatisfied with any aspect of the way in which I process your personal data please let me know.  You also have the right to complain to the UK’s data protection supervisory authority, the Information Commissioner’s Office (ICO) via their website www.ico.org.uk