The practice aims to meet the requirements of the Data Protection Act 2018, the General Data Protection Regulation (GDPR), the guidelines on the Information Commissioner’s website as well as our professional guidelines and requirements.
The data controller is Maria Hardman, who is also the information Governance Lead and the Data Protection Officer.
This Privacy Notice is available here on the practice website, by email if you contact us and by calling 01865 241661
You will be asked to provide personal information when joining the practice. The purpose of us processing this data is to provide optimum health care to you.
The categories of data we process are:
• Personal data for the purposes of staff and self-employed team member management
• Personal data for the purposes of direct mail/email/text/marketing
• Special category data including health records for the purposes of the delivery of health care
• Special category data including health records and details of criminal record checks for managing employees and contracted team members
When telephoning the practice, you may have your call answered by our answering company, Moneypenny. You will be asked by them to provide your name, date of birth, contact telephone number and email address. The purpose of collecting this data is to enable Clinic 95 to identify you and return your call. The data collected by Moneypenny is transferred to clinic 95 via encrypted email. Data is stored by Moneypenny within the EU. Details of their privacy notice can be found here.
We never pass your personal details to a third party unless we have a contract for them to process data on our behalf and will otherwise keep it confidential. If we intend to refer a patient to another practitioner or to secondary care such as a hospital we will gain the individual’s permission BEFORE the referral is made and the personal data is shared.
• Personal data is stored in the EU whether in digital or hard copy format
• Personal data is obtained when a patient joins the practice, when a patient is referred to the practice and when a patient subscribes to an email list
The lawful basis for processing special category data such as patients’ and employees’ health data is:
• Processing is necessary for the purposes of preventative or occupational medicine, for assessing the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or management of health or social care systems and services on the basis of Union or Member State law or a contract with a health professional
The lawful basis of processing personal data such as name, address, email or phone number is:
• Consent of the data subject
• Processing is necessary for the performance of a contract with the data subject or to take steps to enter into a contract
The retention period for special data in patient records is a minimum of 10 years and may be longer for complex records in order to meet our legal requirements. The retention period for staff records is 6 years. The retention periods for other personal data is 2 years after it was last processed. Details of other retention periods are available in the Record Retention (M 215) procedure available from the practice.
You have the following personal data rights:
• The right to be informed
• The right of access
• The right to rectification
• The right to erasure (clinical records must be retained for a certain time period)
• The right to restrict processing
• The right to data portability
• The right to object
Further details of these rights can be seen in our Information Governance Procedures (M 217C) or at the Information Commissioner’s website. Here are some practical examples of your rights:
• If you ARE a patient of the practice you have the right to withdraw consent for important notifications, newsletters, surveys or marketing. You can inform us to correct errors in your personal details or withdraw consent from communication methods such as telephone, email or text. You have the right to obtain a free copy of your patient records within one month.
• If you are NOT a patient of the practice you have the right to withdraw consent for processing personal data, to have a free copy of it within one month, to correct errors in it or to ask us to delete it. You can also withdraw consent from communication methods such as telephone, email or text.
We have carried out a Privacy Impact Assessment (M 217S) and you can request a copy from the details below. The details of how we ensure security of personal data is in our Security Risk Assessment (M 217M) and Information Governance Procedures (M 217C).
Please contact Maria Hardman at the practice for a comment, suggestion or a complaint about your data processing at our email contact form, or 01865 241661 or by writing to or visiting the practice at 95 West Way, Botley, OX2 9JY. We take complaints very seriously.
If you are unhappy with our response or if you need any advice you should contact the Information Commissioner’s Office (ICO). Their telephone number is 0303 123 1113, you can also chat online with an advisor. The ICO can investigate your claim and take action against anyone who’s misused personal data. You can also visit their website for information on how to make a data protection complaint.
You can also use these contact details to request copies of the following practice policies or procedures:
• Data Protection and Information Security Policy (M 233-DPT), Consent Policy (M 233-CNS)
• Privacy Impact Assessment (M 217S), Information Governance Procedures (M 217C)
At Clinic95.com we are dedicated to protecting your data and privacy.
We recognize that your privacy is important. This document outlines the types of personal information we receive and collect when you use Clinic95.com, as well as some of the steps we take to safeguard information. This will help you make an informed decision about sharing personal information with us.
Clinic95.com strives to maintain the highest standards of decency, fairness and integrity in all our operations. Likewise, we are dedicated to protecting our customers' and online visitors' privacy on our website.
Clinic95.com uses information from Google Analytics to track the number of visits to the website, browsers and operating systems. No personally identifiable information is obtained from these cookies. We use the information that Google Analytics generates relating to our website to create reports about the use of the site. These reports allow us to update the site and improve your usage of it.
If you do not wish your data to be collected via Google Analytics, you can install its opt-out browser extension or add-on here.
You can set your browser to accept or refuse all cookies automatically, or notify you when a cookie is being requested. Taking this action should not cause a problem with the continued use of our site. Consult the Help section of your browser for guidance on how to refuse all cookies or to notify you when a cookie is requested.
If you choose to refuse Clinic95.com's cookies, you may not be able to fully experience the interactive features of the site.
Clinic95.com may collect and use your personal information for the following purposes:
• To run and operate our site.
• To display content on the site correctly.
• To improve customer service.
• To help us respond to your customer service requests and support needs more efficiently.
• To personalize your user experience.
• To understand how our users as a group use the services and resources provided on our site.
• To improve our site.
• To improve our products and services.
• To run a promotion, contest, survey or other site feature.
• To send information to you that you agreed to receive about topics we think will be of interest to you.
• To send periodic emails, which may include electronic newsletters and/or autoresponder series of emails.
• To respond to your enquiries, questions, and/or other requests.
Clinic95.com may collect personally identifiable information from you in a variety of ways, including, but not limited to, when you visit our site, register on the site, or fill out a form, and in connection with other activities, services, features or resources we make available on our site.
If you complete a form, we will require your name and your email address, and will ask for information relevant to the purpose of the form.
You can always refuse to supply personally identifiable information and visit our site anonymously. However, it may prevent you from engaging in certain site-related activities.
If we make material changes in the collection of personally identifiable information, we will inform you by placing a notice on our site. We will use personal information received from you for internal purposes only and will not sell it or provide it to third parties.
We also collect each visitor's IP address, which helps us combat spam and fraud. We do not use IP addresses for any other purpose.
Clinic95.com contains links to other websites that may be of interest to you. However, once you have used them to leave our site, we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information you provide while visiting such sites. These sites are not governed by this privacy statement. Always exercise caution by reviewing the privacy statement of the website in question before continuing to use it.
We may collect non-personally identifiable information about you whenever you interact with our site. Non-personally identifiable information may include the browser name, the type of computer and technical information about your method of connecting to our site, such as the operating system and the Internet service provider you used, and other similar information.
This website is directed to adults. It is not directed to children under the age of 16. We operate our site in compliance with current regulations. Anyone under the age of 16 must provide parental consent to use this site. We do not knowingly collect or use personally identifiable information from anyone under 16 years of age.
If we sell Clinic95.com, the information we have obtained from you through your voluntary participation in our site may transfer to the new owner as a part of the sale so that the service provided to you may continue. In that event, you will receive notice through our website of that change in control and practices, and we will make reasonable efforts to ensure that the purchaser honors any opt-out requests you might make.
Personally identifiable information and non-personally identifiable
information collected by this site is stored on our host's servers. That
host is SiteSell Inc., located at 1000 Saint-Jean Boulevard, Suite 702,
Pointe-Claire, QC H9R 5P1 Canada.
If you wish to review your information stored on the SiteSell servers for Clinic95.com, please contact us.
to protect your personally identifiable information. If you have
submitted personally identifiable information through our website and
would like to update that information or have it deleted from our
records, please contact us.
Clinic95.com reserves the right to make changes in this policy. If there
is a material change in our cookie and privacy practices, we will
indicate on our site that those practices have changed and provide a
review this policy so that you will know what information we collect and
how we use it.
Last updated: 25th May 2018