PRIVACY NOTICE FOR CLIENTS

 

What is a Privacy Notice?

Under data protection law you, as client of Wellness Centre Newcastle, you have specific

rights. To communicate these rights to you in a clear and concise manner, we are providing

you with this privacy notice.

 

Who We Are

We are Wellness Centre Newcastle, 2 Highfield Road, Westerhope, Newcastle upon Tyne, NE5 5HS

Telephone number 01912431216,

Email address info@wellnesscentrenewcastle.co.uk

For the purposes of processing your personal data we are the Controller.

 

Data Protection Officer

As we record and use sensitive data we take the protection of this data very seriously. We

have therefore appointed a Data Protection Officer, Wellness Centre Newcastle, who is your first point of contact for any matters regarding your personal data we process. They can be contacted

on 01912431216, their email address is info@wellnesscentrenewcastle.co.uk and their postal

address is as given above.

 

The Personal Data We Process and What We Do with It

We record and use the following categories of personal data which may include: name,

Date of Birth, address, telephone numbers, email address and occupation. We also record health data.

 

Your records are stored electronically (“in the cloud”), using Cliniko, a specialist medical records service. This provider has given us their assurances that they are fully compliant with the General Data Protection Regulations. Access to this data is password protected, and the passwords are changed regularly.

Some additional data e.g. letter to your GP may be stored on our office computer. This is password protected, backed up regularly and the office is locked and alarmed out of working hours.

We will never share your data with anyone who does not need access without your written consent. Only the following people/agencies will have access to your data:

• Cliniko – the medical records service who store and process our files

• Your practitioner(s) in order that they can provide you with treatment

• Our reception staff, because they organise our practitioners’ diaries (but they do not have access to your medical history or sensitive personal information)

• We also use Mailchimp to coordinate our newsletters, so your name and email address may be saved on their server.

 

Sharing Your Personal Data

We only share your personal data with your explicit consent, where, for example we need to

contact an insurer and give them your contact details in order to complete an insurance claim.

Where third parties are used by us to store your personal data, we ensure they are compliant

with the data protection law and any such data is not stored outside of the EU.

 

Retaining Your Personal Data

Whilst you are client of us we will continue to store and use your personal data. We will retain your personal data for a minimum of 8 years in accordance with the GCC and GoSc. Childrens records will be held after last visit when patient reaches the 25th or 26th birthday (if aged 17 at time of last visit)

Your Rights

As we process your personal data, you have certain rights. These are a right of access, a right

of rectification, a right of erasure and a right to restrict processing. You may request a copy of your data at any time.

Please make such a request in writing or by email to the Data Protection Officer, whose details are shown above.

Please provide the following information: your name, Date of Birth, address, telephone number,

email address, practitioner name and details of the information you require.

 If you believe any of the personal data we hold on you is inaccurate or incomplete,

please contact us directly and any necessary corrections to your data will be made

without undue delay.

 If you believe we should erase your data, please contact the Data Protection Officer,

whose details are shown above.

 If you wish us to stop storing or using your data, please contact the Data Protection

Officer, whose details are shown above.

 Where you have provided explicit consent for us to use your data you have a right to

withdraw this consent at any time.

 

Data Breaches

Should your personal data that we control be lost, stolen or otherwise breached, where this

constitutes a high risk to your rights and freedoms, we will contact you without delay. We

will give you the contact details of the Data Protection Officer who is dealing with the breach,

explain to you the nature of the breach and the steps we are taking to deal with it.

 

Should You Wish to Complain

You can contact the ICO via their website: www.ico.org.uk should you wish to make a

complaint about the way we are processing your personal data.

 

Automated Decision Making and Profiling

We do not use any system which uses automated decision making or profiling in respect of

your personal data.

 

V1.0 25.05.18