GDPR
Privacy Notice for Health Matters For
You
The General Data Protection Regulation (GDPR), which is EU wide and
more extensive than its predecessor the Data Protection Act,
along
with the Privacy
and Electronic Communications Regulations (PECR), seek to protect
and enhance the rights of EU data subjects. These rights
cover the safeguarding of personal data, protection against
the unlawful processing of personal data and the unrestricted
movement of
personal data within the EU and its
storage within the EEA.
Personal
Data
For the purposes of providing treatment, I normally require
detailed health, wellbeing and medical information. I will only
collect what is relevant and necessary for your treatment. When you
visit any one of my practices, I will take detailed case history
notes, which normally include information on your symptoms,
lifestyle, health and wellbeing as well as any medication and
treatment. Notes are hand written and will always be stored
securely, they are not shared with anyone not involved in your
treatment. Contact details provided by you such as telephone
numbers, email addresses, postal addresses may be used to remind
you of future appointments and provide reports or other information
concerning your treatment. As part of my obligation as a healthcare
practitioners there may be circumstances related to your treatment,
on-going care or medical diagnosis that will require the sharing of
your medical records with other healthcare practitioners e.g. GPs,
consultants and/or medical insurance companies. Where this is
required I will always inform you first unless I am under a legal
obligation to comply.
For those who have clearly indicated an interest in attending the
Health and Wellbeing talks, I will keep the contact details you
have agreed to provide such as telephone numbers, email addresses
and postal addresses. I will normally use your email address
to send you a reminder about the programme of topics and details of
the next talk. Your contact details will always be stored
securely and not shared with anyone.
Consent
Through agreeing to this privacy notice you are consenting to me
securely holding your personal data for the purposes outlined
above. However, you can withdraw consent at any time by using the
email address or telephone number provided at the end of this
Privacy Notice. Your personal information will be kept safe and
secure and only I will normally have access to your records.
However, for patients I see in my London clinic, the reception
staff at the Polyclinic will have access to your contact details so
that they can make appointments and send you
reminders.
I will not disclose your personal information unless compelled to,
in order to meet legal obligations, regulations or valid
governmental requests.
Retention Policy
I will hold personal data throughout the duration of any treatment
and will continue to store the data for a further eight years to
meet any legal obligations. After eight years all personal data
will be destroyed, unless basic information needs to be retained to
meet my future obligations to you, such as erasure details. Records
concerning minors who have received treatment will be retained
until the child has reached the age of 25.
Data storage
All Data is held
in the United Kingdom. I do not store personal data outside the
EEA.
Your rights as a data subject
At any point whilst in possession of your personal data you have
the following rights:
●
Right of access – you have the right to request a copy of the
information that I hold about you.
●
Right of rectification – you have a right to correct data that I
hold about you that is inaccurate or
incomplete.
●
Right to be forgotten – in certain circumstances you can ask for
the data I hold about you to be erased from our
records.
●
Right to restriction of processing – where certain conditions apply
you have a right to restrict the processing.
●
Right of portability – you have the right to have the data I hold
about you transferred to another
organisation.
●
Right to object – you have the right to object to certain types of
processing such as direct marketing.
In the very unlikely event that I refuse your request under rights
of access, I will provide you with a reason as to why, which you
have the right to legally challenge. At your request I can confirm
what information I hold about you and how it is
processed.
You can request the following information:
●
My contact details.
●
The purpose of any processing as well as the legal basis for
processing.
●
The categories of personal data collected and
stored.
●
Recipient(s) or categories of recipients that the data is/will be
disclosed to.
●
How long the data will be stored.
●
Details of your rights to correct, erasure, restrict or object to
such processing.
●
Information about your right to withdraw consent at any
time.
●
How to lodge a complaint with the supervisory authority
(ICO).
●
The source of personal data if it wasn’t collected directly from
you.
To access what personal data is held
Identification will be required for you to have access to your
personal data: a copy of your driving licence or passport or birth
certificate and a utility bill not older than three months. A
minimum of one piece of photographic ID listed above and a
supporting document is required. All requests should be made to
Brian Isbell using the contact details provided
below.
Complaints
In the event
that you wish to make a complaint about how your personal data is
being held or used you have the right to complain to me. If you do
not get a response within 30 days, you can complain to the
Information Commissioner’s Office ( ico.org.uk
)
My contact details are:
Brian
Isbell
Telephone 07891 095648 or email:
brianeisbell@gmail.com