Newbury Chiropractic Centre Patient Privacy Statement
Newbury Chiropractic Centre is aware of its obligations under the General Data
Protection Regulation (GDPR) and is committed to protecting the privacy and
security of your personal information. This privacy notice describes, in line with
GDPR, how we collect and use personal data about you during and after your time
as a patient of this clinic. It also sets out how we use that information, how long
we keep it for and other relevant information about your data.
This notice applies to current and former patients.
Data controller details
The Clinic is a data controller, meaning that it determines the processes to be used
when using your personal data. Our contact details are as follows:
Newbury Chiropractic Centre
21 Old Newtown Road
Berkshire RG14 7DP
Tel: (01635) 48088
Data protection principles
In relation to your personal data, we will comply with data protection law. This
says that the personal information we hold about you must be:
• processed fairly, lawfully and in a clear, transparent way
• collected only for valid reasons that we find proper for the course of your
time as a patient and not used in any way that is incompatible with those purposes
• only used in the way that we have told you about
• accurate and up to date
• kept only as long as is necessary for the purposes we describe
• processed in a way that ensures it will not be used for anything that you are
not aware of or have consented to (as appropriate), lost or destroyed
• kept securely
Types of information we hold about you
Personal data or information means any information about an individual from
which that person can be identified. It does not include data where the identity
has been removed.
We hold many types of data about you, including:
• your personal details including your name, address, date of birth, email
address, phone numbers
• marital status
• personal medical or health information, including past medical history
• information concerning examination and treatment at your first and
• letters of referral to or from the clinic regarding your treatment with us.
Special categories of data
There are "special categories" of more sensitive personal data which require a
higher level of protection, such as information about a person's health.
We will use your special category data:
• to ensure the care you receive at the clinic is appropriate to your condition
• to determine reasonable adjustments that should be made for access to the
clinic or to treatment
We must process special categories of data in accordance with more stringent
We will process special categories of data when the following applies:
• you have given explicit consent to the processing (on our consent form)
• we must process the data in order to carry out our legal obligations
• we must process data for reasons of substantial public interest
Less commonly, we may process this type of information where it is needed in
relation to legal claims or where it is needed to protect your interests (or someone
else's interests) and you are not capable of giving your consent, or where you have
already made the information public.
As with all cases of seeking consent from you, you will have full control over your
decision to give or withhold consent and there will be no consequences where
consent is withheld. Consent, once given, may be withdrawn at any time. There
will be no consequences where consent is withdrawn.
How we collect your data
We collect data about you in a variety of ways and this will usually start when you
make an enquiry to the clinic and continue when you attend your first and
subsequent appointments. At this clinic, we keep electronic records.
We may receive information about you from your GP or other health care provider
regarding your referral or, with your permission, additional information that will
help us continue with your treatment. We may also hold the results of tests that
you have undertaken and that are relevant to your treatment with the clinic.
Personal data (such as your name, address and contact details) is kept in the clinic
on a password protected computer and is processed on password protected
software. This data is backed up on a password protected portable flash drive
which remains at the clinic in a locked safe. Paper copies of medical records are
kept in a secure, locked filing cabinet in a private area of the clinic. No patient
medical records are taken off the business premises.
Why we process your data (How we will use information about you)
The law on data protection allows us to process your data for certain reasons only,
these are classified as legitimate interests. Most commonly, we will use your
personal information in the following circumstances:
• in order for us to carry out our contract with you (your requesting treatment
and our agreement to provide it constitutes a contract) which will include
confirming appointments, informing you of changes to appointments or
clinic arrangements, changes to facilities or services at the clinic.
• in order to provide you with the best possible treatment by recording health
and treatment information which would be in your best interest.
• in order to carry out legally required duties such as those required by me by
my government appointed regulator
• where it is necessary for our legitimate interests and your interests and
fundamental rights do not override those interests
We may use your personal information in these rare situations:
• where we need to protect your or someone else’s interests
• where it is needed in the public interest or for official purposes
Situations in which we will use your personal information
We need all the categories of information to primarily allow us to perform our
contract of treatment with you and to enable us to comply with legal obligations.
If you do not provide your data to us
One of the reasons for processing your data is to allow us to carry out our duties in
line with your contract of care with us. If you do not provide us with the data
needed to do this, we will be unable to perform that care to ensure your best
interests are being maintained. We may also be prevented from continuing with
your treatment with us due to our legal obligations.
Change of purpose
We will only use your personal information for the purposes for which we collected
it unless we reasonably consider that we need to use it for another reason and that
reason is compatible with the original purpose. If we need to use your personal
information for an unrelated purpose, we will notify you and we will explain the
legal basis which allows us to do so.
Please note that we may process your personal information without your
knowledge or consent, in compliance with the above rules, where this is required
or permitted by law.
Automated decision making
No decision will be made about you solely on the basis of automated decision
making (where a decision is taken about you using an electronic system without
human involvement) which has a significant impact on you.
Sharing your data
Your data will be shared with colleagues within the Clinic but only where it is
necessary for them to undertake their duties. This includes, for example, other
chiropractors working for, at or on behalf of the clinic, reception staff and other
healthcare practitioners such as Massage Therapists. Your medical notes may only
be viewed by members of NCC staff.
We may share your data with third parties in order to facilitate a referral to
another healthcare practitioner, investigation or to keep your GP informed about
your progress with treatment. An example would be a locum Chiropractor, that
may “cover” patients treatments during holiday times.
We may also share your data with third parties as part of a Clinic sale or
restructure, or for other reasons to comply with a legal obligation upon us. We
would always keep you informed of these situations.
Transferring information outside the EU
We do not share your data with bodies outside of the European Economic Area.
Data Security - Protecting your data
We have put in place measures to protect the security of your information against
accidental loss or disclosure, alteration, unauthorised access, destruction or
abuse. We have implemented processes to guard against such. In addition, we limit
access to your personal information to those employees, agents, contractors and
other third parties who have a business need to know. They will only process your
personal information on our instructions and they are subject to a duty of
Your data (such as your name, address and contact details) is held on a secure
computer system with password access and a database with password access. The
computer is protected by a firewall, as well as up to date security software. It is
backed up on a password protected portable flash drive which remains at the
clinic and is locked in a safe. The patient contact database is backed-up to servers
hosted in highly-secure UK data centres which are ISO9001 and ISO27001 certified.
Furthermore, all data is encrypted (even when in transit) and is strong-password
protected on the servers.
Paper patient records are stored in locked cabinets in a private area of the clinic.
No patient medical records are taken off the business premises. The clinic is
protected by a security alarm.
Where we share your data with third parties, we provide written instructions to
them to ensure that your data are held securely and in line with GDPR
requirements. Third parties must implement appropriate technical and
organisational measures to ensure the security of your data.
How long we keep your data for
In line with data protection principles, we only keep your data for as long as we
need it for, which will be at least for the duration of your being a patient with us
and we are legally required, by the Chiropractic regulator, to keep this data for
eight years after your time as a patient has ended. To determine the
appropriate retention period for personal data beyond eight years we consider the
amount, nature, and sensitivity of the personal data, the potential risk of harm
from unauthorised use or disclosure of your personal data, the purposes for which
we process your personal data and whether we can achieve those purposes through
other means and the applicable legal requirements.
Once we no longer have a lawful use for retaining your information, we will
dispose of it in a secure manner that maintains data security.
In some circumstances we may anonymise your personal information so that it can
no longer be associated with you, in which case we may use such information
without further notice to you.
Your duty to inform us of changes
It is important that the personal information we hold about you is accurate and
current. Please keep us informed if your personal information changes during your
time as a patient with us.
Your rights in relation to your data
The law on data protection gives you certain rights in relation to the data we hold
• the right of access. You have the right to access the data that we hold on
you. To do so, you should make a subject access request.
• the right for any inaccuracies to be corrected. If any data that we hold
about you is incomplete or inaccurate, you can require us to correct it.
• the right to be informed. This means that we must tell you how we use your
data, and this is the purpose of this privacy notice. We also must inform you
of any changes to how we use your data.
• the right to have information deleted. If you would like us to stop
processing your data, you have the right to ask us to delete it from our
systems where you believe there is no reason for us to continue processing it.
• the right to restrict the processing of the data. For example, if you believe
the data we hold is incorrect, we will stop processing the data (whilst still
holding it) until we have ensured that the data is correct.
• the right to portability. You may request transfer the data that we hold on
you for your own purposes.
If you want to access your data, review, verify or correct your data, request we
erase your personal information, object to the processing of your personal data, or
request that we transfer a copy of your personal information to another party,
please contact: Data Protection Officer, Newbury Chiropractic Centre, 21 Old
Newtown Road, Newbury, Berkshire RG14 7DP in writing.
You will not have to pay a fee to access your personal information (or to exercise
any of the other rights). However, we may charge a reasonable fee for a second or
subsequent copy of information or if your request for access is clearly unfounded
or excessive. Alternatively, we may refuse to comply with the request in such
What we may need from you
We may need to request specific information from you to help us confirm your
identity and ensure your right to access the information (or to exercise any of your
other rights). This is a security measure to ensure that personal information is not
disclosed to any person who has no right to receive it.
Right to withdraw consent
Where you have provided consent to the collection, processing and transfer of your
data, you have the right to withdraw that consent at any time. There will be no
consequences for withdrawing your consent. However, in some cases, we may
continue to use the data where so permitted by having a legitimate legal reason
for doing so.
To withdraw consent, contact:
by email: [email protected]
or in writing:
Data Protection Officer
Newbury Chiropractic Centre
21 Old Newtown Road
Newbury, Berkshire RG14 7DP
Making a complaint
If you have any questions about this Privacy Notice or how we handle your
information, please contact the Clinic’s Data Protection Officer [Mr Philip Newman]
He can be contacted in writing at:
Data Protection Officer
Newbury Chiropractic Centre
21 Old Newtown Road
Newbury, Berkshire RG14 7DP
You have the right to make a complaint at any time to the supervisory authority in
the UK for data protection matters, the Information Commissioner’s Office (ICO).
You don't have to live your life in pain – arrange a consultation and see how we can help youContact us now
What our patients say
Here at Newbury Chiropractic Centre we are very proud of the great results that we achieve for our patients – but don't just take our word for it, see for yourself!
“After treatment, I’m pain free following injuries to my ankle and shoulder. I can now run and keep up with the children!”
“Every visit I have my treatment explained and am invited to come back whenever I feel I need more treatment. I know when it is time for my next visit because my body tells me, the timing is just right.”
“I have less pain, more flexibility and less reliance on painkillers, less time off work and am able to do more with my family. Regular checkups help prevent any flare-ups.”