This privacy notice aims to give you a summary of how Starbuck Sports Therapy collects and processes your personal data during and after your time as a patient under General Data Protection Regulations (GDPR).
The Starbuck Sports Therapy is the controller and responsible for your personal data (collectively referred to as "Starbuck Sports Therapy", "we","us" or "our" in this privacy notice).
Name or title of Data Privacy Manager: Claire-Louise Starbuck, Sports Therapist, Starbuck Sports Therapy, either at Eastleigh Chiropractic Centre, 52 Leigh Road, Eastleigh, Hampshire, SO50 6DT, Tel: 02380 616069 or Awbridge Village Hall, Romsey Road, Awbridge, Hampshire, SO51 0HG, Tel: 07876 671206.
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).
Data Protection Principles
In relation to your personal data, we will comply with data protection law. This says that the personal information we hold for you must be:
Processed fairly, lawfully and in clear, transparent way
Collected only for valid reasons that we find proper for the course of your time as a patient and used in any way that is compatible with those purposes
Only used in the way that we have told you about
Kept accurate and up to date
Kept only as long as is necessary for the purposes we outline
Process it in a way that ensures it will not be used for anything that you are not aware of or have consented to, lost or destroyed
The data we collect about you
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together follows:
Identity Data includes title, first name, last name, date of birth and gender.
Contact Data includes email address, home address, billing address and telephones numbers.
Special Category Data includes information about your health and past medical history. Letters of referral to or from the clinic regarding your treatment with us. Information concerning examination and treatment at your first and subsequent visits.
Financial Data (if required) includes bank account, electronic bank transfers and payment card details.
Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
How is your personal data collected?
We use different methods to collect data from and about including through:
Direct interactions: You may give us your Identity, Contact, Special Category and Financial Data when you become a patient.
Third Parties: We may receive personal data about you from various third parties and public sources as set out below:
Referrers: who may provide us with Special Category data to facilitate your treatment with us.
Purposes for which we will use your personal data
Performance of our contract with you
To register you as a new patient or take steps to register you as a new patient.
To comply with our obligations under our contract, namely to provide you with the necessary and appropriate treatment.
To collect and recover money owed to us.
Legal or regulatory obligation
We also rely on the legal or regulatory obligation ground to process your data in some circumstances.
Change of Purpose
We will only use your personal information for the purpose for which we collected it unless we reasonably consider that we need to use it for another reason and that the reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Conditions under which we process your special category data
To process your special category we rely on the contractual ground and also the special condition which allows health professionals to process the data for the purposes of preventative or occupational medicine, and the provisions of health care treatment.
Disclosures of your personal data
We may have to share your personal data with the parties set out below:
Professional healthcare practitioners including x-rays reporters to report on x-rays, to facilitate a referral, to keep your GP informed, a chiropractor working with us and any locum sports therapist working for us to facilitate your continued treatment.
Service Providers based in UK who provide IT and system administration services.
Professional advisers including lawyers, bankers, auditors, and insurers based in the uk who provide consultancy, banking, legal, insurance and accounting services.
HM Revenue & Customs, regulators and other authorities based in the UK who require reporting of processing activities in certain circumstances.
Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. All information provided will be treated as confidential and data will only be accessible to staff of the clinic only where it is necessary for them to undertake their duties.
We will only retain your personal data securely in either paper files or electronically for as long as you the patient remains a patient of the clinic, and thereafter for a period of eight years. Personal data is stored securely in lockable storage boxes and electronically encrypted on computer on the data controller's persoanl premises. Once we no longer have a lawful use for retaining your information, we will dispose of it in a secure manner that maintains data security.
Your duty to inform us of changes
It is important that the personal data we hold for you is accurate and current. Please keep us informed if your personal information changes during your time as a patient with us.
Your legal rights
Under certain circumstance, you have rights under data protection laws in relation to your personal data.
Request access to your personal information (commonly known as a "data subject access request").
Request correction of the personal information that we hold about you.
Request erasure of your personal information.
Object to processing of you personal information where we are relying on a legitimate interest.
Request the restriction of processing of your personal information.
Request the transfer of your personal information to another party.
Withdraw consent at anytime where we are relying on consent to process your personal data.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). We may charge a reasonable fee for a second or subsequent copy of information or if your request for access is clearly unfounded or excessive. Alternately, we may refuse to comply with the request in such circumstances.
If you would like to exercise any of the above rights, please contact Data Controller in writing at the clinic's address.