Privacy Notice – Website and Clinical
At The Form Practice we’re committed to protecting and respecting your privacy.
This Policy explains when and why we collect personal information, how we use it, the conditions under which we may disclose it to others and what choices you have. It relates to all our business activities, not just this website.
We may change this Policy from time to time so please check this page occasionally to ensure that you’re happy with any changes. By using our services, you’re agreeing to be bound by this Policy.
Any questions regarding this Policy and our privacy practices should be sent by email to email@example.com
Date: 07 March 2019
Author: The Form Practice
1. Who are we?
We are The Form Practice, a health clinic in Cambridge. Our website address is: https://www.theformpractice.com
The Form Practice is a sole trader.
2. How do we collect information from you?
We obtain information about you when you contact us to enquire about our services.
We collect information about you when you complete an online appointment booking or make a booking by phone, email or message.
3. What information do we collect & how is it used?
We collect information to respond to enquiries. We also collect information to allow us to fulfil our obligations to our patients – to fulfil appointments and to make a thorough assessment and diagnosis and keep a record of diagnostic reasoning and treatment. The section 3.0 below outlines what information we collect, and for what purpose.
3.0. Sensitive Data
Medical data is classified as Special Category Data. Our condition for processing this data is to fulfil our healthcare services. This is condition Article 9 2(h).
The information we collect is your personal contact details in order to make appointments and respond to enquiries, this is to fulfil our contract with you. We also collect and record information about your health so that we can provide you with osteopathic care. We collect this data to fulfil our contract to provide health services to you. We use your email and telephone details to confirm appointments and provide you with information about your care. This is considered a legitimate interest but you are free to tell us you would rather we didn’t contact you. Your health data is considered Special Category data and as such the condition for processing is Article 9 2(h).
We use Cliniko as the provider of our electronic clinic software. We can reassure you that information entered in our online appointment system is handled securely. All your case history information is entered and securely stored with back-ups on the Cliniko system. Access to the system and all our devices are password protected.
From time to time we like to pass on information about health and well-being and the services we offer. Be reassured that we will not use your email or text message for marketing unless you have given us permission to do so. We obtain your consent for this and record it in Cliniko. Mailchimp is used to generate newsletters and therefore will have your name and email address on their server. You can withdraw your consent for receiving marketing at any time.
We have verified that these 3rd party services are GDPR compliant (or are working towards GDPR compliance),and are certified under the EU-US Privacy Shield Framework (or are working towards certification) where these organisations are based outside of the EU.
Your data will not be shared without your consent unless there is a legal requirement to do so.
4. Controlling your information
4.0. Health information – your rights
Please help us to keep your information accurate by telling us if there have been any changes. We will periodically check that your information remains accurate.
You can request to see the data we hold about you. You can also ask for mistakes to be corrected. You can ask to be removed from our marketing lists. You can ask for your notes to take them to another practice.
We are unable to delete the data we hold about you. We have a legal obligation to keep your notes for 8 years or for children until they are 25 years old. After this time we will delete your record so if you come to the clinic again we will start a new record.
5. Website Privacy
You can manage these small files yourself. You can find out how to do this, and learn more about Cookies in general here.
Google Analytics sets cookies to help us accurately estimate the number of visitors to the website and what content is most popular. This helps to ensure that our website is responding to your needs in the best way possible. Google Analytics sets the following cookies:
__utma (Expiry: 2 years)
__utmb (Expiry: 30 minutes)
__utmc (Expiry: At end of session)
__utmz (Expiry: 6 months)
When you leave a comment on our blog, three cookies are set to store your name, email address and website. This is so that if you wish to leave another comment, you won’t have to re-type this information. These cookies will last for one year.
5.5.Links to other websites
Our website contains links to other third party sites. The Form Practice is not responsible for the privacy practices within any of these other sites. You should be aware of this when you leave the website and we encourage you to read the privacy statements on other websites you visit.
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
5.6.What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
The Form Practice takes security seriously. In order to protect your information from loss, misuse or unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect. These steps include the following:
– Data minimisation
– Password best practice
– Security best practice concerning devices (PCs, laptops, mobile devices), online accounts, website hosting, physical access and storage
– Staff training and accountability on data protection
A copy of our internal Data Security Policy is available on request.
Our Data Security Policy includes a clear process for handling a personal data breach, should one occur. Where appropriate, The Form Practice will promptly notify you of any unauthorised access to your personal information.
If you wish to raise a complaint on how we have handled your personal information, you can contact us directly and we will investigate the matter – Mark Smith (Co-founder) 01954 214473 or email firstname.lastname@example.org
If you are not satisfied with our response or believe we are processing your personal information not in accordance with the law you can complain to the Information Commissioner’s Office (ICO).