What we store and why
When you supply your personal details to this app they are stored and processed for 4 reasons (the bits in bold are the relevant terms used in the Data protection Act 2018, which includes the General Data Protection Regulation):
- We need to collect personal information about your health in order to provide you with the best possible treatment, for this we ask your “Consent“
- We have a “Legitimate Interest” in collecting that information, because without it we couldn’t do our job effectively and safely.
- We also think that it is important that we can contact you in order to confirm your appointments with us or to update you on matters related to your medical care. This again constitutes “Legitimate Interest”, but this time it is your legitimate interest.
- Provided we have your “Consent“, we may use your anonymised and non-identifiable data for research and/or public awareness on the effects of complementary and alternative medicine. This is so we can increase the understanding and uptake of complementary and alternative medicine where it is shown to be beneficial, hopefully through public health services or insurers. To do this we may share your anonymised and non-identifiable data with third party researchers.
How long we store your data
We keep your personal data for no longer than reasonably necessary.
We keep patient records for a period of 7 years (or until age 25, if this is longer) in accordance with medical professional bodies. We retain anonymised and non-identifiable data for research and statistical analysis for 14 years.
After this period you can ask us to delete your records if you wish.
At any time you may request that changes are made to your contact details.
How we store your data
- Electronic records are stored on WP Engine servers, one of the safest and most trusted providers of internet hosting services in the UK. This provider is fully compliant with the General Data Protection Regulations.
- Personal data and medical data are stored separately. The latter is given a unique identifier code which YourClinic, through its coding, is able to display together for patients and practitioners when logged into the website.
- Only patients and patient’s practitioners will be able to access personal and medical data in this way. No other practitioners or patients will be able to see this information. YourClinic, as the data custodians are also able to access this data, though the personal and medical are stored separately on the back end of the website.
Sharing your personal data
Your personal data will be treated as strictly confidential, and will only be shared in specific circumstances:
-
- With the below named third parties with your explicit consent
- With research partners with your explicit consent. This data will be anonymised and thus unidentifiable.
- Only your MYMOP® data: ‘Symptom 1’, ‘Symptom 2’, ‘How bad’, ‘How long’, ‘Activity’, ‘How bad’, ‘Wellbeing’, ‘Medication data’ and Practitioner notes: ‘Diagnostic data’, for instance; ‘Tongue diagnosis’, ‘Pulse diagnosis’, ‘Constitutional factor’, ‘Full diagnosis’, ‘Treatment strategy’. Not including ‘’Additional conditions(s) data’. Also ‘Treatment data’, for instance; ‘Points used’, ‘Additional points’, ‘Additional notes’.
- We use a questionnaire called MYMOP® in our data collection. Meaningful Measures Ltd operates the licence for MYMOP® and collects anonymised and non-identifiable data from all users around the world to create a database of anonymised concerns/symptoms/activities. This data collection helps organisations understand people’s needs. Your MYMOP® data will be fully anonymised and sent securely to Meaningful Measures Ltd, for more information see their data share policy
- Only your MYMOP® data: ‘Symptom 1’, ‘Symptom 2’, ‘How bad’, ‘How long’, ‘Activity’, ‘How bad’, ‘Wellbeing’, ‘Medication data’ will be shared with them.
- With the relevant authority such as the police or a court, if necessary, for compliance with a legal obligation to which the practitioner is subject e.g. a court order
- With your doctor or the police if necessary to protect your or another person’s life
- With the police or a local authority for the purpose of safeguarding a child or vulnerable adult
- With your practitioners regulatory body, or their insurance company in the event of a complaint or insurance claim being brought against them.
- Practitioners may share your data with solicitors in the event of any investigation or legal proceedings being brought against them.
Third parties
We use Formidable Forms for some of our forms and Mailchimp for newsletters, the latter are only used for YourClinic to contact practitioners, or in the event of a data breach for which we will inform you directly. These platforms hold personal information. We use WP Engine as our hosting services which stores our databases of personal and sensitive information. We use the MYMOP® form from Meaningful Measures Ltd to collect research quality health data. We use Stripe for our online payments. For their respective privacy policies please use the links below
Further processing
If we wish to use your personal data for a new purpose, not covered by this Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
Your rights
You have the right to see what personal data of yours we hold, and you can also ask us to correct any factual errors. Provided the legal minimum period has elapsed, you can also ask us to erase your records.
If you feel that we are mishandling your personal data in some way, you have the right to complain. Complaints need to be sent to the “Data Controller”. Here are the details you need for that:
Joe Jennings: joe@yourclinic.care
If you are not satisfied with our response, then you have the right to raise the matter with the Information Commissioner’s Office.
You can contact the Information Commissioners Office on 0303 123 1113 or via emailhttps://ico.org.uk/global/contact-us/email/