PRIVACY POLICY NOTICE
In line with the new GDPR legislation, we would like to make you aware of how we handle the personal data we collect in the course of our business.
Data Controller: Dr Natty Burgess
This Privacy Notice explains:
-
What Personal Data Nativis holds.
-
Why we hold and process it.
-
Who we might share it with.
-
Your rights and freedoms by Law under the terms of the Data Protection Act 2017 and the requirements of the EU General Data Protection Regulation.
-
How long your data is stored for.
-
How you can complain if you have a problem with your stored data.
Types of Personal Data
Nativis holds personal data in the following categories:
1. Client clinical and health data and correspondence. This may include contact names, phone numbers, email address and home address, these are all used to be able to identify you and contact you as and when we required to make/change appointments.
2. Staff employment data.
3. Suppliers/Contractors’ data.
Why we process Personal Data (what is the “purpose”)
“Process” means we obtain, store, update and archive data.
1. Client data is held for the purpose of providing Clients with appropriate, high quality, safe and effective care and treatment.
2. Staff employment data is held in accordance with Employment, Taxation and Pensions law.
3. Supplier/Contractors’ data is held for the purpose of managing their contracts.
What is the Lawful Basis for processing Personal Data?
The Law says we must tell you this:
1. We hold clients data because it is in our Legitimate Interest to do so. Without holding the data we cannot work effectively.
2. We hold staff employment data because it is a Legal Obligation for us to do so.
3. We hold suppliers/contractors’ data because it is needed to Fulfil a Contract with us.
Data Sharing
The only time we would share your data would bewith other healthcare professionals who need to be involved in your care (for example if you have a reaction and need medical assistance).
Employment data will be shared only where necessary such as the requirements to comply with legislation, eg, HMRC, pensions, etc.
We may from time to time use your information to contact you for offers we may have on for treatments, however this will be direct from us and we will not use a third party.
Your rights to request Data Access
We are happy to provide details of all data held in respect of any client. This will be provided to the client upon providing proof of identity (proof of name). It will be provided verbally face to face or in printed form and forwarded to the customer free of charge within two weeks or sooner.
You may request to correct any information that we hold about you that is wrong, or you may have you data removed in certain circumstances. We may in some cases, be able to transfer your data to another person if you choose, however this will be done in a safe and legal way. Any requests with regards to the data we hold for you should be directed to the Data Controller Dr Natty Burgess.
Any data access requests from staff should be directed to Dr Natty Burgess, who will provide printed copies free of charge and within two weeks or sooner.
How long is the Data stored for?
We will store client data indefinitely due to clients returning in many circumstances regularly for further treatments.
We must store employment data for six years after an employee has left.
We must store supplier data for seven years after a contract has ended.
Complaints
Any complaints should be raised in the first instance to the Data Controller Dr Natty Burgess. Contact Details can be found on the website. We will do our best to resolve the matter. However,if you are not satisfied with the way in which your complaint is handled you should direct your complaint to the ICO at www.ico.org.uk/concerns/ or by telephoning them on 0303 123 1113.