Total Health Now Clinic Ltd – Privacy Policy for Patients
Who we are:
We are Total Health Now Clinic Ltd. For the purposes of this notice, the term ‘we’ encompasses all those employed in any capacity by the company to carry out its business.
Our Contact Details:
If you have any questions about this Privacy Notice, please contact:
hello@totalhealthnow.co.uk
1. Privacy laws
The processing of your personal data is governed by the General Data Protection Regulations (GDPR), enacted in the UK by the Data Protection Act 2018.
2. The types of personal data we collect
The personal data we use may include:
• Your name, address and contact details, including email address and home and mobile telephone numbers. If you provide these details, we may use them to contact you unless you ask us not to. This could include emails, texts or voicemail messages;
• Date of birth and gender;
• Information about your previous medical history and any treatment provided by us;
• The terms and conditions of your contract with us for the provision of healthcare and related services;
• Information about medical or health conditions, including whether or not you have a disability for which we need to make reasonable adjustments; and
• Information about how you use our website.
3. How we collect the personal data
We may collect this information in a variety of ways. For example, data might be collected through:
• online web forms completed by you at the start of your treatment;
• correspondence with you; or
• through interviews, meetings or other assessments.
4. Providing your personal data
We will tell you if providing some personal data is optional, including if we ask for your consent to process it. In all other cases, we may need to obtain certain data from you so we can provide care, treatment and products to you and, if you are not willing to provide that information, we may not be able to offer our services to you.
5. What we use your personal data for
1. Provision of healthcare
• To support the provision of your healthcare;
• To decide how best to provide treatment and products to you;
• As necessary to support the healthcare contract with you and to allow us to receive full payment for those services;
• To take steps at your request during the course of our relationship;
• To keep your records up to date.
2. Business purposes
• As necessary for our own legitimate interests or those of other persons and organisations;
• For good governance, accounting, and managing and auditing business operations both internally and by third parties;
• For surveys of patient experience and quality of care;
• To monitor emails, calls, other communications;
• For market research, other surveys and analysis and developing statistics for improving clinical performance.
3. To comply with a legal obligation:
• When you exercise your rights under data protection law;
• For compliance with legal and regulatory requirements;
• For the establishment and defence of legal rights;
• For activities relating to the prevention, detection and investigation of crime;
• To verify your identity, make credit fraud prevention and anti-money laundering checks;
• To investigate complaints, legal claims and data protection or clinical incidents.
6. The legal basis for processing
In providing you our services and products, we will process your personal data under Article 6 (1)b of the General Data Protection Regulations, on the legal basis that processing is necessary for the performance of a contract for the provision of our services or the provision of products to you at your request, or in order to take steps at your request prior to entering into a contract.
In addition, we may process your personal data on the following legal bases;
• Legal obligation: the processing is necessary for compliance with a legal obligation Article 6 (1)(c);
• Vital interests: the processing is necessary to protect someone’s life. Article 6 (1) (d);
• Public interest: the processing is necessary to perform a task in the public interest Article 6 (e);
• Legitimate interests: the processing is necessary for an organisation’s legitimate interests or the legitimate interests of a third-party Article 6 (1) (f);
When processing special category (health) data, we do so in accordance with Article 9 (2)(h) of the General Data Protection Regulations for the purpose of providing health care.
In addition, we may process your special category data on the following legal bases;
• Vital interests of the Data Subject – Article 9 (2) (c);
• Substantial public interest – Article 9 (2) (g);
• Public interest in the area of public health such as protecting against serious cross border threats to health – Article 9 (2) (i).
7. Sharing of your personal data
Subject to applicable data protection laws we may share your personal data with:
• Other healthcare professionals who provide treatment to you at our facilities;
• Subject to your consent, other healthcare providers including your General Practitioner (GP) where we believe this will enhance the quality of your care;
• Sub-contractors and other persons who help us to provide healthcare products and services to you;
• Our legal and other professional advisors, including our auditors;
• Fraud prevention agencies, credit reference agencies, and debt collection agencies;
• Government bodies and agencies in the UK and overseas (e.g. HMRC who may in turn share it with relevant overseas tax authorities and with regulators including the Information Commissioner’s Office and Care Quality Commission (CQC);
• General Medical Council and other professional bodies;
• Courts, to comply with legal requirements, and for the administration of justice;
• In an emergency or to otherwise protect your vital interests;
• To protect the security or integrity of our business operations and other patients;
• When we restructure or buy or sell our business or its assets or have a merger or re-organisation;
• Payment systems and providers; and
• Anyone other party where we have your consent or as required by law
8. Sharing of your personal data for marketing purposes
With your consent, and subject to your communications preferences, we may use your contact details to send you emails containing information on new services and treatments which we think may be of interest to you. We will not share your personal data with a third party without your written consent. You are free at any time to change your mind and withdraw your consent by contacting us using the details given at the top of this Notice.
This will not affect the services we provide to you.
9. How long do we keep your data?
We will seek to delete from our records data which is no longer required within the business, including payment data, as soon as possible. Health-related information will be kept in accordance with guidance from the British Complementary Medicine Association – a minimum of eight years from the date of last treatment. Information may be held for longer periods where any of the following apply:
• Retention in case of queries. We will retain your personal data as long as necessary to deal with any outstanding queries you may have;
• Retention in case of claims. We will retain your personal data for as long as you might legally bring claims against us; and
• Retention in accordance with legal and regulatory requirements. We will retain your personal data after you have received healthcare services based on legal and regulatory requirements and obligations pertaining at any given time.
10. Your rights under applicable data protection law
Your rights are, where applicable:
• The right to be informed about processing of your personal data;
• The right to have your personal data corrected if it is inaccurate and to have incomplete personal data completed;
• The right to object to processing of your personal data;
• The right to restrict processing of your personal data;
• The right to have your personal data erased (the “right to be forgotten”);
• The right to request access to your personal data and information about how we process it;
• The right to move, copy or transfer your personal data (“data portability”); and
• Rights in relation to automated decision-making including profiling
You may exercise these rights by contacting us using the details given at the top of this Notice. You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
11. How to complain
If you have any concerns about our use of your personal information, you can make a complaint to us using the details given at the top of this Notice.
You can also complain to the Information Commissioner’s Office if you are unhappy with how we have used your data;
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk