The Twyford Clinic Privacy & Data Protection Policy
General Data Protection Regulation (GDPR)
This policy sets out how The Twyford Clinic uses and protects any information that you give us when you seek treatment or use our website.
The Twyford Clinic is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified, then you can be assured that it will only be used in accordance with this privacy statement.
The Twyford Clinic may change this policy from time to time by updating this page. Please check this page when required to ensure that you are happy with any changes. This policy is effective from 14th September 2018.
Lawful Basis for Holding and Using Client Information
We need to retain some information in order to provide you with the best possible treatments, support and advice. The lawful basis under which we do so is known as legitimate interest. As we hold special-category data – specifically health-related information – the additional condition under which we keep and use this is to fulfil our role as healthcare practitioners.
What Information Do We Hold and What We Do With It?
In order to give treatments, we naturally ask for and keep information about your health. We only use this to inform decisions in relation to treatments, though, and to give advice as a result of treatments. The information we hold is:
- Your contact details
- Medical history and other health-related information
- Treatment details and related notes
Email Communication Services
We may use your information to contact you via email with any service updates, special offers or informative newsletters. You can choose whether to opt in to these emails when completing your registration form at your initial assessment with The Twyford Clinic. Will not disclose any of your details to any third party marketing entities.
Protecting Your Personal Data
The Twyford Clinic is committed to ensuring that your personal data remains secure. To prevent unauthorised access or disclosure of information, we use appropriate technical, physical and managerial procedures to safeguard it.
You have the absolute right to have your data removed from The Twyford Clinic’s systems at any time. Please contact our data protection officer via email: Phil@thetwyfordclinic.co.uk if you would like to request deletion. You will be contacted with 48 hours of any such request being made to confirm that your request has been actioned.
If you do not agree to The Twyford Clinic keeping data about you/your treatments, or if you don’t allow us to use the information in the way we need, we may not be able to treat you. Also we have a legal requirement to keep your records of treatment for eight years from the date of your last treatment or until the age of 25 if you attend as a minor, which may mean that even if you ask us to erase your details, we might have to keep them securely until after that time.
What Are Cookies?
A cookie consists of information sent by a web server to a web browser, and stored by the browser. The information is then sent back to the server each time the browser requests a page from the server. This enables the web server to identify and track the web browser.
Most browsers allow you to reject all cookies, whilst some browsers allow you to reject just third party cookies. For example, in Internet Explorer you can refuse all cookies by clicking “Tools”, “Internet Options”, “Privacy”, and selecting “Block all cookies” using the sliding selector. Blocking all cookies will, however, have a negative impact upon the usability of many websites.
Links to other websites
The Twyford Clinic website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
GDPR gives you the right…
- To be informed: to know how your data will be held and used – this notice.
- Of access: to see our records of your personal information, so you can verify it.
- To rectification: to make changes to your data if it’s incorrect or incomplete.
- To erasure/the right to be forgotten: to request we erase your information
- To restrict processing of personal data: to request limits on how we use your data
- To data portability: under certain circumstances, you may request a copy of electronically -held personal information so that you can reuse it in other systems.
- To object: to say you don’t want us using parts of your data, or only using it for certain purposes.
You also have rights in relation to automated decision-making and profiling, and the right to lodge a complaint with the Information Commissioner’s Office if you feel your data is incorrect, being stored unnecessarily, or used in a way for which you’ve not given permission.
If you’re dissatisfied with our response, you may complain to the Information Commissioner’s Office.