THE DATA PROTECTION ACT 2018 (DPA)
GENERAL DATA PROTECTION REGULATION 2016 (GDPR)
Forest Edge Clinic collects and uses your personal data, including sensitive data, on the basis that it is the clinics legitimate interest to do so; for example to keep medical records and treatment history to provide an appropriate service to its patients/clients.
The clinic would be unable to provide a service without this personal data. We collect this data from you and occasionally from other health professionals.
We take security seriously. Data is encrypted, stored in state-of-the-art facilities, access is restricted to those who have a need to know, and we regularly review our technology to maintain security. In the event that there is a breach and your Personal Information that we have collected directly is at risk, you will be notified within 72 hours of discovering the breach. You will be informed of what information is at risk, steps that we have taken to ensure your safety, and what action we are taking to rectify the breach.
The Clinic Director is responsible for keeping secure the information stored on in- house servers or by remote providers and original paper based documents in our secure locked filing cabinets. Our Service Provider undertakes to ensure that their service (and that of any subsequent processor) complies with the requirements of European Union GDPR 2016 and the United Kingdoms DPA 2018. Third party software suppliers undertake to maintain compliance with relevant legislation or regulation and do not themselves use or routinely access data collected by us.
Access to your data is restricted on a need to know basis, typically only our clinicians will have access to sensitive data. All providers including our administrative staff and contracted providers understand their responsibility to ensure that the confidentiality and security of the information we hold is not breached.
All users of your personal data undertake to maintain best practice observing current clinic policies and procedures regarding the security of data whether accessing via in- house devices and networks or remotely using personal devices and internet connections.
The clinic (We) will share your sensitive data with other Clinic health professionals involved in your care or from whom an opinion is sought. We may also share your data with providers of your private health care scheme(s) but would typically seek prior permission from you to disclose in those circumstances.
In exceptional circumstances we may be obliged by law, or for example, to prevent fraud or in a medical emergency to share information with third parties without your permission.
Limited financial and operational data (non sensitive) may be shared by the clinic with statutory bodies, tax authorities and our accountants, auditors, lawyers and other professional advisers
Your personal information may need to be shared with our service providers, which may involve transferring it to countries outside the European Economic Area (EEA). Where we do so, we will ensure that we do this in accordance with current data protection legislation by only transferring your data to jurisdictions in respect of which there is a European commission adequacy decision or, where this is not the case, by using model clauses approved by the European Commission.
The clinic keeps your records securely for a minimum, of 8 years after the date of your last visit to the practice or if under age 16 at the date of your last visit until you reach the age of 25 years.
If we believe our contractual relationship has been violated, if we believe it is necessary to protect our rights or if, for example, the assets of the clinic were to be transferred to another party, or if we purchase any business assets, the clinic may disclose and transfer the data it holds to the prospective seller or purchaser of such business or assets.
The clinic will not lend or sell the data it holds to third parties.
The clinic may however sell the data if it comprises part of the clinics business assets on transfer of the business or its assets to another party.
The clinic does not use data which may be coincidentally collected by providers if you access our web site. www.forestedgeclinic.co.uk
The clinic does not use your data for marketing purposes but may advise you of changes regarding the clinic, its services and products. You can decline to receive this information and communications such as appointment reminders at any time, see below. We may subsequently ask you to confirm your instruction by contacting you for validation.
You have the right to access the information we hold on you, to receive a copy, to correct any errors, to ask us to stop sending you reminders or information, to have us delete your data. For legal reasons the clinic may have to store sensitive data for some time and archive your data removing it from the active database. This is in order to comply with professional standards, legal obligation required of state registered health practitioners and legislation regarding the financial affairs of the clinic
Internet communication, which includes email, is not secure. Encryption of data is possible but protocol varies and the clinic cannot accept any responsibility for data loss or corruption or unauthorised access if internet communication is used. For sensitive data our preferred policy is delivery by surface mail or by hand. If we are asked by you to provide a copy of your data to you or to a third party we will ask you to cover our costs or to accept the risk associated with data transfer over the internet, for which we do not charge.
Any Questions, concerns? Please contact Penny Waller
Email: or tel: 078 8169 7986.
For advice: Information Commissioner. www.ico.org.uk