Privacy Policy

Privacy Notice in compliance with General Data Protection Regulation (GDPR) (EU) 2016/679

Why Emma Hayward Osteopathy collect your personal data and what we do with it.

When you supply your personal details to this clinic they are stored and processed for three reasons (the parts in bold are the relevant terms used in the Data protection Act 2018, which includes GDPR).

  1. We need to collect personal information about your health in order to provide the best possible treatment. Your requesting treatment and our agreement to provide that care constitutes a contract. You can, of course, refuse to provide this information, but this would mean that we would not be able to provide treatment.
  2. We have a ‘Legitimate Interest’ in collecting that information, as it is necessary for us to be able to safely and effectively perform our job.
  3. It is also necessary for us to be able to contact you to arrange appointments and answer any of your queries update you on matters related to your medical care. This constitutes your ‘Legitimate Interest’.

We have a legal obligation to retain your records for 8 years after your most recent appointment, but after this period you can ask us to delete your records if you wish.

As part of our obligation as primary health care practitioners, there may be circumstances related to treatment, on-going care or medical diagnosis that will require sharing of your medical records with other healthcare professionals e.g.. GPs, Consultants, surgeons, our regulatory body the General Osteopathic Council and/or medical insurance companies. Where this is required, we will always seek your consent unless we are under a legal obligation to comply.

We do not engage in any direct marketing and will no use your details for promotional purposes. We will not use your contact details to contact you aside from arranging appointments or to follow-up after an appointment to check on your well-being. We will only collect the information needed so that we can provide you with the services you require from us, the business does not sell or broker your data.

Your personal medical records are either created on paper and then then transferred to Cliniko clinic management software, or added directly to Cliniko, which stores your data in the ‘cloud’. This is only accessible by the osteopath working in the practice and is protected by password access. Whilst the company is based in Australia, they are fully GDPR compliant in line with EU law. Here is their privacy policy:

Your details will also appear in our electronic diary system in Cliniko. This is password protected and only accessible by the osteopath.

You have the right to see what personal data of your we hold, and you can also ask us to correct any factual errors. Provided the legal minimum period has elapsed, you can also ask us to erase your records.

We want you to be absolutely confident that we are treating your personal data responsibly, and that we are doing all that we can to make sure only the people with a genuine need to access that data can do so.

Of course, if you feel that we are mishandling your data, you have the right to complain. Complaints need to be sent to the Data Controller:

Ms Emma Hayward:

If you are not satisfied with our response, then you have the right to raise the matter with the Information Commissioner’s Office.