Privacy Policy
At Spinavita Chiropractic we prioritise the privacy and security of our patients’ personal information. This Privacy Policy outlines how we collect, use, store, and protect your data in compliance with applicable privacy laws and regulations, including the General Data Protection Regulation (GDPR) and the Data Protection Act.
The Data We Collect
We may collect the following types of personal data:
- Personal Identification Information: Name, date of birth, address, phone number, email address.
- Medical Information: Health history, treatment details, diagnostic reports, and relevant clinical notes.
- Payment Information: Billing and insurance details.
- Appointment Details: Scheduling and attendance records.
Why we collect your information
We need to collect personal information about your health in order to provide you with the best possible treatment. Requesting treatment and the use of our services, and our agreement to provide you with that care constitutes a contract. If you refuse to share with us the information required as is your right, we will not be able to provide treatment or the use of our services. We have a “Legitimate Interest” in collecting that information, because without it we couldn’t do our job effectively and safely.
We also use your data to:
- Manage appointments, patient records, and correspondence.
- Send a monthly newsletter with general health information, you can opt in to this service at any time.
- Process billing and insurance claims.
- Enhance patient care and improve clinic operations.
- Comply with legal obligations.
- Respond to an online or email enquiry to categorise requests for pricing and service information, to fulfil your requests for certain products and services or to facilitate customer feedback
Data Storage
Your records are stored electronically on our diary system JaneApp:
- Your data is stored on secure SOC 2 audited servers in London. The data is encrypted using 128-bit encryption when we access the information from the main servers and stored with 256-bit encryption (in the same way as your banking information would be).
- Our administrators, practitioners and patients access JaneApp using their own account secured by a username and password. Our team makes use of the 2-Step Verification feature.
- JaneApp backs up data daily, weekly, monthly, and yearly to our primary database using multiple availability zones — this means that if something ever happened to one data centre, your data would still be safe and accessible in another. As a secondary safeguard, copies of weekly backups are synced to our secondary database server and retained for 30 days. All backups to our primary and secondary databases are encrypted in transit and at rest.
- While your data is stored on an external server, it is still fully owned by Spinavita Chiropractic.
Other ways your information is stored:
- Any paper records are kept in locked filing cabinets, and the offices are always locked and alarmed out of working hours.
- Our office computers are all password protected, backed up regularly, and the office(s) are locked and alarmed out of working hours.
- On Mailjet, if you have signed up to receive email updates. Mailjet is fully compliant with the General Data Protection Regulations and employs strong security measures to protect your data.
Data Sharing and Disclosure
We will never share your data with anyone who does not need access without your written consent. The only time we will share your data without written consent is when we think you are a serious risk to yourself or others as in compliance with current guidelines.
Only the following people/agencies will have routine access to your data:
- Your practitioner(s) in order that they can provide you with treatment.
- Other healthcare professionals involved in your treatment such as your GP.
- The medical records service who store and process our files which is our diary system JaneApp.
- Our reception staff, because they organise our practitioners’ diaries, and coordinate appointments and reminders but they do not have access to your medical history or sensitive personal information.
- Other administrative staff, such as our bookkeeper. Again, administrative staff will not have access to your medical notes, just your essential contact details.
- With insurance providers for the purpose of claims processing though they do not have access to your personal medical notes.
- When it is required by law, regulation, or court order.
From time to time, we may have to employ consultants to perform tasks which might give them access to your personal data, but not your medical notes. We will ensure that they are fully aware that they must treat that information as confidential, and we will ensure that they sign a non-disclosure agreement.
You have the right to see what personal data of yours we hold, and you can also ask us to correct any factual errors. Provided the legal minimum period has elapsed, you can also ask us to erase your records.
Spinavita Chiropractic will not sell or rent your personally identifiable information to anyone. We respond to subpoenas, court orders, any legitimate request by authorities with which we must comply or legal process. Spinavita Chiropractic may transfer information about you if Spinavita Chiropractic acquires, or is acquired by or merged with, another company. In this event, Spinavita Chiropractic will notify you before information about you is transferred and becomes subject to a different privacy policy.
Spinavita Chiropractic is registered with the Information Commissioners Office (ICO) as a data controller as stipulated in the Data Protection Act.
Data Security
We have implemented robust security measures to protect your personal data. This includes:
- Secure patient management systems.
- Data encryption and access control measures.
- Regular security assessments and staff training on data privacy.
Data Retention
We have a legal obligation to retain your records for 8 years after your most recent appointment. If you were under the age of 18 at the time of your interaction with Spinavita Chiropractic, we will keep your records for 8 years, or until the age of 25 if this is longer. After this time period has lapsed, you can ask us to delete your records.
Patient records are deleted permanently from the electronic patient management database JaneApp. Any paper copies of notes are disposed of using a specialised company when they have reached the above criteria.
Complaints
If you feel that we are mishandling your personal data in some way, you have the right to complain. Complaints need to be sent to what is referred to the Data Controller by contacting
Anna Hawrot
a.hawrot@spinavita.co.uk
62 Westbourne Drive, Hardwicke, Gloucester, GL2 4RU, UK
01452 883232
If you are not satisfied with our response, then you have the right to raise the matter with the Information Commissioner’s Office.
We want you to be absolutely confident that we are treating your personal data responsibly, and that we are doing everything we can to make sure that the only people who can access that data have a genuine need to do so.
This Privacy Policy was last updated November 2024.