Privacy Policy

Privacy Policy – Effective Date: 01/01/2024

At Chingford Osteopathy, we are committed to protecting your privacy and ensuring that your personal data is handled securely, transparently, and in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and Care Quality Commission (CQC) standards. This Privacy Policy explains how we collect, use, store, and share your personal information.

Who We Are

Chingford Osteopathy is a healthcare provider offering osteopathic and complementary therapies. We are registered with the Information Commissioner’s Office (ICO), and our registration number is Z2753205. If you have any questions about this policy, you can contact us:
Contact Information:
Email: reception@chingfordosteopathy.com
Phone: 0208 529 0815
Address: 22 Station Road, Chingford, E4 7BE

What Information We Collect

We may collect the following types of personal data:
Personal Details: Name, date of birth, address, phone number, email address, and emergency contact details.
Medical Information: Medical history, symptoms, diagnosis, treatment records, prescriptions, and referral information from other healthcare providers.
Payment Information: For billing purposes (if applicable).
Appointment Details: Date, time, and type of appointments.
Feedback and Complaints: Any feedback, complaints, or queries submitted to the practice.

How We Use Your Information

We use your personal data for the following purposes:
To Provide Care: To assess, diagnose, and treat your condition and to deliver safe and effective healthcare services.
Administrative Purposes: To manage appointments, issue invoices, and ensure efficient practice operations.
Legal and Regulatory Compliance: To meet our obligations under the CQC and other healthcare regulations.
Communication: To contact you about appointments, follow-ups, or feedback.
Service Improvement: To audit and review services for quality improvement (anonymised where appropriate).

Lawful Basis for Processing Data

We process your personal data under the following lawful bases:
Consent: For specific activities, such as sending newsletters or reminders.
Contract: To fulfil our contractual obligations when providing treatment and care.
Legal Obligation: To comply with CQC regulations, safeguarding laws, and other legal requirements.
Legitimate Interests: To improve our services and respond to patient inquiries.

Sharing Your Information

We only share your personal data when necessary and in compliance with GDPR:
Healthcare Providers: With your consent, we may share information with your GP, specialist consultants, or other healthcare practitioners involved in your care.
Regulators: We may provide data to the CQC or other authorised bodies during inspections or audits.
Third-Party Service Providers: For operational purposes, such as IT support or payment processing (all providers are GDPR-compliant).
Legal Requirements: If required by law, such as for safeguarding concerns or court orders.

How We Protect Your Information

We take the following measures to ensure your data is secure:
Access Control: Only authorised staff can access patient records.
Data Encryption: All digital records are encrypted and stored securely.
Secure Physical Storage: Paper records (if used) are stored in locked cabinets within secure premises.
Regular Audits: Periodic reviews of data protection policies and practices.

How Long We Retain Your Information

We retain personal data for as long as necessary to provide healthcare services and meet legal obligations. Typically, medical records are retained for:
Adults: Eight years after the last treatment.
Children: Until the patient’s 25th birthday or eight years after their last treatment, whichever is longer.
After these periods, data is securely destroyed.

Your Rights

Under the GDPR, you have the following rights:
Access Your Data: Request a copy of the personal data we hold about you.
Correct Your Data: Ask us to rectify any inaccurate or incomplete information.
Erase Your Data: Request the deletion of your personal data (subject to legal and regulatory requirements).
Restrict Processing: Ask us to limit how your data is used.
Data Portability: Request the transfer of your data to another organisation.
Withdraw Consent: Where we rely on consent, you can withdraw it at any time.
Complain: Lodge a complaint with the ICO if you believe we have mishandled your data.
To exercise your rights, contact us at [Insert Email Address].

Cookies and Website Use

Our website may use cookies to enhance user experience and analyse site traffic. For more details, please refer to our Cookie Policy.

Changes to This Policy

We may update this Privacy Policy periodically. The latest version will always be available on our website or at the practice.

Contact Us
If you have any concerns about how your data is handled, please don’t hesitate to contact us:
Email: reception@chingfordosteopathy.com
Phone: 0208 529 0815
Address: 22 Station Road, Chingford, E4 7BE