Susan Adams Acupuncture
(Why I collect your personal data and what I do with it)
Updated 26 Sep 2019
I take your privacy seriously and will only use your personal information to provide the services you have requested of me.
Why do I collect your personal data?
1. I need to collect personal information about your health to provide you with the best possible treatment. Your requesting treatment and my agreement to provide that care constitutes a contract. You can of course, refuse to provide the information, but if you were to do that I would not be able to provide treatment.
2. I have a “Legitimate Interest”, in collecting that information, because without it I could not do my job effectively and safely.
3. I also think that it is important that I can contact you to confirm your appointments with me or to update you on matters related to your medical care. This again constitutes “Legitimate Interest”, but this time it is your legitimate interest.
I have a legal obligation to retain your records for 7 years after your most recent appointment (or if seen anytime as a child, until you reach the age of 25), but after this period I securely destroy records.
Your records are stored:
* Case histories are on paper, in a locked filing cabinet and the clinic is always locked when not in use by me.
* Doctors letters or typed invoices are stored in a password protected computer
* I use Office 365 to correspond with you by email. I am now deleting email correspondence after 30 days.
* Online booking system: Your full name, phone number and email will be in a secure online booking system called Acuity Scheduling. For privacy information in Acuity, please see https://help.acuityscheduling.com/hc/en-us/articles/219149587-Security-Privacy-Compliance
* I use your name and email address in a QuickBooks bookkeeping software which is password protected using a 2 layered system.
* Mailchimp: Your email address and name will be stored for newsletters if you subscribe. This service is encrypted and for more information please see: https://mailchimp.com/about/security/
If you would like your details removed from any of these records, please let me know.
I will not share your data with any third parties without your written consent unless required to by law. You have the right to see what personal data of yours which I hold and you can also ask me to correct any factual errors.
Provided the legal minimum time has elapsed, you can also ask me to erase your records. I automatically delete records if you are an adult and I haven’t seen you for 7 years.
I want you to be confident that I am treating your personal data responsibly and that I am doing everything I can to make sure that I am the only person who see your data.
Of course, if you feel that I am mishandling your personal data in some way, you have the right to complain. Complaints need to be sent to what is referred to in the jargon as the “data controller”.
Here are the details you need to do that:
23 Ford Road
Woking Surrey GU22 9HJ
If you are not satisfied with the response, then you have the right to raise the matter with the Information Commissioner’s Office.
End of Privacy Note