Privacy Policy for BAC Health
At BAC HEALTH, accessible from www.bachealth.co.uk, one of our main priorities is the privacy of our visitors. This privacy policy page informs you of our privacy policy regarding the collection, processing and other use of personal information/data under the Data Protection Act 1998 (“DPA”) and the General Data Protection Regulations (“GDPR”) when using BAC health and www.bachealth.co.uk. BAC Health takes your privacy seriously. By accepting our Privacy Policy when booking you also agree to accepting our Terms & conditions. If you need to contact us you can do so by emailing info@bachealth.co.uk at any time.
BAC Health legal basis for collecting and using the personal information described in this Privacy Policy depends on the Personal Information we collect and the specific context in which we collect the information:
BAC Health needs to perform a contract with you
You have given BAC Health permission to do so
Processing your personal information is in BAC Health legitimate interests
BAC Health needs to comply with the law
BAC Health will retain your personal information only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your information to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our policies.
If you are a resident of the European Economic Area (EEA), you have certain data protection rights. If you wish to be informed what Personal Information we hold about you and if you want it to be removed from our systems, please contact us.
In certain circumstances, you have the following data protection rights:
The right to access, update or to delete the information we have on you.
The right of rectification -you have a right to correct data that we hold about you that is inaccurate or incomplete.
The right to object- you have the right to object to certain types of processing such as direct marketing.
The right of restriction or processing - where certain conditions apply you have a right to restrict the processing.
The right to data portability - you have the right to have the data we hold about you transferred to another organisation.
The right to withdraw consent
In the event that BAC Health refuses your request under rights of access, we will provide you with a reason as to why, which you have the right to legally challenge. At your request BAC Health can confirm what information it holds about you and how it is processed.
Personal Information Collection and use
When booking at BAC Health we will collect certain personally identifiable information on this website only if it is directly provided to us by you the user, and therefore has been provided by you with your consent. Personally identifiable information may include, but is not limited to, your email address, name, phone number, date of birth, postal address. This data is held securely and is not shared with any third party organisations.
We also use analytical and statistical tools that monitor details of your visits to our website and the resources that you access, including, but not limited to, traffic data, location data, weblogs and other communication data (but this data will not identify you personally).
Medical information collection and use:
For the purposes of providing treatment, BAC HEALTH requires detailed medical information. We need to collect personal information about your health to provide you with the best possible treatment. Your requesting treatment and our agreement to provide treatment constitutes a contract.You may refuse to provide information, but if you were to refuse, we would not be able to provide any treatment. We will only collect what is relevant and necessary for your treatment. When you visit our practice, we will make notes which may include details concerning your medication, treatment and other issues affecting your health. This data is always held securely, and is not shared with anyone not involved in your treatment.
To be able to process your personal data it is a condition of any treatment that you give your consent to allow our Osteopaths to document and process your personal medical data. Contact details provided by you such as telephone numbers, email addresses, postal addresses may be used to remind you of future appointments and provide reports or other information concerning your treatment. We have “legitimate interest” in collecting this information, without doing so we would not be able to do our job safely and effectively.
As part of our obligations as primary healthcare practitioners there may be circumstances related to your treatment, on-going care or medical diagnosis that will require the sharing of your medical records with other healthcare practitioners e.g GPs, consultants, surgeons and / or medical insurance companies. Where this is required we will always gain your consent and inform you first unless we are under a legal obligation to comply.
We will never share your data with anyone who does not need access without your written consent. Only the following people/agencies will have routine access to your data: Cliniko who store and process our files, they have their own privacy policy and we do not take fault for them. Your practitioner in order to provide you with safe effective treatment. Our reception staff, as they organise our diary and coordinate appointment reminders (they do not have access to any medical information, notes or sensitive information)
We do not use or disclose sensitive personal data, such as race, religion, or political affiliations, without your explicit consent.
Use and retention of your Information
The information that we collect and store relating to you is primarily used to enable us to provide our services to you, and to meet our contractual commitments to you. In addition, we may use the information for the following purposes:
To notify you about any changes to our website, such as improvements or service/product changes, that may affect our service;
If you are an existing customer, we may contact you with information about goods and services similar to those that were the subject of a previous sale to you;
To send monthly e-newsletters, where you can opt to unsubscribe.
Where you have consented to receive such information, to provide information on other parties’ products or services that we feel may be of interest to you;
BAC HEALTH will process personal data during the duration of any treatment and continue to store only the personal data needed for eight years after the contract has expired to meet legal obligations. After eight years all personal data will be deleted unless basic information needs to be retained by us to meet our future obligations to you, such as erasure details. Records concerning minors who have received treatment will be retained until the child has reached the age of 25.
Cliniko Online Notes
BAC Health stores all patient records on Cliniko, a cloud based solution located in Australia. Cliniko has signed a contract with this practice to protect patient data subject rights in accordance with GDPR. Access to this data is password protected, and the passwords are changed regularly.
Rights requests and access
The DPA and GDPR give you the right to access information held about you by us. Please contact us by email if you wish to request confirmation of what personal information we hold relating to you - info@bachealth.co.uk.
There is no charge for requesting that we provide you with details of the personal data that we hold. We will provide this information within one month of your requesting the data.
BAC Health will require three forms of identification when personal data is requested. This can be any of the following: a copy of your driving licence, passport, birth certificate, a utility bill issued within the last three months from the request. A minimum of one piece of photographic ID listed above and a supporting document is required.
Disclosure
The Osteopaths will keep your personal information safe and secure, only staff engaged in providing your treatment will have access to your patient records, although our administration team will have access to your contact details so that they can make appointments and manage your account. The Osteopaths will not disclose your Personal Information unless compelled to, in order to meet legal obligations, regulations or valid governmental requests. The practice may also enforce its Terms and Conditions, including investigating potential violations of its Terms and Conditions to detect, prevent or mitigate fraud or security or technical issues; or to protect against imminent harm to the rights, property or safety of its staff.
Security
The security of your personal information is important to us however, remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. Although we will do our best to protect your personal data, we cannot guarantee the security of data while you are transmitting it to our site; any such transmission is at your own risk. As such we make no warranties as to the level of security afforded to your data, except that we will always act in accordance with the relevant UK and EU legislation.
You might find links to third party websites on our website. These websites should have their own privacy policies, which you should check. We do not accept any responsibility or liability for their policies whatsoever as we have no control over them.
Third Party Privacy Policies
BAC HEALTH 's Privacy Policy does not apply to other advertisers or websites. Thus, we are advising you to consult the respective Privacy Policies of these third-party ad servers for more detailed information. It may include their practices and instructions about how to opt-out of certain options.
You can choose to disable cookies through your individual browser options. To know more detailed information about cookie management with specific web browsers, it can be found at the browsers' respective websites.
Children's Information
Another part of our priority is adding protection for children while using the internet. We encourage parents and guardians to observe, participate in, and/or monitor and guide their online activity.
BAC HEALTH does not knowingly collect any Personal Identifiable Information from children under the age of 13. If you think that your child provided this kind of information on our website, we strongly encourage you to contact us immediately and we will do our best efforts to promptly remove such information from our records.
Log data
In common with other websites, log files are stored on the web server saving details such as the visitor’s IP address, browser type, referring page and time of visit. Cookies may be used to remember visitor preferences when interacting with the website. In addition, we may use third party services such as, but not limited to, Google Analytics that collect, monitor and analyse this type of information in order to increase the functionality of www.bachealth.co.uk. The information is used to optimise the users' experience by customising our web page content based on visitors' browser type and/or other information.These third party service providers have their own privacy policies addressing how they use such information, all in accordance with GDPR.
BAC HEALTH follows a standard procedure of using log files. These files log visitors when they visit websites. All hosting companies do this and a part of hosting services' analytics. The information collected by log files include internet protocol (IP) addresses, browser type, Internet Service Provider (ISP), date and time stamp, referring/exit pages, and possibly the number of clicks. These are not linked to any information that is personally identifiable. The purpose of the information is for analysing trends, administering the site, tracking users' movement on the website, and gathering demographic information.
How the information is used
The information is used to enhance the visitor’s experience when using the website to display personalised content and possibly advertising. Personal data collected by BAC Health will not be sold, brokered, rented or leased to 3rd parties. We ensure our data protection fee to the Information Commissioner’s Office is paid annually.
Changes to this Policy
We may update these policies to reflect changes to the website and customer feedback. Please regularly review these policies to be informed of how we are protecting your personal data.
Communications
We may use your personal information to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. We use Mailchimp to coordinate our messages, meaning your name and email address may be saved on their server. You will be asked to opt in or out of this service on your first visit to BAC Health. You may later opt out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any email we send. You may also be sent appointment reminders by SMS and appointment booking confirmations by e-mail. Please contact BAC Health directly if you would like to opt out of this.
Consent
By using our website, you hereby consent to our Privacy Policy and agree to its terms. You can withdraw consent at any time by using emailing us at info@bachealth.co.uk