Privacy policy
This privacy policy sets out how we protect any information that you give us when you use this website.
About your privacy
We are committed to respecting your privacy. Individuals connected with the Company (patients and practitioners) can be assured that the protection of privacy and confidentiality are given the highest priority, with all personal information being collected, held and used in strict compliance with the Data Protection Act 1998 and the General Data Protection Regulations (GDPR) 2018. The purpose of the privacy policy is to inform you as a user of Levy Heart Health Ltd about what information we collect about you, how we use the information, whether the information is disclosed and the ways in which we protect users' privacy. We will provide information about how and why we use your data in a manner which is:
- Concise, transparent, intelligible and easily accessible;
- Written in clear and plain language, particularly if addressed to a child;
- Free of charge
This policy is displayed on our website. It is referred to in writing during patient registration.
Definitions
Data – means collectively all information that you submit, or we hold about you. This includes, but is not limited to, account details and information submitted.
For the purpose of the Data Protection Legislation and this notice, Dr Levy is the data controller. This means that he is responsible for deciding how to hold and use personal data. He is legally required to notify you of the information contained in this privacy notice.
Consent
By providing your personal information to us, you fully understand and clearly consent to the transfer of such personal information to, and the collection and processing of such information by us in in accordance with this privacy policy. If you do not agree to this policy, please do not provide your personal details to us. We will use your information for the purposes set out below.
What information will the Clinic collect about me?
Prior to commencing treatment, we ask you to complete a registration form which asks for information such as your name, email address, postal address, telephone or mobile number, date of birth, next of kin, NHS Number, your insurance company if relevant, and your General Practitioner where applicable. If you are the parent or guardian of a child under 16, we will hold limited personal data about you, so you can give consent for the child to have treatment. We will use your contact details to communicate with you about the child’s treatment.
How do we use this information?
The information you supply will be secured and encrypted. It will be used for invoicing and letters. Your email will be used for appointment reminders, communicating with you regarding your treatment. Your telephone number will be used to contact you relating to your treatment or appointments. We periodically send emails as newsletters.
Controlling your personal information
Before you submit any information, we will notify you as to why we are asking for specific information and it is up to you whether you provide it.
You can decide what personal information you provide to us. You may choose to restrict the collection or use of your personal information. On the registration form, you have the choice to decide what permission you give us to use your information for. If you do not wish to receive appointment reminders or our newsletters by email, please record this on the form. Please notify the company of your preferences so that these can be logged on your patient account. If at any time you wish to change your preference, please inform reception. You will have an opportunity to unsubscribe whenever we communicate with you.
Can I delete my data?
Your data can be deleted at any time when requested in writing. Whilst on treatment it is advisable for your details to be kept on our system.
We will give you access to your information
You are entitled to know whether we hold information about you and, if we do, to have access to that information. If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible, at the above address. We will promptly correct any information found to be incorrect.
Do you share my data with other organisations?
We'll only share your data with third parties to help us provide a better service for you or if required to do so by law. For example, we will include your date of birth, NHS Number (where required) and full name and address when we communicate with your doctor in a letter giving details about your care. If you would prefer that we do not share this information, please make it known to your physiotherapist and unless required by law, we will respect your wishes.
To bill your insurance company or solicitors for treatment costs we are required to include your full name, address and date of birth on invoices so that they can identify you. If you do not give us permission to do this, we will not be able to facilitate direct payment with your insurance company and you will be required to settle your account directly.
When we are required to complete a report about you for your insurance company or solicitor, we will again have to provide your full name, address and date of birth but will ask for your written permission to do so.
Legal purposes
We may disclose your personal information if required to do so by law or where we believe such action is necessary to protect or defend our interests or the interests of our customers.
Sale and Transfer
In the event of a sale, merger, consolidation, change in control, transfer of substantial assets, reorganisation or liquidation, we may transfer, sell, or assign to third parties information concerning your relationship with us, including without limitation, personally identifiable information that you provide and other information concerning your relationship with us.
How are my treatment records stored?
Since 1993 the patient records have been electronically, and these are kept in accordance with legal retention periods and are backed up automatically to a secure server as detailed within our privacy policy.
How long will the Company keep my information?
We will hold your personal information on our system for as long as we need to keep your records.
Different types of data have different legal ‘retention periods’ that we abide to, such as medical records and personnel records retention periods. Personal data will be held for no longer than is necessary and will be destroyed appropriately when the data retention period has expired. We are required to hold your treatment records for a minimum of 8 years or up to the age of 25 if, when you were treated, you were under the age of 16.
How secure is the information you hold?
We take appropriate measures to safeguard the information we hold from unauthorised access or improper use. We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect. Only users authorised by us have access to this data.
We have put in place procedures to deal with any suspected data breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Customer feedback and complaints
We have a legal duty to keep patients’ personal information confidential. Patients who believe their confidence has been breached may make a complaint to the practice.
We welcome your questions and comments about privacy issues. Alternatively, you can raise an issue, if you feel we have in any way handled your personal data unfairly or inappropriately, with the Information Commissioners Office. Further details on GDPR and data protection laws can also be found at the ICO website. This policy is effective from 25th May 2018.