Who we are
Our website address is: https://cloverchiropractic.co.uk.
This document sets out why we collect your personal data and what we do with it.
We are allowed to process your data only if we have a legitimate reason to do so, such as when it is in our joint legitimate interest in order to provide you with treatment, when you consent to it or in order to comply with aspects of the law.
When you supply your personal details to Clover Chiropractic, they are stored and processed for the following reasons:
We need to be able to identify you, provide a service and take payments.
We need to collect your personal health related information in order to provide you with treatment. By contacting us and requesting treatment and our agreement to provide you with treatment constitutes a contract. If you were to refuse to provide the information, we would not be able to provide you with any treatment.
We have a legitimate interest in collecting your health information because without this we could not provide you with the level of care or treatment which is specific and tailored to your health or contact you about your health, when needed.
We believe that it is your legitimate interest that we are able to contact you to confirm your appointments with us or to update you on matters related to your care.
We need to collect personal details in order to respond to you when you have provided us with feedback regarding your care and our service.
Marketing or informative communications
Provided we have your consent, we may occasionally send you communications in the form of articles, advice or newsletters/offers. If you have not expressly provided this consent and you were added to our system before 25th May 2018, we will continue to contact you legitimately under ‘soft opt in’ because a relationship already exists. You are our patient and you have accessed our services in the past. After 25th May 2018, new patients need to expressly opt into marketing preferences.
You can always withdraw your consent to receiving any of our marketing communications. Every communication will give you a clear option to unsubscribe.
Comments
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service Privacy Policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.
Media
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Cookies
If you leave a comment on our site you may opt in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
Online
Our website uses cookies. A popup will let you know that by continuing to use our website you consent to our Cookie Policy (accessible on the website). You can always choose to withdraw your consent by setting your browser to reject cookies.
Phone calls
We do not record phone calls.
Who we share your data with
If you request a password reset, your IP address will be included in the reset email.
How long we retain your data
Medical requirement
Legally, we have an obligation to retain your medical records for anyone up to the age of 25 or for 8 years following your most recent appointment. After this period you have the right to be forgotten and you can ask us to delete your records. Otherwise, your records will be retained indefinitely in case you come back to see us in the future. We would then be in the best position to resume your care.
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
Storage of data
Patient records are stored on paper files, in clinics which are always locked in and out of hours. Your records are also stored electronically, using specialist software for managing our patient base and diary management. A bespoke database, Cliniko and/or Practice Hub supplies the software for these services. Practice Hub does not move or process data outside of the European Union/European Economic Area (EU/EEA) but Cliniko does process data outside of the EU/EEA. In order to do so and remain compliant with GDPR, Cliniko has issued us with a Data Protection Addendum (DPA) which includes Standard Contractual Clauses (also known as “Model Clauses”), which are an approved set of provisions that offer sufficient safeguards and protection for data that’s processed outside of the EU/EEA. The DPA provides appropriate safeguards for the transfer of data outside of the EU/EEA, as mentioned in Article 46, 2) c) of the GDPR legislation.
Access to data is password protected, with passwords being changed regularly. Our office computers are password-protected and access to Cliniko and Practice Hub is password protected. Different users have different levels of access depending on the requirement for them to have this access.
Safety & Security
CCTV Audio and Video recording is running in public areas at the entrance to ensure the safety and security of our premises, our staff and our customers whilst within our clinics; this is in our joint interest. No recordings of any type take place in any treatment areas other than still images for the purpose of postural analysis.
CCTV is not used for training or marketing purposes but can be relied upon to establish the facts and provided to the authorities as deemed necessary. Recordings are stored securely on an encrypted server by Ring for 10 days after which it is automatically and permanently deleted.
Access to any recordings is limited to only senior management when there is legitimate reasons for viewing it and is secured with passwords.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where your data is sent
Visitor comments may be checked through an automated spam detection service.
Concerns or complaints
If you have any concerns or complaints with how we have dealt with your personal data, you have the right to complain. Complaints or any general queries need to be sent to our Data Controller; Ben Bacon, using the following e-mail address: bookings@cloverchiropractic.co.uk
Telephone number: 07815508729
Or write to us at:
Clover Chiropractic, 25 Westland Avenue, West Cross, Swansea SA3 5NP.
If our response is not satisfactory, you have the right to raise the issue with the Information Commissioner’s Office.
