When you supply your personal details to Salutary Life they are stored and processed for four reasons (the words in bold below are the relevant terms used in the General Data Protection Regulation (GDPR) – i.e. the law):
1. Personal information about your health is collected in order to provide you with the best possible treatment. Your requesting treatment and the agreement to provide that care constitutes a contract. You can, of course, refuse to provide the information, but if you were to do that then it wouldn’t be possible to provide treatment.
2. There is a “Legitimate Interest” in collecting that information, because without it, it wouldn’t be possible for your treatment to be carried out effectively and safely.
3. It is important to be able to contact you in order to confirm your appointments or to update you on matters related to your medical care. This again constitutes “Legitimate Interest”, but this time it is your legitimate interest.
4. Provided consent has been provided, occasionally you may be sent health information in the form of articles, advice or newsletters. You may withdraw this consent at any time – just let us know by any convenient method.
It is a legal obligation to retain your records for 7 years after your most recent appointment (or age 25, if this is longer), but after this period your records/file can be deleted at your request. Otherwise, records will be retained indefinitely should you further treatment at a future date.
Your records are stored:
· on paper, in locked filing cabinets
· on a secure computer which is password-protected
Your data will never be shared with anyone who does not need access without your written consent. Only the following people/agencies will have routine access to your data:
· Your practitioner in order that you can be provided with treatment
· Other administrative staff, such as a bookkeeper. Administrative staff will not have access to your medical notes, just your essential contact details
You have the right to see what personal data of yours is held, and you can also ask that any factual errors be corrected. Provided the legal minimum period has elapsed, you can also request that your records be erased/destroyed.
If you feel that your personal data is being mishandled in some way, you have the right to complain. Complaints can be sent to what is referred to the “Data Controller”: Claire Ridout; Unit 16974, PO Box 6945, London, W1A 6US.
If you are not satisfied with the response, then you have the right to raise the matter with the Information Commissioner’s Office.