Privacy Policy
Churchdown Osteopaths provides osteopathic treatment for patients with all types of health conditions indicated for osteopathic care. The practice may also offer massage therapy and reflexology. We are committed to safeguarding the privacy of our customers and website visitors; this policy sets out how we will treat your personal information.
Introduction
This policy refers to personal data, which is defined as information concerning any living person (a natural person who hereafter will be called the Data Subject) that is not already in the public domain.
The UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, along with the Privacy and Electronic Communications Regulations (PECR), seek to protect and enhance the rights of UK data subjects. These rights cover the safeguarding of personal data, protection against the unlawful processing of personal data, and the unrestricted movement of personal data within the UK and its storage. It should be noted that UK GDPR does not apply to information already in the public domain.
Data Collection and Processing
To deliver safe, tailored, and effective treatment, it is essential for us to collect and process personal health and contact information. This collection is a fundamental aspect of our contractual obligation to you, the patient. You can, of course, refuse to provide the information, but if you were to do so, we would not be able to provide treatment.
You will be asked to sign a consent form to allow us to collect and store your personal data.
Contact details provided by you, such as telephone numbers, email addresses, and postal addresses, may be used to remind you of future appointments and provide reports or other information concerning your treatment. This constitutes a legitimate interest.
Marketing and Communication Churchdown Osteopaths may occasionally send newsletters containing patient education, health advice, and updates about our services. We rely on legitimate interest as our legal basis for sending these communications, as we believe they provide valuable information relevant to your ongoing care.
If you do not wish to receive these newsletters, you can opt out at any time by clicking the unsubscribe link in our emails, replying to request removal, or contacting us directly. This opt-out does not affect essential communications such as appointment reminders.
Some basic personal data may be collected from the marketing forms and surveys you complete, from records of our correspondence and phone calls, and from details of your visits to our website, including but not limited to personally identifying information such as Internet Protocol (IP) addresses. We may use such information to collect statistics about the behavior of visitors to our website.
Churchdown Osteopaths may occasionally act on behalf of its patients in the capacity of a data processor to promote other practitioners based at our premises who may not be employed by us.
Cookies and Website Data
The Churchdown Osteopaths website uses cookies. A cookie is a string of information that a website stores on a visitor’s computer and that the visitor’s browser provides to the website each time the visitor returns.
We use both session cookies and persistent cookies:
Session cookies track your activity while navigating the website and are deleted when you close your browser.
Persistent cookies enable our website to recognize you when you visit again. These remain stored on your computer until deleted or until they reach a specified expiry date.
We use Google Analytics to analyse website usage. Google Analytics generates statistical and other information about website use via cookies. You can review Google’s privacy policy here: Google Privacy Policy.
A cookie consent banner is provided on our website to allow you to manage your cookie preferences upon your first visit.
Legal Basis for Processing Personal Data
To meet our contractual obligations obtained from explicit patient consent and legitimate interest to respond to enquiries concerning the services provided.
Legitimate Interests Pursued by Churchdown Osteopaths
To promote treatments for patients with all types of health conditions indicated for osteopathic care.
Data Retention Policy
Our legal obligation requires us to retain your medical records for a minimum of 8 years following your latest appointment or until you reach the age of 25, whichever period is longer. After this period, we will securely delete your records unless they are required for legal, regulatory, or patient care reasons. You may request deletion of your records after this time unless we have a legitimate reason for continued retention.
Data Storage, Security Measures & Disclosure
Churchdown Osteopaths will keep your personal information safe and secure. We will not disclose your Personal Information unless compelled to meet legal obligations, regulations, or valid governmental requests. Every staff member (both employed and self-employed) at Churchdown Osteopaths has a legal obligation to keep your information confidential and has signed integrity and confidentiality agreements.
Your medical records are stored in electronically on our practice management software, Cliniko and/ or in paper format in a locked office. The entire building is securely locked outside working hours. Electronic contact details and medical records stored on our practice and patient management software programs (Cliniko, Cliniq Apps, and Rehab My Patient) are safeguarded with 2FA password protection, ensuring data security.
Data Sharing and Third Parties
Churchdown Osteopaths only collects the information necessary to provide you with marketing and consulting services. We do not sell or broker your data.
As part of our obligations as primary healthcare practitioners, there may be circumstances related to your treatment, ongoing care, or medical diagnosis that require sharing your medical records with other healthcare practitioners (e.g., GPs, consultants, surgeons, and/or medical insurance companies). Where this is required, we will always inform you first unless we are legally obliged to comply.
We will not disclose any information about you to third parties without your written permission (or parental consent in the case of a child) unless there are exceptional circumstances (e.g., life-or-death situations) or the law requires us to do so in accordance with the Caldicott Principles.
Your Rights
Under UK GDPR, you have the right to:
Access your personal data.
Rectify inaccurate or incomplete data.
Request deletion of your data after the legally required retention period.
Request data portability to transfer your data to another provider.
Object to certain types of processing, including direct marketing.
Restrict processing under certain conditions.
Object to automated processing, including profiling.
We will respond promptly to any requests regarding your data. If we refuse a request, we will provide a reason, which you have the right to challenge.
Accessing Your Data
To access your personal data, we require reasonable identification. We accept the following forms of ID: a copy of your driving licence, passport, birth certificate, and a recent utility bill (not older than three months). A minimum of one photographic ID and one supporting document is required. If additional verification is needed, we will notify you.
Changes to the Privacy Policy
The latest version of our privacy policy is available on our website. If significant updates are made, we will notify you via email.
Objections & Complaints
If you have concerns about how we process your data, please contact our Practice Manager, Jo Edwards. If you are not satisfied with our response, you can escalate your complaint to the Information Commissioner’s Office (ICO) via https://ico.org.uk.
Contact Details:
Churchdown Osteopaths, Jo Edwards, Practice Manager
102 Chosen Drive, Churchdown, Gloucester GL3 2QU
Telephone: 01452 714511
Email: hello@churchdownosteopaths.co.uk