Backs to Basics Osteopathy Privacy Policy

We, Backs to Basics Osteopathy (UK) Ltd (‘Backs to Basics’), as the Data Controller who can be contacted at 127 New Road, Croxley Green, Rickmansworth, WD3 3EN (‘We’) are committed to respecting your privacy and complying with applicable data protection and privacy laws. We ask that you read this privacy policy (‘Policy’) carefully as it contains important information about how we will use your personal data.

We have provided this Privacy Policy to help you understand how we collect, use and protect your information when you visit www.backstobasics.com on which this Privacy Policy is posted (each, a “Website” and, collectively the “Websites”), or otherwise communicate with us, for example by phone or in writing by mail, e-mail or social media. We wish to help you make informed decisions, so please take a few moments to read the sections below and learn how we may use your personal information.

Our use of any information we collect about you when you visit a Website will be governed by this Privacy Policy.

Who are we?

Osteopaths diagnose and treat health conditions. Treatments are carried out in accordance with the Institute of Osteopathy’s patient charter http://www.iosteopathy.org/osteopathy/the-patient-charter/. The practice may also provide other treatments, about which our staff will be pleased to provide more details.

What personal information may we collect about you?

Backs to Basics can collect information about you when you use our website, contact form, send us an email, call us on the telephone, send us information through the post, contact us by social media, fill out a form in our clinic and/or when you verbally give us information in our clinic. However, we may also collect information we observe about you, for example via cookies when you visit one of our websites, and/or CCTV footage when you visit our practice.

Below we list some of the most common categories of personal information we may collect about you.

* Your contact details (including, name, title, postal addresses, telephone numbers and email addresses) to keep in touch with you;

* Demographic information such as age, height, weight, gender, employment history, leisure interests and family dependencies so that we can best advise you when providing you with our services;

* Any personal information you choose to give us when contacting us, during the registration process and/or during a consultation;

* Sensitive personal information such as detailed medical information, medical case notes, medication treatment and/or any other issues affecting your health and/or your families health which may affect your treatment. This is to provide you with the necessary treatment/support/advice when utilising our services;

* Payment details for payment of services;

* Other operational personal data created, obtained, or otherwise processed in the course of carrying out our business activities, including but not limited to, CCTV footage and logs of accidents, injuries and insurance claims.

How do we use your personal information?

We collect and use information about you if you visit our website, utilise our services, make patient enquiries and/or send other communications.

Your relationship with us will determine why we collect particular information about you. We collect your personal data because you have consented for us to do so; We may be required by law to collect certain information; require it in order to perform a contract, or prior to entering into a contact, with you; or use it for our legitimate business interests where these do not override your rights or interest.

We may collect and use your information to:

* Supply you with goods and/or services that you have requested, including but not limited to Osteopathic treatment, selling orthotics;

* Effectively respond to and deal with your query in the event that you contact us;

* Send you an email to inform you of your appointment;

* Ensure you see relevant and interesting content on our website(s) using your electronic information (cookies);

* Process information that is required or requested by regulatory bodies or law enforcement agencies;

* Investigate, respond to and/or process any complaints, claims for loss, damage and/or injury;

* Prevent and/or detect crime;

* Monitor the safety of our employees and/or contractors;

* Facilitate your access to our on-site facilities;

* Any other processing for which you have indicated your consent.

Who has access to your personal information?

Your information will be processed by employees of Backs to Basics in order to fulfil our obligations to you as outlined in this notice. We may also share your details with third parties including:

* Contractors working on behalf of or in partnership with Backs to Basics;

* Other medical practitioners linked to your treatment, e.g. GP (this will only be provided with your consent);

* Our third-party suppliers/service providers who are Backs to Basics data processors under contract, support our systems, operations and/or processes;

* Insurance companies who are funding your treatment;

* Law enforcement or other regulatory bodies who can legally request access to information about you for prevention and detection of crime and/or the apprehension or prosecution of offenders.

Information security and International Transfers

Backs to Basics are committed to being transparent and keeping your information secure. We are also obliged to tell you where we use services that transfer your information internationally.

We have a strict selection process when it comes to our suppliers/ service providers and we enforce strict requirements within our contracts to ensure your data is kept within safe hands.

It may be necessary to transfer your data to suppliers/service providers where we rely on storage, system and administrative support from outside the European Economic Area* therefore the processing of your data may involve a transfer of data to countries outside of the United Kingdom.

*The European Economic Area (EEA) currently comprises the Member states of the European Union plus Norway, Iceland and Liechtenstein.

The table below outlines the instances where your information may be transferred outside of the EEA.

Service: Location: Server /Cloud Hosting (‘Cliniko’) Australia

We take all reasonable steps to ensure that your personal data is processed securely.

We have entered into contracts with all our national and international suppliers and service providers which include EU approved clauses concerning the protection of the data transferred.

How long will you keep my personal information?

Information is only kept as long as necessary for the period it is required. When deciding how long we keep your information we take into account any minimum retention requirements set out in law. Depending on the purpose for which we hold your hold your personal data, retention periods may vary. We will hold your personal data for at least a minimum of 8 years after your last consultation or if a patient is a child, until their 25th birthday. This is in line with the Osteopathic Practice Standard D6(3).

What rights do I have with regards to my personal data?

To exercise your privacy rights please send your request in writing. We may be required to verify your identity for security purposes. Your rights are outlined below:

o The right to access information we hold about you, why we have that information, who has access to the information and where we obtained the information from.

o The right to correct and update the information we hold about you. If the data we hold about you is out of date, incomplete or incorrect you can inform us and your data will be updated.

o The right to have your information erased. If you feel we should no longer be using your data you can request that we erase the data that we hold. Upon receiving a request for erasure we will confirm whether it has been deleted or a reason why it cannot be deleted (for example because we have a legal obligation to keep the information or we need it for a legitimate business interest)

o The right to object to processing of your data. You may request that we stop processing information about you. Upon receiving your request we will contact you and let you know if we are able to comply or if we have legitimate grounds to continue to process your data. Even after you exercise your right to object, we may continue to hold your data to comply with your other rights or bring or defend legal claims.

o The right to data portability. You have the right to request that we transfer your data to another controller.

We will comply with your request where it is feasible to do so, within 30 days of receiving your request. There are no fees or charges for the first request. However additional requests for the same data may be subject to an administrative fee of £25 per request.

To exercise your rights please do so by writing to:

Backs to Basics Osteopathy

127 New Road

Croxley

WD3 3EN

Or email us at admin@backstobasiscs.com

Consent

Where we need your consent to hold your information we will ask you to confirm your consent in writing and we will inform you why we are collecting the information, how we will use it, how long we keep it for, who else will have access to it and what your rights are as a data subject. Where we do rely on consent you have the right to change your mind and withdraw that consent at any time. If you withdraw your consent we will immediately cease using any personal information obtained and processed under that consent unless we have some other legal obligation to continue to use it.

What can I do if I am not satisfied with how my personal information is processed?

At Backs to Basics we aim to ensure all information collected about you is done so fairly and lawfully, whilst implementing robust measures to keep your information secure. If you are not satisfied with the information provided in this notice, please contact us in the first instance so we can resolve your queries or provide you with any additional information required.

Alternatively it is your right to contact your local Data Protection Authority and lodge a complaint. In the UK the lead Data Protection Authority is the Information Commissioner. For more information please visit the Information Commissioner’s office at www.ico.org.uk/concerns or call them on 0303 123 1113.

Backs to Basics Use of Cookies

A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The

web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

If you have any queries in relation to this notice, or need more information please do not hesitate to contact us at:

Backs to Basics Osteopathy
127 New Road
Croxley
WD3 3EN

Or email us at admin@backstobasiscs.com