What we store and why
When you supply your personal details to this app they are stored and processed for 5 reasons (the bits in bold are the relevant terms used in the Data protection Act 2018, which includes the General Data Protection Regulation):
- We need to collect personal information about your health in order to provide you with the best possible treatment, for this we ask your “Consent“
- We have a “Legitimate Interest” in collecting that information, because without it we couldn’t do our job effectively and safely.
- We also think that it is important that we can contact you in order to confirm your appointments with us or to update you on matters related to your medical care. This again constitutes “Legitimate Interest”, but this time it is your legitimate interest.
- Provided we have your “Consent“, we may occasionally send you general health information in the form of articles, advice or newsletters. You may withdraw this consent at any time.
- Provided we have your “Consent“, we may use your anonymised and non-identifiable data for research and/or public awareness on the effects of complementary and alternative medicine. To do this we may share your anonymised and non-identifiable data with third party researchers.
How long we store your data
We keep your personal data for no longer than reasonably necessary.
We keep patient records for a period of 7 years (or until age 25, if this is longer) in accordance with medical professional bodies. We retain anonymised and non-identifiable data for research and statistical analysis for 14 years.
After this period you can ask us to delete your records if you wish.
At any time you may request that changes are made to your contact details.
How we store your data
- Electronic records are stored on ecowebhosting.co.uk. This provider has given us their assurances that they are fully compliant with the General Data Protection Regulations.
- Personal data and medical data are stored separately.
- Only patients and patient’s practitioners will be able to access personal and medical data.
Sharing your personal data
Your personal data will be treated as strictly confidential, and will only be shared in specific circumstances:
- With named third parties with your explicit consent
- With research partners with your explicit consent. This data will be anonymised and thus unidentifiable.
- We use a questionnaire called MYMOP® in our data collection. Meaningful Measures Ltd operates the licence for MYMOP® and collects anonymised and non-identifiable data from all users around the world to create a database of anonymised concerns/symptoms/activities. This data collection helps organisations understand people’ needs. Your MYCaW/MYMOP® data will be fully anonymised and sent securely to Meaningful Measures Ltd, for more information see their data share policy
- With the relevant authority such as the police or a court, if necessary for compliance with a legal obligation to which the practitioner is subject e.g. a court order
- With your doctor or the police if necessary to protect you’re or another person’s life
- With the police or a local authority for the purpose of safeguarding a child or vulnerable adult
- With your practitioners regulatory body, or their insurance company in the event of a complaint or insurance claim being brought against them.
- Practitioners may share your data with solicitors in the event of any investigation or legal proceedings being brought against them.
We use Formidable Forms for some of our forms and Mailchimp for newsletters. These platforms hold personal information. We use Eco Web Hosting as our hosting services which stores our databases of personal and sensitive information. We use the MYMOP® form from Meaningful Measures Ltd to collect research quality health data. We use Stripe for our online payments. For their respective privacy policies please use the links below
If we wish to use your personal data for a new purpose, not covered by this Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
You have the right to see what personal data of yours we hold, and you can also ask us to correct any factual errors. Provided the legal minimum period has elapsed, you can also ask us to erase your records.
If you feel that we are mishandling your personal data in some way, you have the right to complain. Complaints need to be sent to the “Data Controller”. Here are the details you need for that:
Joe Jennings: email@example.com
If you are not satisfied with our response, then you have the right to raise the matter with the Information Commissioner’s Office.
You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/