GENERAL DATA PROTECTION REGULATION

(GDPR 25th May 2018)

When you supply your personal details at consultation they are stored and processed for 3 reasons:

  1. A Registered Osteopath has a legal obligation to maintain medical notes in order to provide you with treatment.
  1. Provided I have your consent, we would like to contact you in order to confirm appointments with us or update you on matters related to your medical care. Under GDPR this is known as Legitimate Interest.
  1. Again, provided I have you consent, we may occasionally send you general health information in the form of articles, advice or newsletters.  This, too, constitutes “Legitimate Interest” under the GDPR.

I have a legal obligation to retain your records for 8 years after your most recent appointment (or age 25, if this is longer), but after this period you can ask us to delete your records if you wish. Otherwise, I will retain your records indefinitely in order that I can provide you with the best possible care should you need to see us at some future date.

Your records are stored:

  • Currently stored on paper, in locked filing cabinets.
  • Contact details are on reception computer. This is password-protected, backed up regularly, with updated virus protection. The Health Centre is locked and alarmed out of working hours.

I will never share your data with anyone who does not need access without written consent. Only the following people will have full access to your data:

  • Your Osteopath in order that they can provide you with treatment.

Limited access to contact details:

  • The reception staff, because they organise the clinic diary, coordinate appointments and reminders.

They do not have access to your medical history or sensitive personal information.