General Data Protection Regulation (GDPR) Notice

At Kenilworth Chiropractic Clinic we take your privacy seriously and will only use your personal information to administer your account and to provide you with the products and services that you have requested from us. Under data protection law, as a client or prospective client of Kenilworth Chiropractic Clinic, you have specific rights. To communicate these rights to you in a clear and concise manner, we are providing you with this privacy notice.

Who We Are

We are Kenilworth Chiropractic Clinic, telephone number 01926 865985, email address gdpr@kenilworthchiropractic.co.uk. For the purposes of processing your personal data, we are the controller.

Data Protection Officer

As we record and use sensitive health data we take the protection of this data very seriously. We have therefore appointed a Data Protection Officer, Technology Tamed Limited, which is your first point of contact for any matters regarding your personal data we process. They can be contacted on 01787 881475, their email address is kenilworthchiropractic@technologytamed.com and their postal address is The Stour Valley Business, Centre, Brundon Lane, Sudbury, CO10 7GB.

The Personal Data We Process and What We Do with It

We record and use the following categories of personal data: name, address, telephone numbers, email address, date of birth, health information including medical history, diagnosis and treatment data. Our lawful basis of processing this data is one of contract and, for the health information, the provision of health-related services as a chiropractic clinic.

Sharing your Personal Data

We only share your personal data with your explicit consent, where, for example, we need to contact a third party, such as a consultant or GP, and give them your contact details in order for you to have further investigations or tests. Where third parties are used by us to store your personal data, we ensure they are compliant with the data protection law.

Retaining Your Personal Data

Whilst you are receiving treatment from our clinic we will continue to store and use your personal data. We will only examine or treat you with your explicit consent. Once you have been discharged, we are required to retain your personal data for a minimum of 8 years.

Your Rights

As we process your personal data, you have certain rights. These are a right of access, a right of rectification, a right of erasure and a right to restrict processing.

You may request a copy of your data at any time. Please make such a request in writing or by email to the Data Protection Officer, whose details are shown above. Please provide the following information: your name, address, telephone number, email address and details of the information you require. We will need to verify your identity so we may ask for a copy of your passport, driving license and/or recent utility bill. If you believe any of the personal data we hold on you is inaccurate or incomplete, please contact the clinic directly and any necessary corrections to your data will be made promptly. If you believe we should erase your data, please contact the Data Protection Officer, whose details are shown above. If you wish us to stop storing or using your data, please contact the Data Protection Officer, whose details are shown above.

Data Breaches

Should your personal data that we control be lost, stolen or otherwise breached, where this constitutes a high risk to your rights and freedoms, we will contact you without delay. We will give you the contact details of the Data Protection Officer who is dealing with the breach, explain to you the nature of the breach and the steps we are taking to deal with it.

Should You Wish to Complain

You can contact the ICO via their website: www.ico.org.uk should you wish to make a complaint about the way we are processing your personal data.

Automated Decision Making and Profiling

We do not use any system which uses automated decision making or profiling in respect of your personal data.