Privacy Policy

FAIR PROCESSING NOTICE FOR CLIENTS

Cathedral Chiropractic collect data and information about you so that we can provide an effective, compassionate and high-quality service. This Fair Processing Notice explains what data we process, why we process it, our legal basis, how long we keep it and the rights of clients.

We will always make sure that our client’s information is protected and treated securely. Any information that we process will be held in accordance with the General Data Protection Regulation (GDPR), the Data Protection Act 2018 and other UK or EU data protection legislation

Our contact details
Centrum Chiropractic Ltd t/s Cathedral Chiropractic
Unit 2 Bridge House
St Clement St
Truro
TR1 1ER

01872 262988

Our Data Protection Officer is Kristy Gouldsmith.

What data do we process?

We provide health care services and, in order to provide these services, we need to process your personal data. We process information about you when you begin using our services or when we have had a referral for you from your doctor, a hospital or other health care provider and we process it on an on-going basis.

Dependent upon the services required, we may process the following:

  • name, address, phone number, date of birth and marital status;
  • a record of the information that you provide to us;
  • the name of your next of kin, family members or of any person named by you;
  • the name, address and telephone number of your general practitioner;
  • the date on which you started using our services;
  • the date on which you ceased to use our services;
  • a record of any incident affecting you which is detrimental to your health or welfare, which record shall include the nature of the incident and whether medical treatment was required;
  • a record of any medical care provided to you, including a record of your condition and any treatment or surgical intervention;
  • details of any specialist communications needs that you may have and methods of communication that may be appropriate;
  • a record of any complaints/ compliments made by you and the action taken in respect of any such complain/ compliment;
  • data revealing your physical or mental health;
  • if you are referred to another service provider, the name of the provider and date on which you were referred;
  • a unique client number.

If you have been referred to us by another health care provider, your GP or a hospital, we will tell you who referred you and what information was provided in your referral form.

Why do we need to process personal data on our clients?

Cathedral Chiropractic needs to process personal data about our clients in order to provide an effective, compassionate and high-quality service, to fulfil our legal obligations and, if necessary, to protect your vital interests. We will process your data to:

  • provide you with the services or information that you have asked for;
  • keep a record of your relationship with us
  • send you correspondence and communicate with you;
  • meet our legal obligations;
  • protect your vital interests;
  • respond to or fulfil any requests, complaints or queries that you may have;
  • share your data with other parts of the health system such as local hospitals, GPs, social workers, and other health and care professionals, if required or if you consent;
  • understand how we can improve our services or information;
  • generate reports on our work and service; and
  • safeguard our staff and contractors.

Our legal basis for processing personal data

By law, we need a legal basis for processing the personal data of a client. We will process your data using the legal basis of consent, legal obligation, vital interests and legitimate interests.

Consent:

Consent is given where we ask you for permission to use your information in a specific way and you agree to this. Where we use your information for a purpose based on consent, you have the right to withdraw consent for this purpose at any time.

Legal obligation:

We have a basis to use your personal information where we need to do so to comply with one of our legal or regulatory obligations. For example, in some cases we may need to share your information with other health care providers or the police, if there is a safeguarding issue. We have a legal duty to share information with the police and/or children’s social care if a child or young person is considered to be at risk of significant harm (Children Act 2004 and Working Together to Safeguard Children).

Vital interests

We have a basis to use your personal information where it is necessary for us to protect life or health. For example, there may be a safeguarding issue which requires us to share information with emergency services, the police or social care.

Legitimate interests

We have a basis to use your personal information if it is reasonably necessary for us to do so and in our “legitimate interests” (provided that what the information is used for is fair and does not unduly impact your rights).

For example, we have a legitimate interest to keep your personal data on our systems in order to keep it secure, process it and to provide you with a service.

We only rely on legitimate interests where we have considered any potential impact on you, whether or not our processing is excessive and that our processing does not override your right

Special categories of personal data are data revealing health, race, religious beliefs, political views, trade union membership, sex life or sexuality or genetic/biometric information. We will process this type of information about you only if we are required to do so and if we have a specific exemption under the GDPR, which are: your explicit consent, your vital interests, or if we are required to do so for social security or social protection law purposes.

We process the following data with your consent to start with, as you tell you about yourself, but we will then use another legal basis to process it after the initial conversation:

  • name, address, phone number, date of birth and marital status;
  • a record of the information that you provide to us;
  • the name of your next of kin, family members or of any person named by you;
  • the name, address and telephone number of your general practitioner;
  • a record of any complaints/ compliments made by you and the action taken in respect of any such complain/ compliment.

We process the following data with your explicit consent (special categories of data):

  • a record of any incident affecting you which is detrimental to your health or welfare, which record shall include the nature of the incident and whether medical treatment was required;
  • a record of any medical care provided to you, including a record of your condition and any treatment or surgical intervention;
  • details of any specialist communications needs that you may have and methods of communication that may be appropriate;
  • the processing of any data revealing your physical or mental health; and
  • sharing your health data with another service provider.

We process the following personal data due to our legal obligation. This processing may necessary for the purposes of social security or social protection law as we have a legal duty to share information with the police and/or children’s social care if a child or young person is considered to be at risk of significant harm (Children Act 2004 and Working Together to Safeguard Children).

We also have a legal duty to share information with the police and social services if you are deemed to be at a high risk of harm.

  • all personal data, as required

We process the following personal data without your explicit consent client if you are physically or legally incapable of giving consent and the processing is your vital interests (essential for your life):

  • data concerning health

In the case of any legal disputes, we will process the following personal data because we have a legitimate interest and the processing is necessary for the establishment, exercise or defence of legal claims:

  • all personal data will be shared, as required, with our legal advisors, consultants and insurers

We will process the following personal data because it is a legitimate activity of ours and enables us to provide our services:

  • name, address, phone number, date of birth and marital status;
  • a record of the information that you provide to us;
  • the name of your next of kin, family members or of any person named by you;
  • the name, address and telephone number of your general practitioner;
  • the date on which you started using our services;
  • the date on which you ceased to use our services;
  • a record of any complaints/ compliments made by you and the action taken in respect of any such complain/ compliment;
  • all personal data is stored securely on servers and in the cloud;
  • if you are referred to another service provider, the name of the provider and date on which you were referred; and
  • a unique client number.

How long do we hold the personal data of our clients?

We will keep your personal data for as long as you are using our services and for 8 years. We keep your data for X years because you may need on-going care or access to your records in the future.

Who do we share client data with?

Subject to our legal basis, we share data with:

  • Other parts of the health system such as local hospitals, GPs and other health and care professionals;
  • Other professionals such as solicitors or insurers, upon your request;
  • Organisations we have a legal obligation to share information with for safeguarding purposes;
  • The courts, police or other law enforcement agencies if we have to by law, court order or at your request;
  • Our legal advisors and consultants;
  • Our regulators;
  • Our insurance providers; and
  • Our software and cloud service providers.

Data transfers out of the EU or EEA

We do not transfer any personal data of clients out of the EU or EEA.

Rights of clients

Your rights

You have rights in respect of our processing of your personal data which are:

  • To access to your personal data and information about our processing of it. You also have the right to request a copy of your personal data (but we will need to remove information about other people).
  • To rectify incorrect personal data that we are processing.
  • To request that we erase your personal data if:
    • we no longer need it;
    • if we are processing your personal data by consent and you withdraw that consent;
    • if we no longer have a legitimate ground to process your personal data; or
    • we are processing your personal data unlawfully
  • To object to our processing if it is by legitimate interest.
  • To restrict our processing if it was by legitimate interest.
  • To request that your personal data be transferred from us to another company if we were processing your data under a contract or with your consent and the processing is carried out automated means.

If you want to exercise any of these rights, please contact us.

If you have a concern about the way we are collecting or using your personal data, please raise your concern with us in the first instance.

You may also contact the Information Commissioner’s Office at https://ico.org.uk/concerns/.

Book an appointment online

You will need to register with our reception before you are able to book an appointment online.

For All Enquiries

Call: 01872 262988
Email: