23 King Street, Suite 93, Cambridge, United Kingdom, CB1 1AH
Telephone: 07718 252 446
For the purposes of processing your personal data, TotalMSK Ltd is (the controller).
TotalMSK Ltd collects and holds the following types of personal data:-
Name, Address, Telephone numbers, email address, date of birth, next of kin, medical and health information including history, testing and diagnosis information and treatment.
The data is used and processed as part of a contract and relating to the provision of Chiropractic and Musculoskeletal health services to individual patients. Each patient will have also given explicit written consent for examination, treatment and in some cases to contact the patient’s GP or other relevant practitioners concerning ongoing treatment.
The online patient booking system operates via a third party service provider, who is GDPR complaint. The data held by the third party is used by (the controller) for the scheduling of patient bookings, cancellations and correspondence regarding said purposes.
It is possible to send patient appointment reminders, via text and the online booking system. Patients can request to withdraw from this free service at any time.
Patient’s can leave voicemails on (the controller’s) mainline telephone number, or indeed numbers of individual practitioners working for (the controller). Patient voicemails get deleted every two weeks.
Individuals can contact (the controller) via email, either via the website or various other means. From time to time, (the controller) may wish to contact a patient regarding on-going treatment, to inform them of a new news article or promotion. Individuals have the right to withdraw from such correspondence at any time by directly requesting to do so.
Website and Blog
(The controller) uses a number of third party companies for website data analytics purposes. The analytics are used for the purposes of improving the corporate website and tailoring information to the needs of users. The data provided by said third parties does not allow (The controller) to specifically identify any specific individual using the website or blog. (The controller's) website does not use any "cookies", however the Blog, which is hosted by Google (Blogger) does use "cookies". (The controller) uses the data gained from third parties to identify errors affecting user experience, popularity of articles/web pages and potential areas for new articles and improvements. (The controller) has limited access to information gained via third parties and indeed control over that process. Typically, the analytics data gained by these companies looks at when something was accessed/looked at, where the user was geographically (though this may not be actual location), the service the data was accessed via (internet provider etc.), how long data was accessed for, possibly the device and type of operating system used to access the content.
Retention Your Personal Data
The Chiropractors Act 1994, requires that patient record card information, including treatment notes, are retained for a minimum of 8 years from the last treatment/discharge date. Although, one has rights regarding how ones data is used, any request to delete or destroy record card information cannot be acted on prior to the 8 year rule mentioned above, at which point the data is automatically destroyed due to legislative requirements.
While your personal data is being processed and held, you the individual have certain rights, namely:-
The right to gain access to the data held about you.
The right to rectification (correction) concerning said data.
The right to erasure of said data where legally possible (see retention of personal data).
The right to restrict processing of said data.
It is possible to act upon any of these rights by contacting the Data Protection Officer, in writing or via email. The letter or email should be addressed “For the Attention” of the “Data Protection Officer” as per (The Controller) address and contact details. The letter or email should also contain the requestors full contact details; name, address, telephone number(s), email and details of the information or changes requested. (The Controller) is required to verify the identity of the requestor and thus will ask for copies of corroborating documentation such as Passport, Driving licence, recent utility bill etc.
(The Controller) takes various precautions and protections to store and process the data held on patients safely. However, regardless of how robust processes and security is, there is always the possibility that data can get lost, stolen or otherwise illegally accessed. Should any of these situations occur and where the data breach constitutes a high risk to the individual's rights and freedoms, then (the controller) would make contact without any delay. Where known, the Data Control Officer would provide, their on contact details, details of the type of breach, the data involved, details of an on-going investigation and what is being done to prevent any such similar breach.
In the first instance, please contact the Data Controller concerning the complaint. It is possible that there may have just been a simple misunderstanding, which can easily get remedied. If you are still unsatisfied with the response, then you can contact the Information Commissioners Office (ICO) via their website:-