Privacy Notice – Website and Clinical
At Deborah Smith, Mobile Osteopath, we’re committed to protecting and respecting your privacy.
This Policy explains when and why we collect personal information, how we use it, the conditions under which we may disclose it to others and what choices you have. It relates to all our business activities, not just this website.
We may change this Policy from time to time so please check this page occasionally to ensure that you’re happy with any changes. By using our services, you’re agreeing to be bound by this Policy.
Any questions regarding this Policy and our privacy practices should be sent by email to firstname.lastname@example.org,
Date: 25th April 2018
Next Review Date: 25th April 2019
Author: Deborah Smith
- Who are we?
We are Deborah Smith, an osteopath providing health information and mobile osteopathic care in your own home.
Deborah Smith is a sole trader.
- How do we collect information from you?
We obtain information about you when you contact us to enquire about our services.
We also collect information from you if you leave a comment on our blog or fill in our feedback or help forms.
We collect information about you when you complete an online appointment booking or make a booking by phone, email or message.
We collect medical information during your appointments.
- What information do we collect & how is it used?
We collect information to respond to enquiries. We also collect information to allow us to fulfil our obligations to our patients – to fulfil appointments and to make a thorough assessment and diagnosis and keep a record of diagnostic reasoning and treatment. We also collect your information if you leave a comment on our blog. The section 3.3 below outlines what information we collect, and for what purpose.
3.0. Sensitive Data
Medical data is classified as Special Category Data. Our condition for processing this data is to fulfil our healthcare services. This is condition Article 9 2(h).
The information we collect is your personal contact details in order to make appointments and respond to enquiries, this is to fulfil our contract with you. We also collect and record information about your health so that we can provide you with osteopathic care. We collect this data to fulfil our contract to provide health services to you. We use your email and telephone details to confirm appointments and provide you with information about your care. This is considered a legitimate interest but you are free to tell us you would rather we didn’t contact you. Your health data is considered Special Category data and as such the condition for processing is Article 9 2(h).
We use Cliniko as the provider of our electronic clinic software. We can reassure you that information entered in our online appointment system is handled securely. All your case history information is entered and securely stored with back-ups on the Cliniko system. Access to the system and all our devices are password protected.
From time to time we like to pass on information about health and well-being and the services we offer. Be reassured that we will not use your email or text message for marketing unless you have given us permission to do so. We obtain your consent for this and record it in Cliniko. Mailchimp is used to generate newsletters and therefore will have your name and email address on their server. You can withdraw your consent for receiving marketing at any time.
We have verified that these 3rd party services are GDPR compliant (or are working towards GDPR compliance),and are certified under the EU-US Privacy Shield Framework (or are working towards certification) where these organisations are based outside of the EU.
Your data will not be shared without your consent unless there is a legal requirement to do so.
- Controlling your information
Please help us to keep your information accurate by telling us if there have been any changes. We will periodically check that your information remains accurate.
You can request to see the data we hold about you. You can also ask for mistakes to be corrected. You can ask to be removed from our marketing lists. You can ask for your notes to take them to another practice.
We are unable to delete the data we hold about you. We have a legal obligation to keep your notes for 8 years or for children until they are 25 years old. After this time we will delete your record so if you come to the clinic again we will start a new record.
- Website Privacy
You can manage these small files yourself. You can find out how to do this, and learn more about Cookies in general here.
Google Analytics sets cookies to help us accurately estimate the number of visitors to the website and what content is most popular. This helps to ensure that our website is responding to your needs in the best way possible. Google Analytics sets the following cookies:
- __utma (Expiry: 2 years)
- __utmb (Expiry: 30 minutes)
- __utmc (Expiry: At end of session)
- __utmz (Expiry: 6 months)
When you leave a comment on our blog, three cookies are set to store your name, email address and website. This is so that if you wish to leave another comment, you won’t have to re-type this information:
We use a technology called ‘Adaptive Images’ to display appropriately sized images across all screensizes. This sets a cookie to store your screensize:
By using and browsing the Mobile Osteopath website, you consent to cookies being used in accordance with this Policy.
If you do not consent, you must turn off cookies or refrain from using the site. Most browsers allow you to turn off cookies. To do this, look at the ‘help’ menu on your browser. Switching off cookies should not noticeably restrict your use of this website.
Links to other websites
Our website contains links to other third party sites. Deborah Smith is not responsible for the privacy practices within any of these other sites. You should be aware of this when you leave the Mobile Osteopath website and we encourage you to read the privacy statements on other websites you visit.
Deborah Smith takes security seriously. In order to protect your information from loss, misuse or unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect. These steps include the following:
- Data minimisation
- Password best practice
- Security best practice concerning devices (PCs, laptops, mobile devices), online accounts, website hosting, physical access and storage
- Staff training and accountability on data protection
A copy of our internal Data Security Policy is available on request.
- Data Breaches
Our Data Security Policy includes a clear process for handling a personal data breach, should one occur. Where appropriate, Deborah Smith will promptly notify you of any unauthorized access to your personal information.
If you wish to raise a complaint on how we have handled your personal information, you can contact us directly and we will investigate the matter – Deborah Smith 07733 274931 email@example.com
If you are not satisfied with our response or believe we are processing your personal information not in accordance with the law you can complain to the Information Commissioner’s Office (ICO).