Patient privacy notice

Patient Privacy Notice

This Patient Privacy Notice describes how we, Pine Vale Chiropractic collect and use personal data relating to our Patients (i.e. individuals who attend or who have previously attended Pine Vale Chiropractic for health advice and treatment). It also covers our use of personal data relating to Prospective Patients (i.e. individuals who enquire about or express an interest in the services offered by Pine Vale Chiropractic with whom we may communicate (such as over our website or by email). We also refer in this notice to Patients and Prospective Patients as ‘you’.  

We are required by data protection law to give you the information in this Privacy Notice. It is important that you read the Privacy Notice carefully, together with any other information that we might give you from time to time about how we collect and use your personal data. 

We also have a Children's Privacy Notice aimed at Patients who are children. Depending on the maturity of the child, the child should read this, or parents (or carers) should talk it through with their child, if appropriate. Please contact us to request this, if needed (see contact details below).

This Privacy Notice applies from 1st September 2024. We may update this Privacy Notice at any time. 

Who is the controller?

Sarah Rogers is the 'controller' for the purposes of data protection law (also referred to in this notice as 'we' or 'us'). This means that we are responsible for deciding how we hold and use personal data about you. We can be contacted as follows: 

Sarah Rogers 

01202 084 391

[email protected]

36 Pine Vale Crescent
Bournemouth
BH10 6BH 

What is personal data? 

Personal data means any information relating to a living individual who can be identified (directly or indirectly), in particular by reference to an identifier (e.g. name, NHS number, Patient number, email address, physical features). Personal data can be factual (e.g. contact details or age), an opinion or assessment about an individual, or information that may otherwise impact that individual in a personal or business capacity.

Data protection law provides additional protection for personal data about an individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health, sex life or sexual orientation, criminal convictions or offences, biometrics (if used for identification purposes), or genetics. This is referred to as special category data. We refer to personal data that is not special category data as ordinary personal data.

What type of personal data do we hold about you?

We hold personal data about you in order to provide our services, including, for example: name, contact details, age or date of birth, your requirements for our services, related biographical and background information relevant to our services, records of the services we have provided, and associated payments.

This includes special category data relevant to our services, including: background medical information and health details from you, information about our assessments and treatments for you, and other information about your health which is collected or recorded by us in providing our services.

It may also include special category data such as information about your race, ethnicity or religion/belief. This is relevant where it has been noted regarding considerations or adaptions in providing care. Similarly, it may also include the special category data concerning a person’s sex life or sexual orientation where this has been disclosed/discussed in relation to health issues and providing care or where you have disclosed the relationship to you of your provided next of kin. 

If you are a Prospective Patient, we may hold your name and contact details, and other information relating to your enquiry or our communications with you.

If you visit our premises, we may also collect images of you via a video doorbell or CCTV system, this could include vehicle details. If this is a case a sign will be displayed clearly stating this.

Why do we hold your personal data and on what legal grounds?

We hold and use your personal data for the purposes of providing our services, responding to your enquiries, and for sending you related communications. 

We may also use a video doorbell or CCTV outside our premises to assist with the security of our premises.

Both during and following the end of our relationship with you, we may retain your personal data in case it is needed to address enquiries from you, or to address any concerns or legal issues relating to our services or our business. See also below: How long do we keep your personal data?.

Data protection law requires us to have a legal ground for each use of personal data. Most commonly, we rely on the following legal grounds when we process your personal data. 

  • Where we need to process your data to perform the contract we have entered into with you for the provision of our services (performance of the contract). This would apply for most of our activities, for example, collecting background information about you (including health details), maintaining records of [our assessments, treatment and services], managing payments from you, and communicating with you in relation to our services.

  • Where we need it to comply with a legal obligation (legal obligation). This may include where law enforcement authorities require us to collect, use or share personal data, or where necessary to comply with other laws. The General Chiropractic council regulation requires us to legally keep records relating to our services to Patients (and associated assessments and treatment) for eight years from the date of the Patient’s last visit to us or, if the patient is a child, until their 25th birthday, or 26th birthday if the patient was 17 at the conclusion of treatment.

  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests (legitimate interest). This may include, for example, using your data to respond to any enquiries, use of a CCTV system, and retaining or using your data to exercise or defend any legal claims, or otherwise to protect our legal rights.

  • Where we have obtained your specific consent. We will seek your consent before using your contact details to send you direct marketing communications (which you have not otherwise specifically requested from us).

We are required to have an additional legal ground in order to use data relating to your health (because it is special category data). As healthcare professionals, the applicable legal ground is that our use of health data is necessary to provide our health care and treatment services. Where we process other special category data such as concerning your race or ethnicity, religious beliefs, sex or sexual orientation, our additional legal ground is also to provide our health care and treatment services. It is not used for any monitoring purposes.

In exceptional circumstances, we may also use personal data (including special category data) where needed to protect your vital interests or those of another person, to detect or prevent unlawful acts, to establish, exercise or defend legal claims, or where it is in the public interest in the area of public health.   

How do we collect your personal data?  

You provide us with most of the personal data about you that we hold and use. Other personal data about you is generated by us in the course of providing our services, for example records of our assessments and treatments, and information within internal communications or communications with you. 

Some of the personal data about you that we hold and use may come from external sources. For example: if you have had previous treatment, we may, with your consent, request records from your previous healthcare provider, further if we have used an external provider to take images such as MRI or X-ray, then they may provide us with those images and clinical reports associated with them.

If you give us someone else’s personal data

Sometimes, you might provide us with another person’s personal data – e.g. details of a family member or next of kin. In such cases, we require you to inform the individual what personal data of theirs you are giving to us. You must also give them our contact details and let them know that they should contact us if they have any queries about how we will use their personal data.  If you are a parent or carer providing information about a child, please also see our Children's Privacy Notice.

Who do we share your personal data with?

We may share relevant personal data with the following parties (and our legal grounds for doing so are described in brackets).

  • Legal authorities or regulatory bodies, our legal and professional advisors or auditors, or other parties where we are required by law to do so (for compliance with a legal obligation, or otherwise in our legitimate interests to protect or enforce our rights, or to exercise, establish or defend legal claims).

  • Prospective or actual purchasers or our organisation or our business (in the legitimate interests of the purchaser).

  • Other parties with your consent (for example if you give your consent to share your records with another healthcare provider).

  • Other parties where necessary to protect your rights and interests, or the rights or interests of another individual (in our legitimate interests, or for compliance with a legal obligation).

  • Our service providers may also handle your data, such as providers of email, phone/VoIP services, accounting systems, online patient management systems or exercise/rehabilitation software. They act as processors on our behalf, meaning that we remain primarily responsible for how they use your data in line with the purposes and lawful bases identified in this Privacy Notice.

Consequences of not providing personal data

We only ask you to provide personal data when we have a good reason and there may therefore be consequences if you do not provide particular information to us. 

Some of the personal data you provide to us, for example background information about you, is required in order for us to provide our services effectively and to perform our contract with you. 

If you choose not to provide us with any personal data requested, we will tell you about the particular implications of any such decision at the relevant time.

How long will we keep your personal data?

We will not keep your personal data for longer than we need it for our legitimate purposes.

If you are a Patient, we generally keep records relating to our services to you (and associated assessments and treatment) for 8 years from the date of your last visit to us. (For Patients who are children, we generally keep these records until their 25th birthday, or 26th birthday if the Patient was 17 at the conclusion of treatment.) This is a regulatory requirement.

If you are a Prospective Patient, we generally keep records of our communications with you for a period of 3 months following our last communication with you. This may not be the case if you have enquired via social media where comments or messages may remain indefinitely. Note that you also have the right to withdraw any consent you have given, and to object to use of your data for direct marketing purposes (see ‘Your rights’ below), in which case we may delete your personal data sooner. 

Our retention periods may be changed in appropriate circumstances, for example we may need to retain your details for longer if there is a dispute in relation to our services. You may contact us for additional information about retention periods. 

Transferring personal data outside the UK

We do not ordinarily transfer your health data outside the UK, for instance our online patient management and electronic records provider is Jane app, who will use their London servers for the bulk of this processing. However, there may be instances where your personal data is transferred outside the UK. For example, Jane App may use a US-based service provider for appointment reminders sent by email or SMS. Further, this may occur in instances where others technology service providers (for example our VoIP/phone 8x8 service) has data centres or systems outside the UK. In these circumstances we have done our due diligence with regards viewing the relevant privacy policies to ensure they are using adequate data protection standards, for example EU SCCs and the UK addendum. If you require further information on which third-party providers we use please do contact us.

Social media engagement

If you visit our pages on social media sites such as Facebook or Instagram we may collect both personally-identifiable and non-personally identifiable information. For example, if you ask a customer service question through these channels we will receive your username and perhaps contact details and will use that information to respond to your question, comment or enquiry. We will store information only if we have a legitimate business reason to do so in accordance with applicable law. 

Facebook also provides us with so-called Page Insights data. This information is anonymous statistics that we use to evaluate the quality of our facebook page and content by recognising user preferences, in order to adapt and improve our offering. This also applies to our Instagram page. These statistics are compiled on the basis of usage data collected by Facebook about your interaction with our page; we do not have access to this usage data. Facebook identifies us as joint controller, however, has agreed to be primarily responsible, and fulfill your rights, under the GDPR regarding the processing of Page Insights data, and to make available to you the essence of the pertinent arrangements, we must make sure we have legitimate business interests to use this information.

Your rights

You have a number of legal rights relating to your personal data, as follows. 

  • The right to withdraw any consent you have given in relation to the use of your personal data.

  • The right to make a subject access request. This enables you to receive certain information about how we use your personal data, as well as to receive a copy of it. 

  • The right to request that we correct incomplete or inaccurate personal data that we hold about you. 

  • The right to request that we delete or remove personal data that we hold about you where there is no good reason for us continuing to process it, or where you have withdrawn any consent relating to that processing. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).

  • The right to object to our processing your personal data where: (a) we use it for direct marketing purposes; or (b) where we are relying on our legitimate interest (or those of a third party) as our legal ground. In the case of (b), note that we may continue the processing if we can show a compelling reason to do so. 

  • The right to request that we restrict our processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.

  • The right to request that we transfer your personal data to you or to another party, in a structured format. This right applies in respect of data that you have provided where our legal ground for using the data is that it is necessary for the performance of a contract or that you have consented to us using it (this is known as the right to “data portability”).

If you would like to exercise any of the above rights, or if you have any questions or concerns about how your personal data is being used by us, please contact:

Sarah Rogers 

01202 084 391

[email protected]

36 Pine Vale Crescent
Bournemouth
BH10 6BH 

Note that these rights are not absolute and in some circumstances we may be entitled to refuse some or all of your request. 

Complaints

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance. You can find our complaints process on our website.

Ready to book?

or
Call us on
01202 084 391

Need to chat to me to first?

If you're unsure if chiropractic care is right for you or want to chat before booking, please feel free to give me a call. If I'm with a patient or it's after hours, I'll get back to you ASAP. In the meantime, if you haven't already, check out the FAQs or information above.

pine vale chiropractic logo
pine vale chiropractic logo
pine vale chiropractic logo