The Waldegrave Clinic is aware of its obligations under the General Data Protection Regulation (GDPR) and is committed to protecting the privacy and security of your personal information. This privacy notice describes, in line with GDPR, how we collect and use personal and health data about you during and after your time as a patient of this clinic. It also sets out how we use that information, how long we keep it for and other relevant information about your data.
Data Controller Details
The clinic is a data controller meaning that it determines the processes to be used when recording and using your personal and sensitive health data. We take the protection of this data very seriously and your first point of contact for any matters regarding your data we should be the Practice Director, Rikke Greenway. She can be contacted on 020 8943 2424 or by email: firstname.lastname@example.org and the postal address is Waldegrave Clinic, 82 Waldegrave Road, Teddington TW11 8NY.
The Personal Data We Process and What We Do With It
We record and use the following categories of personal data: name, address, telephone numbers, email address, date of birth and occupation. We also record and use sensitive health data including medical history, diagnosis, treatment and outcome data, and where relevant medical test results, X-rays and referral letters.
Our lawful basis for processing this data is one of contract with you (your requesting treatment and our agreement to provide it constitutes a contract), which will include appointment reminders, informing your of changes to appointments and clinic information, and changes to facilities or services at the clinic. We will also use your health data in order to provide you with the best possible treatment which would be in your best interest.
In addition, we will only examine or treat you with your explicit consent.
As we process your personal data, you have certain rights. These are a right of access, a right of rectification, a right of erasure and a right to restrict processing.
You may request a copy of your data at any time. Please make such a request in writing or by email to the Practice Director, whose details are shown above. We will need to verify your identity so we may ask for a copy of your passport, driving license and/or recent utility bill.
If you believe any of the personal data we hold on you is inaccurate or incomplete, please contact the clinic directly and any necessary corrections to your data will be made promptly.
If you believe we should erase your data or if you wish us to stop storing or using your data, please contact the Practice Director, whose details are shown above.
How We Collect Your Data and Keep It Secure
We collect data about you in a variety of ways and this will usually start when you make an enquiry to the clinic and continue when you attend your first and subsequent appointments. At this clinic, we keep paper and electronic records. Information we write down on paper may be transferred to our electronic system.
Your data is kept in the clinic in a paper format in lockable filing cabinets and/or on our password protected IT system.
Retaining Your Personal Data
Whilst you are receiving treatment from our clinic we will continue to store and use your personal data. Once you have been discharged, we will be required to retain your personal data for a minimum of 8 years (or until 25th birthday if a child).
Sharing your data
Your data may be shared with colleagues within the clinic but only where it is necessary for them to undertake their duties. This includes, for example, other practitioners working for, at or on behalf of the clinic, reception and administrative staff. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
We may share your data with third parties in order to facilitate a referral to another healthcare practitioner, investigation or to keep your GP or insurance company informed about your progress with treatment.
Should your personal data that we control be lost, stolen or otherwise breached, where this constitutes a high risk to your rights and freedoms, we will contact you without delay. We will give you the contact details of the Practice Director who is dealing with the breach, explain to you the nature of the breach and the steps we are taking to deal with it.
Should You Wish To Complain
You can contact the Information Commissioner’s Office (ICO) via their website: www.ico.org.uk should you wish to make a complaint about the way we are processing your personal data.
Automated Decision Making and Profiling
We do not use any system which uses automated decision making or profiling in respect of your personal data.