What information do we collect about you?
You are free to browse our clinic website without disclosing any personal information to us and we do not need to collect data about your visit, as we do not sell products on the site.
Personal information about you that you provide when you contact us or attend an appointment, including your name, title, billing address, contact information (such as your telephone number and email address) and your medical history is stored on our electronic cloud system Cliniko (who also comply appropriately with UK GDPR laws).
If you contact us via our reception line, which is run by a virtual reception company (Verbatim) in Newbury, UK, they will request your name, email address and mobile telephone number for the booking of appointments, but are unable to access any further information at a later date, as their access is limited to bookings only.
Medical record keeping: We have our insurance policy with Balens Health Professionals, which is underwritten by Zurich Insurance plc. It is a condition of our Insurance Policy that we to take and retain client records. The policy wording notes:
The records shall be kept for at least 7 years following the last occasion on which treatment was given. In the case of treatment to minors, it is advisable that records should be kept or at least 7 years after they reach the age of majority (18).On this basis, patient data will be kept in alignment with medico-legal requirements and then shredded and disposed of appropriately.
We work closely with other healthcare professionals, to ensure that the very best service can be provided for your needs. However, before speaking to any professional, you will be asked to give written consent, so that we know you are happy with the data that we share and the depth of information being discussed.
Security and the processing of your personal information
At The Tilsworth Clinic, we understand that security is an important concern for you. Information you give us will be stored securely on our computer systems and all team members use password protected computers to ensure that all your personal details remain confidential. Where you use PayPal to handle payment transactions, it is done via secure payment pages. PayPal receives information about you as needed to verify and authorise your payment, and is obliged to comply with the Payment Card Industry Data Security Standard (PCI DSS) and to keep all of your personal information private.
The Tilsworth Clinic complies with all applicable Data Protection legislation and we never show information about patient without written consent. Our security technologies and procedures are regularly reviewed to ensure that they are up to date and effective.
Unfortunately, the transmission of information via the internet is never completely secure and we cannot guarantee the security of any information transmitted to or from our website or via email communications. Any transmission is undertaken at your own risk and you should ensure that any payment transactions you make are made in a secure environment. You should keep confidential any personal security codes and passwords, and comply with any instructions that we may give you in order to keep such details confidential and safe.
How do we use your information?
We may use information about you in the following ways:
a) To provide you with information about the clinic, your appointments and any invoices that that you incur, which are necessary for you as a patient;
- b) To carry out our obligations arising from any contracts entered into between you and us – such as our Terms & Conditions;
- c) To allow you to participate in interactive features of our service, when you choose to do so – such as online bookings;
- d) To notify you about changes to our services or clinic, such as opening times or practitioner details;
Please note that we will never sell or share your details to any third parties.
When would we disclose your information?
We may disclose your personal data to third parties if:
a) We are under a duty to disclose or share your personal data in order to comply with any legal obligation, or to enforce our terms and conditions, or to protect our rights and property or our safety and that of our customers and third parties. This includes exchanging information with other organisations for the purposes of credit risk reduction.
b) We are bound as professionals, under a duty to disclose, to comply with any legal obligations and responsibilities surrounding the protection of life. This duty would be actioned in the event that a patient discloses to a practitioner that they may harm either themselves or others. Be that an adult or a child.
Your rights and control of your information
You have the right to, at any time:
a) Access the information we hold about you in accordance with the Data Protection Act 1998. If you would like a copy of some or all of the personal information we hold on you, you can email firstname.lastname@example.org Any access request may be subject to a nominal fee to cover our costs of our time;
b) Ask for your information to be corrected or updated;