Why we collect your personal data and what we do with it.

​In providing your osteopathic healthcare and treatment, we will ask for information about you and your health. This privacy notice describes the type of personal information we hold, why we hold it, and what we do with it.

About us

We are The Active Health Clinic.

Our main practice contact address is 50-54 Wigmore Street, London W1U 2AU

Information that we hold

We only keep and use information for specific reasons guided by the EU General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018. Below, we describe the information we hold and why, and the lawful basis for collecting and using it.

Contact Details

We hold personal information about you including your name, date of birth, insurance details if provided, address, telephone number and email address. This information allows us to fulfil our contract with you to provide appointments. If required, we may also use the information to send you reminders and recall appointments as we have a legitimate interest to ensure your continuing care and to make you aware of our services.

Medical Records

We hold information about your health, including:

• Clinical records made by our practitioners and other medical professionals involved in your care and treatment

• MRI scans, X-rays, clinical photographs and reports

• Medical histories

• Treatment plans and consent

• Notes of conversations with you about your care

• Dates of your appointments

• Details of any complaints you have made and how these complaints were dealt with

• Correspondence with you and other health professionals or institutions regarding your health and care

We collect and use this information to allow us to fulfil our contract with you, to discuss your treatment options and provide care that meets your needs. We also use this information for the legitimate interest of ensuring the quality of the treatment we provide.

Financial information

We hold information about the fees we have charged, the amounts you have paid and some payment details. This information forms part of our contractual obligation to you to provide osteopathic health care and allows us to meet legal financial requirements.

How we use your information

When you supply your personal details to this clinic they are stored and processed for 4 reasons (the terms in bold are the relevant terms used in the General Data Protection Regulation - GDPR):

1. We need to collect personal information about your health in order to provide you with the best possible treatment. Your requesting treatment and our agreement to provide that care constitutes a contract. You can, of course, refuse to provide the information, but if you were to do that we would not be able to provide treatment.

2.  We have a “Legitimate Interest” in collecting that information, because without it we could not do our job effectively and safely.

3.  We also think that it is important that we can contact you in order to confirm your appointments with us or to update you on matters related to your medical care. This again constitutes “Legitimate Interest”, but this time it is your legitimate interest.

4. Provided you have given us your explicit consent, we may occasionally send you general clinic information and marketing correspondence. You may withdraw this consent at any time – please just let us know by any convenient method.

We may conduct patient surveys to find out if you are happy with the treatment you received for quality control purposes.

Keeping your information safe

We have a legal obligation to retain your records for 8 years after your most recent appointment (or age 25, if this is longer).

Your records are stored:

• On paper, in locked filing cabinets, and the offices are always locked and alarmed out of working hours.

• Electronically (“in the cloud”). Access to this data is password protected, and the passwords are changed regularly.

• On our office computers which are password-protected and backed up regularly.

​Sharing information

Only the following people/agencies will have routine access to your data:

• Your practitioner(s) in order that they can provide you with treatment

• Our support staff, for example secretaries, in order that they can assist your practitioner(s) with referrals, correspondence, sending your test requests or results (but they do not have access to any other elements of your medical records or sensitive personal information)

• Our reception staff, because they may organise our practitioners’ diaries and coordinate appointments (but they do not have access to your medical records or sensitive personal information)

Your information is normally used only by those working for the clinic but there may be instances where we need to share it in the context of your care – for example, with:

•  Your general practitioner

• The hospital or other health professionals caring for you

• Medical services to which we may refer you

• Debt collection agencies

• Health Insurance schemes of which you are a member

 We will only disclose your information on a need-to-know basis and will limit any information that we share to the strict minimum. We will give you notice if we send your medical information to another medical provider and we will give you the details of that provider at that time.

From time to time, we may have to employ external technical consultants to perform tasks which might give them access to your personal data (but not your medical records). We will ensure that they are fully aware that they must treat that information as confidential, and we will ensure that they sign a non-disclosure agreement.

In certain circumstances or if required by law, we may need to disclose your information to a third party not connected with your health care, including HMRC or other law enforcement or government agencies.

For information regarding your rights in relation to the Covid-19 pandemic and clarification about confidential information and public health please see:

 https://www.nhsx.nhs.uk/covid-19-response/data-and-information-governance/information-governance/copi-notice-frequently-asked-questions/

and https://ico.org.uk/global/data-protection-and-coronavirus-information-hub/data-protection-and-coronavirus/health-social-care-organisations-and-coronavirus-what-you-need-to-know/

Access to your information and other rights

You have a right to access the information that we hold about you and to receive a copy. We do not usually charge you for copies of your information; if we pass on a charge, we will explain the reasons.

​You can also request us to:

• Correct any information that you believe is inaccurate or incomplete. If we have disclosed that information to a third party, we will let them know about the change.

• Erase some of the information we hold. For legal reasons, we may be unable to erase certain information (for example, information about your treatment). However, we can, if you ask us to, delete some contact details and other non-clinical information.

• Stop using your information – for example, sending you information about our service. Even if you have given us consent to send you marketing information, you may withdraw that consent at any time.

• Stop using information if you believe the information is inaccurate or you believe we are using your information illegally.

• Supply your information electronically to another medical practitioner.

If we are relying on your consent to use your personal information for a particular purpose, you may withdraw your consent at any time and we will stop using your information.

​We want you to be absolutely confident that we are treating your personal data responsibly, and that we are doing everything we can to make sure that the only people who can access that data have a genuine need to do so.

Of course, if you feel that we are mishandling your personal data in some way, you have the right to complain.

For any requests or any concerns about how we use your information, please contact our “Privacy Manager”:

​Claire Cheetham - 020 7486 8141   mail@activehealthclinic.com

​If you are not satisfied with our response, then you have the right to raise the matter with the Information Commissioner’s Office (ico.org.uk).