Privacy Policy

 

SUSSEX ACUPUNCTURE – Privacy Policy

 

  1. Who we are and what this Privacy Policy covers

Sussex Acupuncture (“us”, “we”, or “our”) operates https://www.sussexacupuncture.co.uk/ (the “site” or “website”). Rick Mudie is the data controller for Sussex Acupuncture. This means he decides how your personal data is processed and for what purposes. Any questions you have can be addressed to him by email (see below).

It describes what personal data we collect about you when you use our website or access our services. Personal data is any information that could be used to identify you as an individual. This privacy notice describes how we process your personal data, the basis upon which we process it, with whom it is shared, how it is stored and certain other important information relating to the protection of your personal data.

This privacy notice applies to information we collect from:

  • patients
  • prospective patients
  • former patients
  • people who subscribe to our blog and newsletters
  • visitors to our website

This website is not intended for children and we do not knowingly collect data relating to children.

The following policy explains all of this in some detail but we have also summarised the key points below. Please read this privacy policy carefully as it contains important information.

In summary:

  1. What personal data do we collect about you?

    We will collect personal data such as your name, address, email address and phone number in order to process your appointments. These details are kept within your case notes. Case notes are stored in a secure filing cabinet and transported to the clinics each day. These are not accessible to anyone other than you, your practitioner (Rick Mudie) or anyone you have expressly given permission to, unless subject to an exemption under the GDPR (see ‘Sharing your personal data’ below).

    Your name, phone number and email address are kept electronically using Acuity Scheduling. For information, please see their privacy notice: https://acuityscheduling.com/privacy.php.

    If you pay online, your card and other payment information is not held by us, it is collected by our third party payment processors, Stripe, who specialise in the secure online capture and processing of credit/debit card transactions. When you give us personal information, we take steps to ensure that it’s treated securely. You should be aware that, unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. For information about Stripe’s privacy policy, please see https://stripe.com/gb/privacy.

    Some patients and prospective patients tell us about their medical conditions and medication by email or online enquiry forms. We are unable to send or receive encrypted emails, so you should be aware that any emails we send or receive might not be protected in transit. Please be aware that you have a responsibility to ensure that any email you send us is within the bounds of the law.

    In addition, you may consent to us sending you marketing material.

  2. How we collected it and from whom?

    We collect data from you when you book an appointment, sign up to our newsletter or inquire about our services. This is collected from our website and from any phone calls or email correspondence you make to us.

  3. What do we use your personal data for?

    We use your personal data in order to arrange and reschedule your appointments, or if you enquire about our services.

    We may use your date of birth to help identify patients with the same name to avoid mistakes being made, for identification purposes if referring a patient to another health practitioner and for identification purposes if writing to a registered medical practitioner so that they correctly identify the patient or for the purposes of making a full traditional diagnosis, formulating treatment strategy and treatment planning.

    We use your presenting complaint and symptoms reported by you for the purposes of making a full traditional diagnosis, formulating treatment strategy and treatment planning.

    We use any relevant medical and family history you have told us for making a full traditional diagnosis, formulating treatment strategy and treatment planning.

    We use your GP’s name and address in the event that we need to contact your GP, including in an emergency, and because it is a mandatory requirement in the British Acupuncture Code of Professional Conduct.

    We use our clinical findings about your health and wellbeing for making a full traditional diagnosis, and formulating treatment strategy and treatment planning.

    We keep a record of and refer to that record of any treatment given and details of progress of your case, including reviews of treatment planning to enable us to: review the full traditional diagnosis, treatment strategy and planning; and to secure evidence in the event of criminal proceedings, civil litigation, an insurance claim or complaint.

    We record and use any information and advice that we have given, especially when referring patients to any other health professional, to help you to receive the most appropriate treatment and to secure evidence in the event of criminal proceedings, civil litigation, an insurance claim or complaint.

    We record any decisions made in conjunction with you to help you to receive the most appropriate treatment and to secure evidence in the event of criminal proceedings, civil litigation, an insurance claim or complaint.

    We keep accident records for any patients, visitors or staff who are involved in accidents at our clinic in accordance with UK Health and Safety legislation including the Reporting of Injuries, Diseases and Dangerous Occurrences Regulations (RIDDOR) to comply with the law and to secure evidence in the event of criminal proceedings, civil litigation, an insurance claim or complaint.

    In the event of an adverse incident occurring to any of our patients we report the matter to the British Acupuncture Council and the our insurance company to enable the insurance company to deal with any potential claims and to help the British Acupuncture Council to develop its safe practice guidelines, as well as providing research data and information for the BAcC’s insurers and other interested parties.

    Where relevant we maintain records of the patient’s consent to treatment, or the consent of their next-of-kin in order to be able to prove that the patient (and/or parent/guardian/next of kin) has given informed consent to treatment to secure evidence in the event of a civil claim, criminal prosecution, insurance claim or complaint.

    We will send you a request for feedback after you have completed your course of treatment. This is done as a legitimate interest to monitor our service and any submitted responses are entirely confidential. Surveys are sent out via SurveyMonkey using your personal data stored in MailChimp. For information, see SurveyMonkey https://www.surveymonkey.com/mp/legal/privacy-policy/ and MailChimp https://mailchimp.com/legal/privacy/.

    If consent is given on our website, we will also use your personal data to send you marketing communications about us.

  4. What is our lawful basis for using your personal data?

    As a party to a transaction, we have certain duties, powers and obligations conferred on us by law. In most cases, we need to process your personal data in order to comply with these legal obligations and duties.

  5. Do we need your consent to the use of your personal data?

    In certain circumstances, this may be necessary. In those circumstances, you will be fully informed about why your data is being used and your consent requested. Your right to withdraw your consent will be explained.

  6. Do we share your personal data?

    A list of all the parties with whom we may share your personal data are set out in the detailed information below. We do not allow third parties to use your personal data for their own purposes, we only permit them to process your personal data for our specified purposes. We will not sell your personal data to any other third parties.

  7. For how long do we retain your personal data?

    We keep patient records for a period of 7 years since the last appointment, in accordance with the British Acupuncture Code of Professional Conduct.

    Cardholders details are kept on file until we are told to delete them or when the case papers are destroyed, whichever comes first.

    Subscribers details are held until they unsubscribe from our newsletters.

    At any time you may request that changes are made to your contact details.

  8. What rights do you have in relation to your personal data?

    Your rights are explained below in more detail but, among other things, you have the right to request that we provide you with a copy of all of the personal data that we hold about you and you also have the right to be forgotten.

  9. How do we make sure your personal data is secure?

    Once we have any of your personal data we will use strict procedures and security features to prevent unauthorised access. However, we cannot guarantee the security of data transmitted to us over the internet.

    Personal data that is processed electronically is done as safely as possible. Our website is HTTP Secure (HTTPS), Wi-Fi in the clinics have Wi-Fi Protected Access (WPA) and computers are password protected.

 

  1. Personal data we collect about you. The personal data we collect about you includes:
  • Your name (first name and last name)
  • Your postal address
  • Your telephone number and email address
  • If relevant, your bank card details for payment/refund purposes only

Inability to provide personal data

If you do not provide us with personal data that we require by law or under the terms of a contract with us, then we may not be able to perform the contract we have or are attempting to enter into with you. In this case, we may no be able to provide you with treatment but we will notify you of this at the time if this is the case.

Aggregated Data

We also collect, use and share aggregated data with third parties which include statistical and demographic data for any purpose. Aggregated Data is derived from your personal data. This data is, however, not considered personal data by law as it does not directly, or indirectly, reveal your identity. We share this data with our third party agency to identify specific areas on our website that people interact with to help us formulate our marketing strategy. For example, we may aggregate your Usage Data to calculate a percentage of users accessing a certain page on the website. If we combine or connect Aggregated Data with your personal data, it will be used in accordance with this Privacy Policy.

  1. How is personal data collected?

We collect personal data from you in a number of different ways:

  • you may share information with us in order to access our services and to make enquiries associated with those services;
  • with your consent, you may share other information with us so that you are informed of events, promotions and offers that we may hold from time to time via email marketing;
  • you may provide us with feedback on services you have accessed from us which may be posted on our website or on a third party review website, which you agree to at the time of writing this information. This review is then posted on our website for customers to view;

Cookies

We use cookies which are placed when you visit our website for the first time. You have the option to accept these cookies or to update your preferences that relate to cookies you would like to accept. Please note that if you decide to disable cookies through your browser settings, certain areas of our website may become inaccessible or no longer function properly. For further information about cookies, please read our Cookie Policy. To update your cookie setting, please visit Cookie Preferences which can be found in the footer of our website.

  1. How we use your personal data

We use your personal data only when the law allows us to. We most commonly use your personal data in the following circumstances:

  • when we need to perform the contract we have, or are about to enter into with you;
  • where it is considered necessary for our legitimate interests, or those of a third party, and your interests, along with your fundamental rights, do not override these;
  • where we are in a position to comply with a legal or regulatory obligation Below you will see all of the ways in which we plan to use your personal data…
  • managing our relationship with you (for example, asking you to review our services;
  • participation in a survey;
  • deliver relevant website content;
  • send email communications if explicit consent has been provided in order for us to do so;
  • use of data analytics to improve the website, products, marketing and user experience;

When you have given your consent, we may use your personal data to send you information on offers and promotions which we think you may be interested in. If you have decided to opt-out then you will no longer receive this information from us. You will, however, continue to receive transactional emails from us in relation to our services.

We use your technical and usage data to further improve our website in order to provide you with a better experience. This is necessary for our legitimate interests and allows us to study how customers interact with the website and our services which in turn contribute to the development and growth of our business as well as our marketing strategy.

Third Parties

We may share your personal data with the following categories of third parties:

  • providers of payment systems that process your payments for products;
  • providers of booking systems that process your payment for treatment;
  • providers of data analytic systems to enable us to improve the website, marketing and user experience;
  • with your consent, agencies we have retained to assist us to conduct promotional and marketing activity as well as provide technical assistance and support;

We will also disclose your personal data to third parties:

  • if we are under a legal duty to disclose or share your personal data in order to comply with any legal obligation or any lawful request from any legal or regulatory authority; or
  • to respond to any claims, and to establish, exercise or defend our legal rights.

Most third parties with whom we share your personal data are limited (by law and by contract) in their ability to use your personal data for the specific purposes identified by us. These third parties are themselves subject to the General Data Protection Regulations (GDPR). They will be responsible for their own processing of personal data to the extent that processing is subject to, or relates to, those regulations.

We will always ensure that any third parties with whom we share your personal data are subject to privacy and security obligations consistent with this privacy notice and applicable laws.

We will ensure that we get your opt-in consent before we share your personal data with any external third parties that we use for email marketing purposes. We do not control these third party websites and are also not responsible for their own privacy or cookie policies. When you decide to leave our website, we encourage you to read, in full, Privacy and Cookie Policies of every website that you decide to visit.

Opting Out

You have the right to ask us or third parties to stop sending you marketing communications at any time. You can do this by opening an email you have received from us and clicking ‘unsubscribe’ which can be found at the bottom of the email. Alternatively, you can email us and request that we remove your email address from our database.

If you decide to opt-out of receiving marketing communications from us, you will still continue to receive emails about changes to our practice and your appointments. This will include emails such as changes in clinic location, hours of business and fees. This is a legitimate interest to our business and to our customers.

If we wish to use your personal data for any other purpose, we will update this privacy notice and inform you.

  1. Legitimate Interest

Under GDPR legislation, we have the ability to contact you if we believe you have shown a legitimate interest in our services. For example, if you contact us requesting specific information about the services we provide. We, therefore, can contact you knowing you have shown a legitimate interest in our company/service.

When visiting our website for the first time, you will have the opportunity to select your cookie preferences. You have the choice to accept all cookies which includes performance and marketing cookies or you can accept just the strictly necessary cookies in order for the website to perform properly. We utilise performance and marketing data to ensure we provide relevant information to you and to provide a better experience. It is our legitimate interest to use and analyse this data for our growth and future development. You have the right to update your cookie preferences at any time.

Your email address is not stored in our subscriber list and you cannot be contacted for any other marketing purposes unless you have supplied us with explicit consent to do so.

You have the right to unsubscribe from marketing at any time and will not be contacted in the future unless you have provided us with explicit consent to do so.

  1. Your legal rights

Under the General Data Protection Regulations (GDPR), which are designed to protect your personal data, we need to have what is called a lawful basis or ground each time we use, share or otherwise process your personal data. When you use our site to purchase products from us, the processing of your personal data is necessary to fulfil your orders and is a lawful basis for collecting and using the data you give us.

Certain uses of your personal data, or other processing activities, may not be strictly necessary to perform our legal duties, or to exercise our powers; however, they may be necessary for the purposes of our legitimate interests or the legitimate interests of a third party. They may also be in your interests.

When we say “legitimate interests”, we mean ours (or a third party’s) interests in operating the service as efficiently and securely as possible. For example, we may choose to use a third party to store your personal data; we may do this because our use of that service means that your personal data is more secure.

In order for you to receive the full benefit of our site, such as to take advantage of offers, promotions or receive marketing communications, we will need your consent to collect and use your personal data. Under these circumstances, we will inform you of how the data you provide will be collected, stored and used before seeking your consent. In addition, you will be informed how to withdraw or modify your consent at any time.

You may withdraw your consent, or object to our processing of your personal data in a certain way (where you have the right to do so), by contacting us rick@sussexacupuncture.co.uk

What are your rights in relation to your personal data?

You have certain rights in relation to your personal data; those rights will not necessarily apply in all cases or to all personal data which is processed by us.

For example, certain rights will not apply where we need to process personal data to comply with our legal duties.

You have the right to request that we:

  • the right to request a copy of your personal data which we hold about you;
  • the right to request that we correct any personal data if it is found to be inaccurate or out of date;
  • the right to request your personal data is erased where it is no longer necessary for us to retain such data;
  • the right to withdraw your consent to the processing at any time. This right does not apply where we are processing information using a lawful purpose other than consent;
  • the right to request that we provide you with your personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), where applicable. This right only applies where the processing is based on consent or is necessary for the performance of a contract with you and in either case we are processing the data by automated means.
  • the right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
  • the right to object to the processing of personal data, (where applicable). This right only applies where processing is based on legitimate interests (or the performance of a task in the public interest/exercise of official authority); direct marketing and processing for the purposes of scientific/historical research and statistics;
  • the right to be informed if your data is lost. We shall also inform the Information Commissioner’s Office in accordance with the time limits in the GDPR;
  • the right to lodge a complaint with the Information Commissioner’s Office;

For further details about these rights please see the Information Commissioner’s website at https://ico.org.uk/for-the-public/is-my-information-being-handled-correctly/

When you make a request, we may ask you to provide us with some further information to allow us to confirm your identity.

  1. Changes to our Privacy Policy

We may amend this privacy policy from time to time. Any changes we make to our privacy notice in the future will be notified to you in the next communication from us to you such as a new order or a newsletter that you have consented to receive. The date of our most recent changes can be found at the bottom of this policy and will be updated as and when an amend is made. The most recent and up to date policy will be available on our website at all times unless the site is undergoing scheduled maintenance.

This privacy policy was last reviewed and updated on 5th June 2018.