Who we are
Our website address is: http://andreacoote.co.uk.
As we record and use sensitive data we take the protection of this data very seriously. We have therefore appointed a Data Protection manager, Simon Coote, who is your first point of contact for any matters regarding your personal data we process. He can be contacted on 01243 858 200, his email address is email@example.com and the postal address is 2 Palmer’s Raod, Emsowrth, Hampshire, PO10 7DL.
Purpose of this privacy notice
This privacy notice aims to give you a summary on how Andrea Coote collects and processes your personal data during and after your time as a patient.
The Data Controler at Andrea Coote is responsible for your personal data (collectively referred to as Andrea Coote, “we”, “us” or “our” in this privacy notice).
Name or title of Data Privacy Manager: Simon Coote Email address: firstname.lastname@example.org
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).
The data we collect about you
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together follows:
- Identity Data includes[title, first name, last name, date of birth and gender].
- Contact Data includes [email address, home address, billing address and telephone numbers].
- Special Category Data includes information about your [health, genetics, sex life, sexual orientation, race, ethnic origin and religion].
- Financial Data includes [bank account and payment card details].
- Transaction Data includes [details about payments to and from you and other details of products and services you have purchased from us].
How is your personal data collected?
We use different methods to collect data from and about you including through:
Direct interactions. You may give us your Identity, Contact, Special Category and Financial Data when you become a patient.
Third parties. We may receive personal data about you from various third parties and public sources as set out below:
Referrers: who may provide us with Special Category data to facilitate your treatment with us.
- Insurance Companies
- Medical Doctors eg your GP
Purposes for which we will use your personal data
Performance of our contract with you
To register you as a new patient or take steps to register you as a new patient.
To comply with our obligations under our contract, namely to provide you with the necessary treatment.
- To collect and recover money owed to us.
Legal or regulatory obligation
- We also rely on the legal or regulatory obligation ground to process your data in some circumstances.
Condition under which we process your special category data
To process your special category we rely on the contractual ground and also the special condition which allows health professionals to process the data for the purposes of preventative or occupational medicine, and the provisions of health care treatment.
Disclosures of your personal data
- We may have to share your personal data with the parties set out below:
- Professional healthcare practitioners including [x-ray reporters to report on x-rays, MRI reporters to report on MRI’s, radiologists and radiographers to facilitate a referral for imaging investigation, to keep your GP informed or other relevant medical doctor and any locum chiropractors working for us to facilitate your continued treatment]].
- Service providers based in UK who provide IT and system administration services.
- Service providers outside the UK who provide IT and system administration eg electronic diary
- Professional advisers including lawyers, bankers, auditors and insurers based in the United Kingdom who provide consultancy, banking, legal, insurance and accounting services.
- HM Revenue & Customs, regulators and other authorities based in the United Kingdom who require reporting of processing activities in certain circumstances.
- Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for.
Your legal rights
Under certain circumstances, you have rights under data protection laws in relation to your personal data.
- Request access to your personal information (commonly known as a “data subject access request”).
- Request correction of the personal information that we hold about you.
- Request erasure of your personal information.
- Object to processing of your personal information where we are relying on a legitimate interest.
- Request the restriction of processing of your personal information. T
- Request the transfer of your personal information to another party.
- Withdraw consent at any time where we are relying on consent to process your personal data.
If you would like to exercise any of the above rights, please contact Data Privacy Manager in writing.