Spine Plus consists of the following organisations trading under Spine Plus brand:
Osteopathy Plus Ltd (Chigwell and Woodford Clinics)
The Chandler Clinic Ltd (Bow & Stratford Clinics)
Spine Plus Ltd (Harley Street & Waterloo clinics and the “Harley Street Solutions” product label.
All three parties are fully committed to ensuring the privacy of all patients and visitors to our website in line with the General Data Protection Regulation 2018. We are registered with the Information Commissioners Office – in accordance with The Data Protection Act 1998. This policy explains what personal data we may collect about you and how we use it.
The websites we operate and which this policy refers to include:
Osteopathy Plus Ltd:
The Chandler Clinic Ltd:
Spine Plus Ltd:
For simplicity, “we” and “us” refers to Osteopathy Plus Limited / The Chandler Clinic Ltd / Spine Plus Ltd. We are data controller in relation to the processing of personal information that you provide us when using our services.
Our relevant Data Protection Officers are Robert Shanks, BSc (Hons) Ost. who can be contacted at [email protected] (Osteoopathy Plus Ltd). Darren Chandler (The Chandler Clinic Ltd) who can be contacted at [email protected] and David Papamichael (Harley Street clinic) who can be contacted at [email protected]
Your Personal Data and Sensitive Personal Data
Under data protection legislation, the data that we hold about you is categorised as follows:-
Personal Data – Data related to an identifiable person, or data that can be used to identify an individual. Examples of personal data we collect and process under this category include names, dates of birth, home addresses, email addresses, telephone numbers, occupations, GP details, emergency contact details and other online identifiers.
Sensitive Personal Data – Sometimes referred to as Special Category Data, this is data that is recognised to be more sensitive than the above personal data. The type of data that we may collect and process under this category includes information about your health, and lifestyle. We will only ever use this data for the purposes of diagnosis and treatment, and to ensure your care and safety as a patient. We will never use your sensitive personal data for targeted marketing purposes.
Under data protection legislation, we must have a lawful reason for obtaining and processing your personal data. Below are the bases we use and an example of the purpose for which we use it:
Contract – We need your data in order to fulfil our obligations to you. For example, to see you in clinic we need your information to create a new patient profile on our patient database. To commence treatment, we need a record of personal and medical history to ensure that your treatment is clinically appropriate, safe and effective.
Legal Obligation – There may be some situations where we are required by law or regulatory bodies to process your data. For example, we may be required to gather information as part of investigations by regulatory bodies, such as the General Osteopathic Council, or The Health Professionals Council, or in connection with legal proceedings or requests.
Legitimate Interests – We may sometimes require your data to pursue our interests in such a way that might reasonably be expected as part of running our business but does not significantly impact your rights or freedom.For example, we will use the contact details you provide to call, email, SMS or instant message you regarding your enquiry, or to provide you with requested and/or relevant information. We may also combine and anonymise your data with that of other patients to identify trends, complete patient audits and to help make improvements to our service.
Furthermore, we process your sensitive personal data (or special category data), in line with the condition that it is necessary for medical / health diagnosis and the provision of health care and treatment.
How We Collect Your Personal Data
There are a variety of ways that we may collect your personal data. These include, but are not limited to:
- When you communicate with us by phone, email, SMS or instant messaging systems.
- When you visit our website.
- When you engage with us on social media.
- When you interact (open/click) with our emails.
- When you request further information from us.
- When you arrange appointments with clinic staff.
- When you attend appointments and as part of the consultation process.
- When you make payments to us or require a refund.
- When you complete any forms.
- When you’ve given a third-party permission to share with us the information they hold about you (e.g. Facebook).
- When you complete any surveys or testimonial requests that we may send you.
- When you review our services (e.g. Google business/Facebook).
- When you refer a friend or are referred by a friend.
Types of Personal Data that we Collect
We collect various types of personal data. These include, but are not limited to:
- Whilst using our website you may submit information to us via our general enquiry form. This may include your name, email address, telephone number and details of your enquiry. We require this information so that we can contact you regarding your enquiry and to better understand the demand for our services.
- When you arrange a new patient consultation we require that you compete a ‘Personal Details Form’ so that we can set up a new patient profile on our patient database platform.
- We may issue you with health screening questionnaires to be completed prior to your consultation.
- Details of your interactions with us over the telephone, through our clinics or online. For example, we may make note of telephone conversations and retain email conversations.
- Details of your interaction with our websites, including how you arrived, which pages you visited, time spent, links clicked and technical information about your device and internet connection.
- Your reviews, testimonials, survey responses and comments.
- Payment details.
How and Why Your Personal Data is Used
We strive to provide you with the best possible patient experience. This starts with your very first interaction with us and continues through your entire patient journey. One way to achieve this is to have a better understanding of who you are by collecting data about you. We use this data to make improvements to our service and to communicate information that you are likely to be interested in.
There are cases where we are also required to collect and process data about you to either fulfil our contractual obligations to you, or to comply with the law.
Examples of how we may use your personal data include:
- To contact you regarding your enquiry, we need to collect and process your data in order to fulfil your request for further information.
- To provide you with further information about the subject of your enquiry so you understand your options and can make an informed decision.
- To contact you regarding your treatment plan and provide patient support.
- To contact you by email regarding any changes to your upcoming appointment.
Protecting your Data
We take the security of your data very seriously and endeavour to take appropriate steps to protect it from unauthorised access, loss and/or misuse. Your personal data is never sold for any purpose.
Keeping your Data
The law states that we must only keep your data for as long as is necessary to fulfil the purpose for which it was collected. At the end of this period, your data will either be deleted or anonymised so that it can be used in a non-identifiable manner for statistical analysis to help us make improvements to our service and business.
Sharing your Personal Data
As previously stated, we will never sell your data to third parties for any purpose. However, we do routinely use third parties to support, manage or deliver some of our day to day administrative and business services. As a result, it may be necessary to share your personal data with the following types of companies that we work with:
- Companies that help us deliver our emails and electronic communications to you.
- Companies that support our website, appointment/phone handling and other IT/business systems.
- Companies that provide analytics services.
- Companies whose services we engage with for the provision of your medical care and/or support.
We select the companies carefully and take appropriate precautions to ensure that your data is kept safe and your privacy protected. We do this by only providing them with the data they need to perform the services we require, and only giving them permission to use your data for the purposes we specify and agree with them.
It may sometimes be necessary to share your requested personal data with regulatory bodies
We will never share your personal data, sensitive or otherwise, with any third-party who is not directly involved in your care without your express written request or permission to do this.
You have explicit rights relating to your personal data. These include:
- Your right to access all personal data that we hold about you.
- Your right to request the correction of any inaccurate data about you. If we do hold any inaccurate or out of date information about you, you can request that it is changed or updated.
- Your right to request that we delete your data or stop processing it. In some instances, such as where we no longer need it, we can delete your personal data at your request.
- Your right to stop direct marketing. Although we do not routinely use your personal data for direct marketing purposes, you have the right to be removed from our group email contact list and we will be happy to comply with your request.
- Your right to withdraw your consent. Whenever you have previously given us consent to use your personal data, you have the right to change your mind and inform us.
Please note that there may be instances where we may refuse your request for any of the above (unless otherwise stated) where we have a strong overriding reason or are legally obliged to.
We do not routinely use email for marketing purposes. However, we do occasionally use the group email facility to disseminate pertinent information to all our patients. In these instances, patient identity is always protected. If you do not wish to receive such emails, please contact us by the relevant email (see About Us), [email protected] or [email protected] or [email protected], to request to be removed from our email contact list. Your request will need to be processed manually and so occasionally there may be a small delay in doing this. You may therefore still receive emails from us during this time.
Please bear in mind that this action may prevent you from receiving information in the future regarding service delivery and improvements that may be relevant to your on-going care. You will still receive email correspondence from us in reply to email enquiries from yourself, regarding your treatment plan or in relation to appointment bookings/alterations/cancellations.
Changes to this Privacy Notice
We may update this notice to reflect how we use your personal data. We will notify all patients of any significant changes by e-mail. However, you are encouraged to review this policy regularly to stay informed of how we use your data.
If you are concerned about the way your data has been handled or used by us, please contact our Data Protection Officer on the contact details in the “About Us” section above. If you are not satisfied with our response, you can report your concerns to the UK Information Commissioner Office (ICO). Details of how to do this are on the ICO website – www.ico.org.uk.
We hope that this privacy notice clearly details the way that we handle your personal data and your rights. If you have any questions that you feel haven’t been sufficiently addressed, please contact our Data Protection Officer on the contact details in the “About Us” section above.
Updated 21st May 2018