PRIVACY NOTICE for Patient Records
(Why we collect your personal data and what we do with it)

When you supply your personal details to this clinic they are stored and processed for 4 reasons (the bits in bold are the relevant terms used in the General Data Protection Regulation - ie the law):
  1. We need to collect personal information about your health in order to provide you with the best possible treatment. Your requesting treatment and our agreement to provide that care constitutes a contract. You can, of course, refuse to provide the information, but if you were to do that we would not be able to provide treatment.
  2. We have a "Legitimate Interest" in collecting that information, because without it we couldn't do our job effectively and safely.
  3. We also think that it is important that we can contact you in order to confirm your appointments with us or to update you on matters related to your medical care, including reminding you if your next visit is overdue. This again constitutes "Legitimate Interest", but this time it is your legitimate interest.
  4. Provided we have your consent, we may occasionally send you general health information in the form of articles, advice or newsletters. You may withdraw this consent at any time - just let us know by any convenient method.
We have a legal obligation to retain your records for 8 years after your most recent appointment (or age 25, if this is longer), but after this period you can ask us to delete your records if you wish. Otherwise, we will endeavour to retain your records for 25 years in order that we can provide you with the best possible care should you need to return to us during this period, but reserve the right to delete them sooner if required.
Your records are stored:
  • on paper, in locked filing cabinets, and the offices are always locked and alarmed out of working hours.
  • on our office computers. The computers are password-protected and backed up regularly on encrypted, password protected portable drives.
We will never share your data with anyone who does not need access without your written consent. Only the following people/agencies will have access to your data:
  • Your practitioner(s) in order that they can provide you with treatment.
  • Our reception staff, because they organise our practitioners' diaries, coordinate appointments and reminders, and file the records
  • Other administrative staff. Administrative staff will not have access to your medical notes, just your essential contact details.
  • Our professional association, the British Chiropractic Association; our regulatory body the General Chiropractic Council; and our professional indemnity insurer; but ONLY in the unlikely event of a complaint made by you against us.
  • Your private health Insurance company, if you have instructed us to do so to claim for your treatment costs.
From time to time, we may have to employ consultants to perform tasks which might give them access to your personal data (but not your medical notes). We will ensure that they are fully aware that they must treat that information as confidential, and we will ensure that they sign a non-disclosure agreement. We may also share your data with third parties as part of a clinic sale or restructure, or for other reasons to comply with a legal obligation upon us.
You have the right to see what personal data of yours we hold, and you can also ask us to correct any factual errors. It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes. Provided the legal minimum period has elapsed, you can also ask us to erase your records.
We want you to be absolutely confident that we are treating your personal data responsibly, and that we are doing everything we can to make sure that the only people who can access that data have a genuine need to do so.
Of course, if you feel that we are mishandling your personal data in some way, you have the right to complain. Complaints need to be sent to what is referred to in the jargon as the "Data Controller". Here are the details you need for that:
North Walsham Chiropractic Clinic
6 Church Street
North Walsham
NR28 9DA
GDPR@nwchiropractic.co.uk
01692 500 600
If you are not satisfied with our response, then you have the right to raise the matter with the Information Commissioner's Office.

PRIVACY NOTICE for Electronic Communications
(Why we collect your personal data and what we do with it)

When you supply any personal details to this clinic they are stored and processed under the terms of the General Data Protection Regulation. This notice relates our communications with you using e-mail, Facebook Messenger and Twitter Direct Messages.
Please keep in mind that communications via email over the internet are not secure. Although it is unlikely, there is a possibility that information you include in an e-mail can be intercepted and read by other parties besides the person to whom it is addressed. Likewise, Facebook and Twitter Direct Messages are not end to end encrypted. Please be aware of this if you choose to disclose any personal medical information in these forms of communication. We would also urge you not to include personal identifying information such as your birth date, address or telephone number in these forms of communication to us.
Having read and understood the above, if you need to discuss any information that you are not comfortable about sending in these forms of communication, please contact us in another way.
When communicating with us via e-mail, Facebook or Twitter and supplying any personal details to us, you consent to us processing and storing the information that you voluntarily provided.
Sharing Your Personal Data - The people having access to your data will be our chiropractors, so they can offer you advice; our reception staff, because they organise our practitioners' diaries, coordinate appointments and reminders, and file records; and other clinic administrative staff.
With reference to Facebook only - We use an outsourced company called 'Cloud Social Media' to help us manage our Facebook page. They act as a data processor on our behalf, and as such we have a contract with them to ensure your data is kept secure.
Your e-mail data will be stored by Microsoft Outlook, and Facebook and Twitter messages stored by each of these companies respectively. You must also accept their terms and conditions along with their General Data Protection Regulation policies. We will access the information stored by them using either our office computers or mobile devices, all of which are password protected.
From time to time, we may have to employ consultants to perform tasks which might give them access to our computers, and so to personal data. We will ensure that they are fully aware that they must treat any information as confidential, and we will ensure that they sign a non-disclosure agreement. We may also share your data with third parties as part of a clinic sale or restructure, or for other reasons to comply with a legal obligation upon us.
We have a Legitimate Interest in the retention of e-mails and messages that you instigate for a limited time period, in case you make contact with us again about the same subject matter. However, after 12 months we will delete the emails or messages. You can request us to delete this information sooner if you prefer. If you are an existing patient of the clinic, and the information exchange is relevant to your treatment, we will copy this information to your treatment records.
You have the right to see what personal data of yours we hold, and you can also ask us to correct any factual errors.
We want you to be absolutely confident that we are treating your personal data responsibly, and that we are doing everything we can to make sure that the only people who can access that data have a genuine need to do so.
Of course, if you feel that we are mishandling your personal data in some way, you have the right to complain. Complaints need to be sent to what is referred to in the jargon as the "Data Controller". Here are the details you need for that:
North Walsham Chiropractic Clinic
6 Church Street
North Walsham
NR28 9DA
GDPR@nwchiropractic.co.uk
01692 500 600
If you are not satisfied with our response, then you have the right to raise the matter with the Information Commissioner's Office.