We take your privacy very serious. This notice informs you of our policy about all information that we record about you. It sets out the conditions under which we may process any information that we collect from you, or that you provide to us. It covers information that could identify you (“personal information”) and information that could not.
Your personal data is processed fairly and lawfully in line with the GDPR (General Data Protection Regulation).
The practice is registered with the Information Commissioner’s Office (ICO).
Data Protection Officer(DPO) and Data Controller of the practice is owner Yvonne Bruehmann who will deal with any queries you might have.
Except as set out below, we do not share, or sell, or disclose to a third party, any information collected through our website.
All data we hold is received from you directly, through your consent or through Practitioner Services.
We don’t create derived or inferred data about the data we hold of you and we don’t plan to use this in future for any other purposes.
Our intended use is unlikely to cause individuals to object or complain.
We only hold data of you which we require in order to perform the contract between you and us providing you with our services.
As Health Care Providers we have a legal obligation to hold certain types of your personal data.
We hold data of you which is of legitimate interest to us and which you have been informed about, you consent and freely give to us.
If a basis on which we process your personal information is no longer relevant then we shall immediately stop processing your data.
Please be aware when you contact us through email or the contact form on our website that like any generic email account this is not encrypted and can be hacked into. Only volunteer the information you feel safe you can share with us this way.
Our website uses Google Analytics to help analyse how users use the site. “Cookies” are used, which are text files placed on your computer, to collect standard Internet log information and visitor behaviour information in an anonymous form. This including IP address is transmitted to Google which then evaluates visitors’ use of our website and produces statistics of the website activity. Google and us will not associate or seek to link your IP address with any other data held by Google. We will never use the statistical analytics tool to track or collect any Personally Identifiable Information of visitors to our site. We also will not allow any third party to do so.
We only share the individual components of your personal data with others as far as it is required.
Our website is directed to adults; it is not directed to children under the age of 13. We operate our site in compliance with the Children’s Online Privacy Protection Act, and will not knowingly collect or use personal information from anyone under 13 years of age.
The contact form on our website is only to be used by children aged 13 years and over. If you are younger please ask your parent or guardian to fill it in for you. If you don’t know what to do, please phone the practice and we can help you further.
We keep your name, address, contact details, date of birth, medical and dental records and Community Health Index number, name and contact of your guardian (if necessary) and any details you freely give to us so that we can help you in the best way. By law, we need to keep your data up to 11 years or until you are aged 25, whichever is longer.
It is always good to bring a parent or guardian with you when you come to see us.
If you are under age 16, bring your parent/guardian because they will need to fill in and sign forms for you which give us details about you and your health.
Your data is stored on password-protected computers with the latest anti-virus software. Premises are secured and alarmed and paper files stored in lockable cabinets to which only authorised staff hold the key to. Data is backed-up daily and stored in a secure place.
Personal data is reviewed, updated and deleted in a confidential and secure manner when no longer required.
Transfer of your clinical/medical records is only by post or encrypted email.
Staff are trained on up-to-date data protection requirements and their contracts include a clause regarding confidentiality and data protection.
You have the right to access the data we hold of you. Please put your request in writing to the practice owner Yvonne Bruehmann.
We will supply the requested information within one month. Where requests are complex or numerous we can extend this by up to a further two months.
A fee can be requested by the practice, but only restricted to requests which are manifestly unfounded or excessive.
Most of the personal data we hold of you we need to keep by law up to 11 years or until you are aged 25, whichever is longer. Card payment details we hold for 6 years and 11 months.
Your data is deleted in a confidential and secure manner when no longer required.
As a health care provider we need to comply with the law and are required to keep most of the data for the above listed periods of time.
However you can request immediate deletion of your contact phone numbers and/or email contact.