We want you to be absolutely confident that we are treating your personal data responsibly, and that we are doing everything we can to make sure that the only people who can access that data have a genuine need to do so. The following explains how and why we use your data and who has access to it.
Why we need to collect your personal data
- We need to collect personal information about your health in order to provide you with the best possible treatment.
- We have a “Legitimate Interest” in collecting your information, because without it we can’t deliver your treatment effectively and safely.
- You requesting treatment, and our agreement to provide that care, constitutes a contract. You can, of course, refuse to provide the information, but unfortunately for safety reasons that would mean we are not able to treat you.
- To provide you the best service we can, it is also important that we collect your contact details in order to confirm your appointments or to update you on matters related to your medical care. This again constitutes “Legitimate Interest”, but this time it is your legitimate interest.
- Separate to the above, in addition we would also like to send you general health information in the form of articles, advice, newsletters or updates about our services and special offers. These are relevant to anyone with an interest in complimentary medicine, health and well being, our services and local community.
- These communications could be made either via phone, text, email or post.
- We will only do this if we have your consent to contact you for marketing purposes which we ask for when you come when you register with us or sign up for our newsletter online. You may withdraw this consent at any time – just let us know by any convenient method and we will remove you from our mailing list.
How long we keep your data for
We have a legal obligation to retain your records for 8 years after your most recent appointment (or age 25, if this is longer), but after this period you can ask us to delete your records if you wish. Otherwise, we will retain your records indefinitely in order that we can provide you with the best possible care should you need to see us at some future date.
Who has access to your data and how is it stored
We will never share your data with anyone who does not need access without your written consent. The following people/agencies may have routine access to your data as follows:
Your medical information: is only ever accessed by your practitioner in order that they can provide you treatment
Your contact information, booking and payment details: may be accessed by reception staff in the premises we operate in, as they organise our practitioners’ diaries, and coordinate appointments and reminders. It may also be accessed by our bookkeeper and accountants. Neither have access to your medical history or sensitive personal information.
Storage of your data: Your medical records are stored with our secure filing system (Dropbox). This are password-protected, backed up regularly. Only the practitioner has access to these files. Your contact details are stored on Mailchimp, which we use to manage our marketing mailing list contact details. As well as being in our contact directory for sending individual emails via Gmail.
Access to your data: You have the right to see what personal data belonging to you we hold, and you can also ask us to correct any factual errors. Provided the legal minimum period has elapsed, you can also ask us to erase your records.
Reporting: We use anonymised aggregated data to help us with our reporting, to assess the progress of our business and the effectiveness of our marketing. This could be using our accountant’s software, Facebook, Instagram, Twitter and Microsoft Office software applications.
Any questions or complaints?
If you have any questions on the above please do get in touch. Of course, if you feel that we are mishandling your personal data in some way, you have the right to complain. Complaints need to be sent to what is referred to as the “Data Controller” at The Point of Healing, please contact:
If you are not satisfied with our response, then you have the right to raise the matter with the Information Commissioner’s Office.