What is a privacy notice
Under EU wide general data protection regulation (GDPR) you, as a patient, have specific rights. To communicate these rights to you in a clear and concise manner, we are providing you with this privacy notice.
To be able to document and process your personal data, under GDPR you must give us explicit consent.
Who we are
Practitioners at VITAL Health diagnose, treat and rehabilitate health conditions. This is carried out in accordance with the individual governing bodies of the practitioners. All are insured with their relevant governing bodies.
We have a legal contractual obligation to collect personal data for the purposes of providing care and practitioners may require detailed medical information. We will only collect what is relevant and necessary for your care.
This data is always held securely and is not shared with anyone not involved in your care. For data storage purposes non-medical pre-vetted staff that have signed a GDPR processor agreement will handle some of the data.
We may use your contact details to remind you of future appointments, or other information concerning your treatment. We may also use your contact information to send you our newsletter or other information which the practice believes may be of use to you – for which you must give us explicit consent.
In making an initial contact with VITAL Health we will keep your contact details unless you do not attend the clinic and then this information will be deleted in one month.
We occasionally take part in surveys or medical studies and we would use your anonymised data to add to the advancement of understanding within healthcare.
Sharing your personal data
We will only share your personal data with outsourced providers of accounting services to process your payments and insurance payments and we use a telephone answering service to handle our excess calls. These providers are deemed our processors and we have a contract with them to ensure your data is secure.
We may also share your medical data with external treatment providers such as your GP or a medical consultant with your explicit consent.
Retaining your personal data
VITAL Health will process personal data during the duration of any treatment and will continue to store only the personal data needed for eight years after the contract has expired to meet any legal obligations. After eight years all personal data will be deleted, unless basic information needs to be retained by us to meet our future obligations to you, such as erasure details. Records concerning minors who have received treatment will be retained until the child has reached the age of 25.
All Data is held in the United Kingdom. VITAL Health does not store personal data outside the EEA.
At any point whilst VITAL Health is in possession of, or processing your personal data, all data subjects have the following rights:
Right of access – you have the right to request a copy of the information we hold about you – you can make a subject access request and you will need to provide identification. There is no charge for this. Please ask at reception if you require more information.
Right of rectification – you have the right to correct data that we hold about you that is inaccurate or incomplete.
Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
Right of restriction of processing- where certain conditions apply you have the right to restrict the processing.
Right of portability – you have the right to have the data we hold about you transferred to another organisation.
Right to object – you have the right to object to certain types of processing such as direct marketing.
Right to object to automated processing, including profiling – we don’t do this at VITAL Health.
As healthcare providers in the COVID-19 global pandemic we are obliged to provide your contact details to track and trace when required. This overrides your rights under GDPR.
Should your personal data that we control be lost, stolen or otherwise breached, where this constitutes a high risk to your rights and freedoms, we will contact you without delay. The breach will be dealt with by our data protection officer (details below), who will explain to you the nature of the breach and the steps we are taking to deal with it.
In the event that you wish to make a complaint about how your personal data is being processed by VITAL Health you have the right to complain to us. If you do not get a response within 30 days, you can complain to the ICO.
Data protection officer at VITAL Health: Dan Trussler.
ICO 6 Station Rd, Tiptree, Colchester CO5 0AD Telephone +44 (0) 1621 927645 or email: https://ico.org.uk/global/contact-us/email/