As part of the new GDPR regulations I have updated my privacy policy.
However in short, the data collected is for the purposes of your treatment and for communication directly with you for treatment or booking purposes. I do not share your data with 3rd parties unless legally obliged, and do not use your data for marketing purposes. You are free to ask at any time for all data to be destroyed or dealt with however you wish. The first part of the statement refers to the website, there is also a section relating to patient details.
Who we are
Our website address is: http://www.debbiesmithacupuncture.co.uk.
What personal data we collect and why we collect it
Comments
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.
Media
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Contact forms
Cookies
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.
Analytics
Who we share your data with
I will never share your data with a third party nor any other individuals
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where we send your data
Visitor comments may be checked through an automated spam detection service.
Your contact information
Your contact information will only be used to inform you of my services. You can unsubscribe at any time from the mailing list, by clicking the ‘unsubscribe’ on the button on any of my emails or news letters.
Additional information
How we protect your data
Data is stored on a password protected computer, with all your details encrypted.
What data breach procedures we have in place
In the unlikely event of a breech in security, the ICO (Information Commissioner) will be informed immediately upon discovery of the breach
What third parties we receive data from
I do not receive any third party data
What automated decision making and/or profiling we do with user data
When someone visits our website we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. If we do want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it.
Patients, prospective patients, former patients and visitors to my clinic
Debbie Smith Acupuncture will only use your name, address, telephone number and email address to make and rearrange appointments. We are unable to send or receive encrypted emails so you should be aware that any emails we send or receive may not be protected in transit. We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send us is within the bounds of the law.
For tax purposes and to secure potential evidence in the event of a criminal prosecution, civil litigation, insurance claim or complaint to my regulatory body, the British Acupuncture Council, I will keep a permanent attendance register which records all appointments for patients attending my clinic to keep a record of when you were treated
I may use your date of birth to help identify patients with the same name to avoid mistakes being made as to safe and appropriate treatment, for identification purposes if referring a patient to another health practitioner, and for identification purposes if writing to a registered medical practitioner so that they correctly identify the patient.
I will use your presenting complaint and symptoms reported by you and use the clinical findings about your health and wellbeing for the purposes of making a full traditional diagnosis, formulating treatment strategy and treatment planning.
I may use any relevant medical, family history and information of the patient form you have told us for making a full traditional diagnosis, formulating treatment strategy and treatment planning.
I may use your GP’s name and address in the event that we need to contact your GP including in an emergency and because it is a mandatory requirement in the British Acupuncture Code of Professional Conduct. This is done with additional requested consent
I keep a record of and refer to that record of any treatment given and details of progress of your case, including reviews of treatment planning to enable us to: review the full traditional diagnosis, treatment strategy and planning; and to secure evidence in the event of criminal proceedings, civil litigation, an insurance claim or complaint.
I record and use any information and advice that has been given, especially when referring patients to any other health professional, to help you to receive the most appropriate treatment and to secure evidence in the event of criminal proceedings, civil litigation, an insurance claim or complaint.
I record any decisions made in conjunction with you to help you to receive the most appropriate treatment and to secure evidence in the event of criminal proceedings, civil litigation, an insurance claim or complaint.
I keep accident records for any patients, visitors or staff who are involved in accidents at our clinic in accordance with UK Health and Safety legislation including the Reporting of Injuries, Diseases and Dangerous Occurrences Regulations (RIDDOR) to comply with the law and to secure evidence in the event of criminal proceedings, civil litigation, an insurance claim or complaint.
In the event of an adverse incident occurring to any patient I will report the matter to the British Acupuncture Council and then my insurance company to enable the insurance company to deal with any potential claims and to help the British Acupuncture Council to develop its safe practice guidelines, as well as providing research data and information for the BAcC’s insurers and other interested parties.
Where relevant I will maintain records of the patient’s consent to treatment, or the consent of their next-of-kin in order to be able to prove that the patient (and/or parent/guardian/next of kin) has given informed consent to treatment to secure evidence in the event of a civil claim, criminal prosecution, insurance claim or complaint.