Privacy Policy

Our promise to you

Your privacy is very important to us, which is why we aim to make sure you are always in control of what we do with your personal information.

  • We will never pass on your personal details to anyone outside the Centre for them to use for their own marketing purposes.
  • We will ensure that we obtain your express consent before we contact you by any method for any purpose.
  • We will make sure our contact with you is relevant.
  • You can change your mind about contact at any time by contacting us at info@totnescommunityacupuncture.com, telephone us on 07895 780226 or write to us at: Totnes Community Acupuncture, Hope Close Bridgetown, Totnes TQ9 5YD. Remember, you may miss out on important news and promotions from us.
  • Your personal information will be stored safely and will remain secure at all times.
  • No personal information will be kept any longer than necessary in order to fulfil the purpose it was collected for.
  • In certain circumstances you can ask for the data we hold about you to be erased from our records.
  • We will always comply with the General Data Protection Regulation 2018. This regulation supersedes the  Data  Protection Act 1998 and all other applicable laws and EU Directives.
  • Please let us know if your details change so that we can keep it up to date and keep in touch.

The information we collect about you

We need to collect information about you so we can provide you with the best possible experience of using our services and in order to provide you with the most appropriate healthcare.

We only collect what is relevant and necessary for administering and providing your treatment.

The lawful basis on which we collect your notes ensures we fulfil our legal obligation to collect sufficient information for the legitimate purpose of making informed clinical decisions, in order that we may promote treatment for a variety of health problems. Such information comes under the special category of provision for health under article 9 2.(h) for sensitive data with the Information Commissioner’s Office.

In order to make appointments and for administrative purposes we will collect information about you. We will initially ask you for: patient name, address, email address, phone numbers. This data will be collected by our staff or practitioners when you contact us to make an appointment.

In order to provide you with health care treatment our practitioners may require detailed medical information. We will only collect what is relevant and necessary for your treatment. This is may include: date of birth, GP details, reason for your visit, past medical history, family medical history and current health status will be collected at clinic on arrival. All information is given by you or your carer, parent or legal guardian. This data will be collected through completing a pre-consultation form as part of our registration process before you see a practitioner for the first time. Your practitioner may collect further clinically relevant information in your appointment.

In order to give you a better experience of our website and applications we automatically track identifying information such as Internet Protocol (IP) addresses. Our website (hosted by WordPress) also uses Cookies, a text file that is stored on your computer or mobile device by a website’s server. Each cookie contains anonymised information about how you use our website. This can help us improve our website and deliver a more personalised service for you.

We want to protect the privacy of children aged 16 or under. If you are 16 or under you must ensure you have the permission of your parent / guardian before you provide us with any personal information.

How we store the information we collect about you

None of your personal information will be kept for any longer than is necessary in order to fulfil the purpose for which it was collected. You have the right to ask us to amend our records and in certain circumstances you can ask for the data we hold about you to be erased from our records.

Your clinical records cannot be deleted before statutory requirements for data retention – 8 years or up to 25 years of age for children aged 16 or under.

Clinical records are archived after one year.

How secure is your data?

Access to your clinical records is restricted to practitioners and administration staff.

All electronic data is password protected and access to information is restricted. Systems are kept updated.

How do we dispose of it?

Your paper clinical records will be destroyed by secure shredding after 8 years or 25 years of age for children under the age of 16.

Your electronic records will be deleted from our system after 8 years or 25 years of age for children under the age of 16.

Your communication choices and changing your personal details

Your privacy is very important to us, which is why we make sure you are always in control of what we do with your personal information.

We want to keep you up to date about news, advice, services we provide, promotional offers and other information that may be of interest to you.

We will only do this if you have given us consent to use your email address for this purpose. You will be asked for your marketing preferences on your first visit.  We check patients still want to receive communications on a regular basis.

If you have given us consent to use your email address for this purpose, your email address will be stored on our secure password protected marketing database, Mailchimp (based in the US but signed up to the US Privacy Shield in order to protect your data). This is used solely for the purpose of the Centre (i.e. monthly newsletter).

We will never pass your personal details to anyone outside of Totnes Community Acupuncture for them to use for their own marketing purposes.

You can unsubscribe from this service  and update your personal information at any time by:

  • clicking the unsubscribe link on any promotional email you receive from us
  • contacting us by email at info@totnescommunityacupuncture.com
  • Telephoning us on 07895 780226
  • Writing to us at: Totnes Community Acupuncture, Hope Close, Bridgetown TQ9

If you unsubscribe from our marketing database you will automatically be removed and not contacted again.

Parents must give permission for communication with children aged 16 and under.

Data Sharing

Your clinical records are only shared with other persons with your permission. This would usually be with other health professionals, and only with your explicit consent. Data would extremely rarely be shared without consent if there was a legal order or in cases of serious safety risks.

Data Checks

We check a small percentage of our active patient’s data records to make sure they are accurate annually.

When a patient returns for treatment after a period of a year or more we always check their patient data is still correct and up to date.

You have the right to ask for your data to be updated at any time.

Your Rights as a Data Subject

At any point while the Centre is in possession of, or processing your personal data, you have the following rights:

  • Right of access – you have the right to request a copy of the information we hold about you.
  • Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
  • Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
  • Right to restriction of processing – where certain conditions apply you have a right to restrict the processing.
  • Right of portability – you have the right to have the data we hold about you transferred to another organisation.
  • Right to object – you have the right to object to certain types of processing such as direct marketing.
  • Right to object to automated processing, including profiling – you also have the right not to be subject to the legal effects of automated processing or profiling.

In the event that we refuse your request under rights of access, we will provide you with a reason as to why, which you have the right to legally challenge. At your request we can confirm what information we hold about you and how it is processed.

Making a Subject Access Request

All staff know that subject access requests must be responded to within a month and no charge can be made.

You can request the following information:

  • Identity and the contact details of the person or organisation (practitioner) that has determined how and why to process your data.
  • Contact details of the data protection officer, where applicable.
  • The purpose of the processing as well as the legal basis for processing.
  • The categories of personal data collected, stored and processed.
  • Recipient(s) or categories of recipients that the data is/will be disclosed to.
  • How long the data will be stored.
  • Details of your rights to correct, erasure, restrict or object to such processing.
  • Information about your right to withdraw consent at any time.
  • How to lodge a complaint with the supervisory authority (ICO).
  • Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and the possible consequences of failing to provide such data.
  • The source of personal data if it wasn’t collected directly from you.
  • Any details and information of automated decision making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing.

We will only release your personal information on receipt of a signed request form with photo ID and supporting documents from you, (or your guardian if applicable) or in exceptional circumstances to comply with legal obligations, regulations or valid governmental requests. Any data sharing is detailed in the your clinical record. A Data Subject Access Request form is available on request.

Your right to make a complaint

In the event that you wish to make a complaint about how your personal data is being processed by the Centre you have the right to complain to us. Our staff will provide you with a complaint form. If you do not get a response within 30 days, you can complain to the ICO.

The details for each of these contacts are:

Samantha Roderick,
Bridgetown Community Hall,
Totnes,

Devon TQ9 5YD.

Tel no. 07895 780226
E-mail: info@totnescommunityacupuncture.com

Information Commissioners Office  :  

Wycliffe House,
Water Lane,
Wimslow SK9 5AF

Tel no:  +44 (0) 303 123 1113
E-mail: https://ico.org.uk/global/contact-us/email

Our Confidentiality Policy

Our patients have trusted us to provide their care. As part of the practice team we all have a responsibility to maintain the trust of our patients. Our patients must be able to trust us with their information.

Confidentiality is a legal requirement but it is also of great value to us as a practice and therefore the whole practice team agree to make the following commitments:

  • Patient records and information will be stored securely when not in use
  • Practitioners and reception staff will only view patient information they need to see
  • Practitioners and reception staff will not access records unnecessarily
  • We will keep confidential who visits our practice, where they live, the date and times of their appointments and any other personal or medical details
  • We will not disclose information to relatives or friends of patients without permission from the patient
  • We will not discuss our patients or colleagues and breach confidentiality

It is a criminal offence to unlawfully obtain or access personal data. This applies to the access of patient data and has resulted in prosecutions in health care settings in the past.

If anyone asks you for patient information either face to face or on the phone, please explain to them our confidentiality policy. This will contribute towards their respect for our practice commitment to confidentiality.