PERSONAL INFORMATION ABOUT OUR PATIENTS
This Privacy Notice has been issued by Cardin Chiropractic* in accordance with The Data Protection (Jersey) Law 2018 (“DPJL”) which came into force on 25 May 2018 with equivalent principles to the European General Data Protection Regulations (“GDPR”).
The DPJL requires that everyone responsible for using personal data has to follow strict rules called data protection principles. They must make sure the information is:
- used lawfully, fairly and transparently
- used for specified, explicit and legitimate purposes
- used in a way that is adequate, relevant and limited to only what is necessary
- accurate and, where necessary, kept up to date
- kept for no longer than is necessary
- handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage
As a practice we need to collect and use personal information about our patients in order to clearly define the appropriate course of treatment and care. This privacy notice therefore sets out how we collect, use and protect your personal information and your rights in relation to your information. Personal information is information, or a combination of pieces of information, that could reasonably allow you to be identified.
DATA PROTECTION OFFICER
A Data Protection Officer has been appointed to be your first point of contact should you wish to discuss any matters regarding your personal data that we process. Our Data Protection Officer can be contacted on 0700 300 354, email firstname.lastname@example.org or at the postal address below.
THE PERSONAL DATA WE PROCESS AND WHAT WE DO WITH IT
We hold or will collect personal information about you from a variety of sources, including information provided to us by you directly. The sources of data and the types of data collected are listed below.
The categories of personal information that we may collect directly from you include:
(a) Personal details (e.g. your name, date of birth, family information);
(b) Your contact details (e.g. your address, phone number and email address);
(c) Your health and physical data (e.g. medical history, disabilities, prescriptions, family history, height, weight)
(d) Details of your current medical issue.
The categories of information we may collect from other sources (e.g. your GP) include:
(a) Personal details (e.g. your name, address, date of birth, marital status);
(b) Your contact details (e.g. your address, phone number and email address);
(c) Information necessary to provide an explanation of the reason for referral, including relevant health data and medical history.
HOW WILL WE USE YOUR PERSONAL INFORMATION AND WHY?
The ways we use and share your information include:
(a) Identifying you and making sure your details are up to date;
(b) Communicating with you (e.g. appointments, fee payment, clinic information, clinic marketing)
(c) Communicating with the Medical Practitioner who referred you;
(d) Communicating with Practitioners we refer to;
(e) Communicating with your Medical Insurance Provider.
(f) Communicating with Lawyers and insurance brokers for the purpose of insurance benefits or in connection with insurance and personal injury claims.
We will not pass your personal data to any third party without your prior agreement.
Legal Basis For Using Your Personal Information
We must have a legal reason to use your personal information. This will usually be one of the following:
(a) To fulfil our legal obligations (including any contractual obligations);
(b) To meet our legitimate interests to administer our business efficiently;
(c) Because using the information is necessary in relation to a legal claim.
Where we process ‘special categories’ of information, for example information concerning your health, our expected legal basis for using your personal information is that it is necessary for the purposes of carrying out our obligations in connection with patient care and is authorised under the DPJL.
International Data Transfer
Your personal information may be transferred to, stored, and processed in a country that is not regarded as ensuring an adequate level of protection for personal information under European Union law. Where your personal information is to be transferred outside the UK (for example by your Medical Insurance Provider or insurer) we will make sure that they understand their accountability to have appropriate safeguards in accordance with applicable legal requirements to protect the information. For more information on any safeguards in place, please contact us.
RETAINING YOUR PERSONAL DATA
We have in place measures to protect the security of your personal information and keep it confidential. We review these measures regularly to make sure they remain appropriate.
When sharing your personal information with another third party we will make them accountable to have measures in place to protect your personal data, keep it confidential and agree to use the personal information only for the purposes we set out.
We will keep personal information for as long as we have a relationship with you. When deciding how long to keep your personal information, after our relationship with you has ended, we take into account our legal obligations and legal expectations. We will be required to retain your personal data for a minimum of 8 years and may retain records longer, for example in order to provide you with a better patient experience or investigate potential legal claims.
As a “Data subject”, you have rights under the DPJL regarding your personal information, including the right in certain circumstances to access, correct, delete or transfer your personal information or to restrict or object to our use of it. If you would like to discuss or exercise these rights, please contact us.
You may request a copy of your data at any time. Please make such a request in writing or by email to the Data Protection Officer, whose details are shown above. Please provide the following information: your name, telephone number, email address and details of the information you require. We will need to verify your identity so we may ask for a certified copy or sight of your passport or driving licence and/or recent utility bill, plus any additional information required to handle your request.
If you believe that any of your personal data that we hold on you is inaccurate or incomplete, please contact the practice directly.
If you believe we should erase your data please contact the Data Protection Officer, whose details are shown above.
If you wish us to stop storing or using your data, please contact the Data Protection Officer, whose details are shown above.
Should your personal data that we control be stolen or otherwise breached where this constitutes a high risk to your rights and freedoms, we will contact you without delay. We will explain the nature of the breach, the steps we are taking to deal with it and a point of contact for further information.
AUTOMATED DECISION MAKING AND PROFILING
We do not use any system which uses automated decision making or profiling in respect of your personal data
CHANGES TO THIS POLICY
We may update this privacy notice from time to time. You can ask us for a copy of the most up to date policy at any time or access it from our website: www.cardinchiro.com
HOW TO CONTACT US
Cardin Chiropractic is considered to be a data controller responsible for the collection and use of your personal information. If you have any questions or concerns please contact us by using the following contact details:
Phone: 07700 300 354
Address: Cardin Chiropractic
Room 3, First Floor
The Little Grove Clinic
La Rue de Haut
If you believe that we have not resolved your concerns, you can complain to the Information Commissioner’s Office at https://oicjersey.org
Please do contact us if your personal information changes or if you think that the information we hold about you is out of date.
*Cardin Chiropractic is the business name of Vaudemont Limited