Privacy Polcy

What data we collect

We collect various personal information to enable us to provide you with the best possible care.  This includes the following:

  • Information you provide when you first come to FIX; specifically email address, phone number, first name and last name, address, GP details and medical history.
  • Information generated throughout your treatment; including treatment notes and medical alerts.
  • Your marketing preferences.
  • Information you share with us in connection with surveys, contests or promotions.

How we use your data

When you supply your personal details to this clinic, they are stored and processed for the following reasons:

  • Provision of services. We need to collect personal data about your health in order to provide you with the safest and highest possible standards of care. Your requesting treatment and our agreement to provide that care constitutes a contract. You can, of course, refuse to provide the information, but if you were to do that we would not be able to provide treatment.  We have a ‘Legitimate Interest’ in collecting your personal data, because without it we couldn’t do our job effectively or safely.
  • Communicating with you. We also think that it’s important to be able to contact you in order to confirm you appointments with us or update you on matters related to your medical care. This again constitutes ‘Legitimate Interest’ but this time it is your legitimate interest.
  • Marketing and promotions. Provided we have your consent, we may occasionally send you general health information in the form of newsletters, articles or advice. You may withdraw this consent at any time, by contacting us or by following the unsubscribe instructions in such communications.  We may also contact you to promote our services and send you tailored marketing communications about services, offers, programs and promotions at FIX and measure the success of those campaigns. For example, we may send marketing communications to you based on what we think may interest you based on other information we hold about you.

How we store your data

We have a legal obligation to retain your records for 8 years after your most recent appointment (or until age 25, if this is longer) but after this period you can ask us to delete your records if you wish. Otherwise, we will retain your records indefinitely so that we can provide you with the safest and best possible care should you need to see us at some future date.

Your records are stored:

  • On paper; in locked filing cabinets and the offices are always locked out of hours.
  • Electronically; using a specialist medical records service. This provider has given us their assurance that they are fully compliant with the General Data Protection Regulations. Access to this data is protected by password and 2-part authentication.
  • On our office computers; these are password protected, passwords are changed regularly and the offices are locked out of office hours.

Who will have access to your data

We will never share your data with anyone who doesn’t need access without your written consent. Only the following people/agencies will have routine access to your data:

  • Your practitioner(s) in order to provide you with treatment
  • The medical records service who store and process our files
  • Our reception staff, because they organise the practitioner’s diaries, and coordinate appointments and reminders (but will not have access to your medical history or sensitive personal information)
  • Other administrative staff (such as our bookkeeper). Again, administrative staff will not have access to your medical notes, just your essential contact details. We also use Mailchimp to coordinate some of our communications, so your name and email address may be saved on their server.

From time to time, we may have to employ consultants to perform tasks which may give them access to your personal data (but not your medical notes). We will ensure that they are fully aware that they must treat this information as confidential, and we will ensure that they sign a non-disclosure agreement.

Your rights

We want you to be absolutely confident that we are treating your personal data responsibly, and that we are doing everything we can to make sure that the only people who can access that data have a genuine need to do so.

You have a right to see what personal data of yours we hold, and to request us to correct any factual errors. Provided the legal minimum period has elapsed, you can also ask us to erase your records. If you feel that we are mishandling your personal data in some way, you have the right to complain.

Access requests, amendments, requests to delete records, and complaints need to be sent to what is referred to as the “Data Controller”. Here are the details you need for that:

Helen O’Neill

11 Penny Brookes St, East Village, E20 1BN.

If you’re not happy with how we are processing your personal data, please let us know by sending an email to the above address. We will review and investigate your complaint, and try to get back to you within a reasonable time frame. You can also complain to the Information Commissioner’s Office, or your local data protection agency. They will be able to advise you how to submit a complaint.