General Data Protection Regulation Laws 2018 (GDPR)
Find out how we keep your data safe.
As a client of Henley Podiatry and Health Therapies, we want to let you know how we will be keeping your information safe and complying with the GDPR laws coming in to place 25th May 2018.
Let us give you peace of mind that your details are safe with us.
The personal data we collect about you will include data relating to your name, date of birth, address, telephone number and email address. In the instance of our clinical based clients, medical history and health/medical insurance (if applicable) will be taken.
To have a medical treatment or consultation these details are required by law. If you do not agree to your medical history and personal details being taken, we are unfortunately unable to treat you (by law).
We will process your data to allow us to provide you with our services. Your data will also be used to manage future communications such as appointment confirmations and reminders, course/workshop and event details, and other communications about our products and services.
You are able to opt out of communication emails. However; it will be your responsibility to remember your appointment. (Remember we have a strict 24 hour cancellation period. Any late cancellations or missed appointments will be charged the full appointment fee!).
We will not share your data with any third party. However; as a medical provider there may be instances where the personal information of an individual needs to be shared. If this is necessary, we will always comply with all aspects of the Data Protection act (DPA). Where necessary or required (with your full consent) we share information with:
- Health professionals (e.g. your GP or specialist we are referring to)
- Social and welfare organisations
- Representatives of the person who's data we are sharing (e.g. parent/guardian, Power of Attorney, person named as 'in case of emergency').
- Health/Medical insurers
How we store your data
All data is stored on a secure server as part of our website or clinical database. Your clinical notes are saved for a period of up to 8 years, as required by law. All electronic data is password protected and only accessible by authorised individuals. We are registered with the ICO and comply with the Data Protection Act.
Computer browsing information – Log data:
Website log in and registering:
When making an online booking you will be required to enter details relevant to your required appointment (e.g. name, age and contact details). This will be secured securely on our securely encrypted medical database.
Purchases on our website:
We do not currently allow purchases via our website. Should this change we will update our policy accordingly.
Information Collection and how we use it:
While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you. This personal information may include, but is not limited to, your email address, name, phone number, postal address or other contact information.
Third Party Service Providers:
We may employ third party companies and/or individuals to facilitate our Service, provide the Service on our behalf, perform Service-related services or to assist us in analyzing how our Service is used. These third parties have access to your Personal Information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
By providing your registration details at your initial consultation or when making an online booking, you are agreeing to receive marketing emails related to Henley Podiatry and Health Therapies. You will be able to opt-out of emails at any time. Should you have any queries please contact us directly at firstname.lastname@example.org
Web based request forms:
When you fill out the forms on our website( www.henleypodiatry.com), we store the data you send us. We may use this information to improve customer service and for marketing purposes. This data is NOT passed on to any third party organisations and resides in secure web-based database.
In clinic forms:
When you visit any of our clinical centres you will fill out a standardised registration forms. This form will collect the following details: Name Address Date of Birth Telephone Number Email address GP details Private medical Insurance (PMI) details (if applicable)
The purpose of this information is to allow your clinician to ensure they manage your case with the relevant due care and consideration for your age, your requirements and your program. The Private medical insurance details are used to bill your insurer as appropriate or to communicate directly with them if appropriate. None of your information is passed to a third party unless under your explicit consent to release details.
Your Private Medical Insurance may ask for reports of your sessions but this will only occur with your consent.
You may request us to write a letter to a school, a consultant or another person of interest to you. In doing so we will use your name, DOB and relevant medical details on that letter. You will also receive a copy of the letter should you so choose.
E-mail use Policy:
Your email address will be added to our database and may be used for contacting you in regards to your sessions, your programs, offers and other generalised information. . If you do not wish to receive any of this information you can unsubscribe at any time by emailing email@example.com requesting this.
We will disclose your Personal Information where required to do so by law or in accordance with an order of a court of competent jurisdiction. We will also disclose your information if we believe that lawful disclosure is necessary to comply with the law and the reasonable requests of law enforcement or to protect the security or integrity of our Service.
The protection of your personal information is vitally important to us. We will strive to protect your Personal Information in all means reasonably required by us to do so. We are registered with the ICO and would inform them immediately in the event of a security breach, as well as the subject of the data breach. (Unfortunately no form of data transmission is 100% reliable and we cannot guarantee its absolute security. Therefore we make no warranties as to the level of security afforded to your data. We will however always act in accordance with the relevant UK and EU legislation).
We collect medical history and identifiable information for our child clients. All children under the age of 16 must attend appointments with a legal guardian and it is the legal guardian that must sign and consent to treatment. We will require the contact details of the legal guardian for communication purposes.
This Policy shall be governed and construed in accordance with the laws of England and Wales, without regard to its conflict of law provisions.