Colchester Podiatry Privacy Notice
Our aim is to comply with General Data Protection Regulation (GDPR), 2018 and other legal acts that ensure we maintain full and accurate records of the care we provide for you and keep this information confidential and secure.
This privacy notice will set out information about the data we collect, how we protect your data, confidentiality and information security and your rights to erasure. It also tells you how you can obtain access to the information relating to your healthcare.
What information do we collect?
We collect information about you such as your name, address, General Practitioner (GP) and contact details alongside any health-related information required for the delivery of your care. This data will be collected when you register with us, or sent to us if you have been referred to us from a third party (e.g. General Practitioner, Insurance Company, other health care professionals). We also enter clinical notes which document your encounters with our clinicians and these are held on our secure Software. Collecting this data will enable us to provide you with the appropriate care and treatment that you need.
This information collected may be recorded in writing (e.g. on an assessment form or letter), or electronically on a computer, or a mixture of both.
When you arrive for an appointment, your details will be checked to ensure that our records are accurate. It is important that you notify us of any changes to your personal details (e.g. address, contact number).
Information that will be collected automatically
Device information: We may also collect information about your device each time you use the Website. For example, we may collect information on the type of mobile device that you are using and its unique device identifier (for example, the IMEI number, the device’s mobile phone number, or the MAC address of the device’s wireless network interface), the type of mobile browser that you are using, the mobile operating system that you are using, mobile network information and the time zone setting.
Information on your device: We may also collect information which is stored on your device each time you use the Website. For example, we may collect contact information, login information, friends lists, photos, videos and other digital content with your prior consent.
Location data: We may also collect information to determine your location using GPS technology or such other location tracking software we may use from time to time. Some of the features of the Website may require access to such location data to work. If you would like to use any such feature, you will be asked to consent to provide such location information. You can withdraw your consent to providing this information at any time by emailing email@example.com
- keep track of the items stored in your shopping basket and take you through the checkout process;
- recognise you whenever you visit the Website (this speeds up your access to the Website as you do not have to log on each time);
- obtain information about your preferences, online movements and use of the internet;
- carry out research and statistical analysis to help improve the Website content, products and services and to help us better understand our visitor and customer requirements and interests;
- target our marketing and advertising campaigns and those of our partners more effectively by providing interest-based advertisements that are personalised to your interests; and
- make your online experience more efficient and enjoyable.
How to turn off cookies
If you do not want to accept cookies, you can change your browser settings so that cookies are not accepted. If you do this, please be aware that you may lose some of the functionality of the Website. For further information about cookies and how to disable them please go to: www.aboutcookies.org or www.allaboutcookies.org.
How do we use the information we collect to help you?
We will use the information we collect about you to ensure a high quality of health care in the following ways:
- To inform General Practitioner’s, or healthcare professionals involved in your care that need accurate information about you to assess your health and deliver the health care you need.
- To ensure accurate information is available if you need to be referred to another health professional or 3rd party.
- To assess the type and quality of care you have received and may require in the future.
- To support clinic and treatment appointments by sending you electronic and or paper-based appointment reminders. To support clinic and treatment appointments by sending you encrypted electronic clinical notes.
- To ensure your concerns can be properly investigated if you are unhappy with the care you have received.
How else could your information be used?
The information we collect about you may also be used to help us:
- ensure the health of the general public
- review the care we provide to ensure it is of the highest standard collect clinical audit information
- arrange payment for the person who treats you
- investigate incidents, complaints or legal claims
- conduct health research and development
- to ensure that our service can meet patient needs in the future
- teach and train healthcare professionals
Do we share information about you with anyone?
There are times when it is appropriate for us to share information about you and your healthcare with others. We may share your information with the following main partners:
- General Practitioner’s or other health care professionals involved in your care
- Health Authorities
- The National Health Service
- The Department of Health
If you are receiving care from other people (such as Social Services), then we may also need to share relevant information about you to help us work together for your benefit.
We will not disclose your information to third parties without your permission unless there are exceptional circumstances such as the health and safety of another person is at risk or where the law requires information to be passed on.
Occasions when we must pass on information include:
- reporting some infectious diseases
- to help prevent serious crime
- when ordered by the court
- when you have expressly agreed for us to pass on information
In all cases where we must pass on information, we will only share the minimum amount of information required and where possible data will be anonymised (i.e. does not identify you personally). Anyone who receives information from us also has a legal duty to keep it confidential.
We will always try and obtain your consent wherever possible and inform you if your information is to be shared.
We will only give information to your relatives, friends and carers if you consent to this and we have obtained your consent.
How we keep your information secure and confidential?
We protect your information in the following ways:
Training – Staff are trained to understand their duty of confidentiality and information governance and their responsibilities regarding the security of patient information both on our premises and when out in the community.
Access controls – Any member of staff being given access to patient information on our patient records system, can only do so with a username and password.
Investigation – If you believe your information is being viewed inappropriately, please notify us immediately, we will investigate and report our findings to you. If we find that someone has deliberately accessed records about you without permission or good reason, we will tell you and take action. This can include disciplinary action, termination of employment, or bringing criminal charges where appropriate.
Records Management – All of your healthcare records are stored confidentially in secure locations.
Legislation – There are laws in place to protect your information, including the General Data Protection Regulation (GDPR), 2018 and the Human Rights Act 1998.
How long do we keep your data?
The GDPR requires that we can retain your personal data for no longer than is necessary for the purpose it was obtained for. The Act does not set out any specific minimum or maximum periods for retaining personal data. Instead, it says that:
- Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
- Consider the purpose or purposes we hold the information for in deciding whether (and for how long) to retain it;
- Securely delete information that is no longer needed for this purpose or these purposes; and
- Update, archive or securely delete information if it goes out of date.
Can my data be erased?
The GDPR introduces a right for individuals to have personal data erased. This is known as the right to erasure. However, the right is not absolute and only applies in certain circumstances. Should you wish to any of you have your data erased from our system, then you can do so by making a request for erasure verbally or in writing and it is our obligation to respond to you within one month of the request.
Can you obtain the information we collect about you?
Under the GDPR, 2018 individuals have the right to access their personal data and supplementary information.
You have the right to apply for access to the information we hold about you, whether it is stored electronically or on paper.
We are obliged to provide you a copy of the information free of charge. However, we also have the right to charge ‘reasonable fee’ when a request is excessive, particularly if it is repetitive. The new statutory limit for subject access requests and providing a response is within one month of receipt of your formal request.
We also have the right to charge a reasonable fee to comply with requests for further copies of the same information. The fee will be based on the administrative cost of providing the information.
If you would like to submit a subject access request for information, please contact us.
Data Protection Officer
Our nominated Data Protection Officer (DPO) is Mr Andrew Barker, should you wish to activate you right to erasure or request copies of the information we hold about you, please send an email to firstname.lastname@example.org with your request and our DPO will contact you for further details.
Review of our policy
To ensure we are following the appropriate guidelines and making sure that your data is adequately protected, we will review this policy and update it when required.