This Privacy Policy describes how and when we collect, use, and share information when you attend an appointment at our clinic, purchase a product from us, contact us, or otherwise use our services. This is to comply with the General Data Protection Regulations (GDPR) 2018.
Information We Collect
To aid your treatment or as part of purchasing something from our business you will normally provide us with certain information, such as your name, email address, postal address, medical information and payment information. We will store your information in two ways: on an electronic patient record and diary system which is fully password protected and on a paper record which is stored in a secure locked cabinet.
Why We Need Your Information and How We Use It
We rely on a number of legal bases to collect, use, and share your information, including:
Marketing
From time to time we may wish to send you direct marketing material which may include product offers and newsletters. We would ask for your consent to do this indicating in what forms you would like to receive this information: we collect this information on your initial assessment form.
Information Sharing and Disclosure
Information about our patients is important to our business. We share your personal information for very limited reasons and in limited circumstances, as follows:
Data Retention
We retain your personal information only for as long as necessary to provide you with our services and as described in our Privacy Policy. However, we may also be required to retain this information to comply with our legal and regulatory obligations, to resolve disputes, and to enforce our agreements. The retention of our records is normally a minimum of 8 years, after the last appointment.
As we see a high number of patients with a long period of time between appointments, we may keep records for the full duration, this enables comparisons to be made to provide better care. For customers who are not patients but may have bought products from our business we will keep any data you may have provided for a minimum of 6 years in line with tax legislation.
Your Rights
You have a number of rights in relation to your personal information. While some of these rights apply generally, certain rights apply only in certain limited cases. We describe these rights below:
How to Contact Us
For purposes of the GDPR, I, Jonathan Draper, am the data controller of your personal information. If you have any questions or concerns, you may contact me jonathan@whiteroseclinicyork.co.uk. Alternately, you may mail me at White Rose Clinic, 9a Julia Avenue, Monks Cross, Huntington, York, YO32 9JR.
I am text block. Click edit button to change this text. Lorem ipsum dolor sit amet, consectetur adipiscing elit.