Privacy Policy

Privacy Policy Version 1.2 Updated: 03.03.2020

Maintaining your privacy and your trust is very important. We strive to be especially clear on how we use your personal information if and when we collect it, and on the ways in which we can work together to protect your privacy.

This document is for compliance with the Data Protection & Privacy legislation.

This Privacy Policy explains the:

  • Identity and contact information of the data controller
  • Legitimate interests of the data controller or third party (if applicable)
  • Purpose of the processing and the lawful basis for the processing
  • Categories of personal data to be processed
  • Details of whether personal data came from direct or indirect sources
  • Recipients or categories of recipients of the personal data
  • Details of data transfers to a third country and safeguards
  • Length of time personal data is processed and any criteria used to establish the length of time the data is processed
  • Data Subject’s Rights (Your rights)
  • Right to complain to the supervisory authority/regulator
  • Details of any part of a statutory or contractual requirement and possible consequences of failing to provide the personal data
  • The existence of any automated decision making, including profiling and information about how decisions are made

What products and services are covered by this policy?

This Privacy Policy applies to the information that we may obtain from you directly, through referrals from you or through your use of our website(s), collectively called the “Services”. If you have any questions or need more information about these Services, please contact us at the email address in the section below.

Data ControllerFor the purposes of the data protection & privacy legislation the Data Controller is: James Maufe

James Maufe (“I”,”we,” “us,” “our”)

Legal Status: Sole Trader

Trading as: The Healthpraxis

Postal Address: 1St Floor, 27 Castle Street, Barnstaple, EX31 1DR

Email: thehealthpraxis@outlook.com

Purpose and legitimate interest.

How do we use the information we collect?

We may use the information we collect for a variety of purposes, including to:

  • provide you with the services or information that you have asked for;
  • keep a record of your relationship with us
  • send you correspondence and communicate with you in relation to our services;
  • meet our legal obligations;
  • protect your vital interests;
  • respond to or fulfill any requests, complaints or queries that you may have;
  • Share your data with other parts of the health system such as local hospitals, GPs, social workers, and other health and care professionals, if required or if you consent;
  • understand how we can improve our services or information;
  • generate reports on our work and service; safeguard our staff and contractors.

Lawful Basis of Processing:

Lawful Basis of Processing General Personal Data:

(1) The data subject has given consent to the processing of his or her personal data for one or more specific purposes. 

(2) Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

(3) Processing is necessary for compliance with a legal obligation to which the controller is subject. 

(4) Processing is necessary in order to protect the vital interests of the data subject or of another natural person. 

(5) Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

Lawful Basis of Processing Special Category (if applicable)

(1) the data subject has given explicit consent to the processing of those personal data for one or more specified purposes, except where Union or Member State law provide that the prohibition referred to in paragraph 1 may not be lifted by the data subject;

(2) processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law in so far as it is authorised by Union or Member State law or a collective agreement pursuant to Member State law providing for appropriate safeguards for the fundamental rights and the interests of the data subject;

(3) processing is necessary to protect the vital interests of the data subject or of another natural person where the data subject is physically or legally incapable of giving consent;

(4) processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity;

(5) processing is necessary for reasons of substantial public interest, on the basis of Union or Member State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject;

(6) processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3;(7)  processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) based on Union or Member State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject.

Categories of personal data and Sources

What information do we collect from you, and how is it used?

Direct:

You can visit our website without telling us who you are and without revealing any personal information about yourself. To provide full service, however, we will most often need to collect some personal information. For instance, we collect information about you when you complete and online form, register for an account and when you create or modify your personal data for one of our Services. The types of information we collect may includes:

General Personal Data

  • name, address, phone number, date of birth;
  • a record of the information that you provide to us;
  • the name of your next of kin, family members or of any person named by you;
  • the name, address and telephone number of your general practitioner;
  • the date on which you started using our services;
  • the date on which you ceased to use our services;
  • details of any specialist communications needs that you may have and methods of communication that may be appropriate;
  • a record of any complaints/ compliments made by you and the action taken in respect of any such complain/ compliment;
  • if you are referred to another service provider, the name of the provider and date on which you were referred;

Special Category Personal Data

  • a record of any incident affecting you which is detrimental to your health or welfare, which record shall include the nature of the incident and whether medical treatment was required;
  • a record of any medical care provided to you, including a record of your condition and any treatment or surgical intervention;
  • data revealing your physical or mental health;
  • a record of any incident affecting you which is detrimental to your health or welfare, which record shall include the nature of the incident and whether medical treatment was required;
  • a record of any medical care provided to you, including a record of your condition and any treatment or surgical intervention;
  • details of any specialist communications needs that you may have and methods of communication that may be appropriate;
  • the processing of any data revealing your physical or mental health; 
  • and sharing your health data with another service provider.

Indirect:

From cookies: We may also collect “cookie” information that we may save to your computer or mobile device. Cookies are small data files stored on your hard drive or in device memory. We use cookies to improve and customise our Services and your experience; to allow you to access and use our Services without re-entering your username or password; to log visits and to understand which areas and features of the Services are most popular. We may also associate the information we store in cookies with personal information you submit while using our Services. You can instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from websites you visit. If you do not accept cookies, however, you may not be able to use all aspects of our Services.

For specific information on cookies, please read our cookie policy.

Logs: We may record certain information and store it in log files when you interact with our Services. This information may include Internet protocol (IP) or other device addresses or ID numbers as well as browser type, Internet service provider, URLs of referring/exit pages, operating system, date/time stamp, information you search for, locale and language preferences, your mobile carrier, and system configuration information.

Analytics: We and our analytics providers also collect and store analytics information when you use our Services to help us improve our Services. We make sure this data is anonymous by not connecting any analytics data to personally identifiable data such as a name, email address, physical address, or phone number.

How might we share information?

We are not in the business of selling your personal information. We consider this information to be a vital part of our relationship with you. There are, however, certain circumstances in which we may share your personal information with third-party data processors, as set forth below:

With your consent: We will not share your personal information with companies, organisations, or individuals who are not associated with us unless we have your affirmative consent to do so.

Payment Processing: We use a third-party service provider to manage credit card processing. This service provider is not permitted to store, retain, or use billing information except for the sole purpose of credit card processing.

Newsletter Service: We use a commercial application to facilitate our newsletter service.

Compliance with Laws and Law Enforcement Requests; Protection of Our Rights: We may disclose your information (including your personal information) to a third party if:

  • We believe that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process or governmental request
  • To protect the security or integrity of our products and services
  • To protect our property, rights, and safety and that of our customers or the public from harm or illegal activities
  • To respond to an emergency which we believe in the good faith requires us to disclose information to assist in preventing the death or serious bodily injury of any person; or
  • To investigate and defend ourselves against any third-party claims or allegations.

Business Transfers:

We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company. We will notify you of such a change in ownership or transfer of assets by posting a notice on our website.

Data Transfers The data controller does not transfer personal data outside of the United Kingdom or European Union, apart from the following exceptions where indicated below. All data processors acting on behalf of the data controller have appropriate safeguards in place.  For example, those operating in the USA, are signed up to the EU-US Privacy Shield.

Data Processor Information

The following third-party service providers are used by us and only process data in accordance with the instructions from the data controller:

Practice HubPrivacy Policy online Online diary service
Balance Virtual AssistancePrivacy Policy onlinePhone and online diary service 
MailchimpPrivacy Policy online Direct Messaging, Blog/Newsletter & general updates
SlackPrivacy Policy onlineOnline diary service
Microsoft OutlookPrivacy Policy online Direct Messaging, Blog/Newsletter & general updates
FacebookPrivacy Policy onlineDirect Messaging & Business page 
Posture ScreenPrivacy Policy onlinePosture PictureUSA

How long will we keep the personal data?

Retaining some data may be subject to a statutory retention period and this must be adhered to, (to keep certain data for a minimum period of 8 years). In the event that the client is a child, if aged below 18 years of age at conclusion of treatment their data will be stored until 26 years of age.

 This may include personal data (name, address, contact details), but on expiry of such statutory requirement, such data will be destroyed securely. Where possible any personally identifiable data will be anonymised or pseudonymised.

Your information we use for marketing purposes will be kept with us until you notify us that you no longer wish to receive this information. Our backup routine keeps data for a rolling 30 day period after which time the data is removed from all systems.

Statutory or other requirements

The data controller does not process personal data in respect of any statutory requirement, but does require personal data to be supplied as part of any contractual agreement, however in respect of the controller’s services, certain communications may not be possible without such personal data being supplied, for example an insurance companies reference number in order to treat a data subject as part of a claim.

Profiling and Automated Decision Making

No profiling or automatic decision-making processes are undertaken by the data controller in respect of any personal data processing activities.

Your rights

Your fundamental rights as a Data Subject are:

  1. The right to be informed
  2. The right of access
  3. The right of rectification
  4. The right of erasure (often known as the right to be forgotten)
  5. The right to prevent processing
  6. The right to data portability
  7. The right to object
  8. Rights in relation to automatic decision making and profiling

Under the right of access (2), you have the right to have:

– confirmation that your data is being processed;

– access to your personal data; and

– other supplementary information

So that you are aware of and can verify the lawfulness of the processing

Your right to access can be exercised by contacting the data controller as above. Not all fundamental rights are absolute.

Your right to complain to the supervisory authority/regulator

You have the right to complain about organisations processing your personal data.  You can exercise this right by contacting the supervisory authority of the data controller as follows:

Head office

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AFTel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number

Complaints for James Maufe

If you have a query that involves your clinician, your care, or your complaint is to do with the service you received from practice regarding the behavior of a clinician or service provider. First, please contact them directly and talk it through the majority of problems are caused by misunderstandings and can easily be resolved.

Telephone James: 07914 688741
Email: thehealthpraxis@outlook.com

If you remain unsatisfied or the complaint is more serious, please contact the General Council of Osteomyologists, Complaints Investigation, and Disciplinary Committee.

To contact The General Council of Osteomyologists please use the details below:

Address: The General Council of Osteomyologists, 21 Danbury Way, Woodford, Woodford Green IG8 7EZ. Telephone: 02085041462
Email: registrar@osteomyology.co.uk

Complaints for Nina Martin

If you have a query that involves your clinician, your care, or your complaint is to do with the service you received from practice regarding the behavior of a clinician or service provider. First, please contact them directly and talk it through the majority of problems are caused by misunderstandings and can easily be resolved.

Telephone Nina: 07449 870684
Email: nina.care@outlook.com

If you remain unsatisfied or the complaint is more serious, please contact the McTimoney Chiropractic Association

To contact the McTimoney Chiropractic Association please use the details below:

Address: McTimoney Chiropractic Association, Hither Croft Court, 7a, Lupton Rd, Wallingford OX10 9BT Telephone: 01491 739120 Email: admin@mctimoney-chiropractic.org

or

To contact the General Chiropractic Council please use the details below:


Address: General Chiropractic Council, Park House186, Kennington Park Road, London, SE11 4BT Telephone: 020 7713 5155
Email: enquiries@gcc-uk.org