4 days a week
The body and mind
as a whole is a delicately balanced living miracle,
knowing this we treat each patient as a unique individual
Tel: (01302) 320023
Privacy Notice & Data Protection Policy
Healing Partners Ltd takes protecting your data seriously, and will only collect and process data that is required to deliver our services, is lawful and maintains sufficient records to comply with our professional, legal and insurance requirements.
Tel: (01977) 620630
This Policy sets out Healing Partners Ltd. strategic commitment to data protection. It is the policy of business to ensure the confidentiality, integrity and availability of information owned by both Healing Partners Ltd and clients is maintained in order to:
* Ensure continued quality of service
* Meet the business contractual, legal and regulatory obligations
* Meet the needs and expectations of other interested parties.
Information security management shall be treated as an integral part of management activities and will be pursued in the same manner and with the same vigour as other managerial objectives.
Healing Partners Ltd. is committed to ensuring that personal data:
* is processed fairly and lawfully
* is only obtained for specified and lawful purposes
* is adequate, relevant and not excessive to the purpose(s) of which it is processed
* is accurate and kept up to date
* is not kept for longer than is necessary
* is processed in accordance with the rights of the data subjects
* is kept secure and is protected from unauthorised and unlawful processing and against accidental loss or destruction or damage by appropriate technical and organisational measures
* is not transferred to a country or territory outside of the EEA unless an adequate level of protection and rights and freedoms of the data subject(s) are ensured
1. Controller’s name and contact details
This statement applies to the processing of data by:
Healing Partners Ltd. the data controller and any contracted data processors appointed to provide a service to:
Healing Partners Limited, Midsummer House, Top House Court, Kirk Smeaton, North Yorkshire WF8 3LA
Tel: 01977 620630
2. Collection and storage of personal data as well as type, purpose and legal basis
b) When you contact us with an enquiry. Email enquiries are automatically forwarded from the email host account at Namesco Limited (GB), Acton House, Perdiswell Park, Worcester WR3 7GD (for terms and conditions see https://www.names.co.uk/info/terms). Emails are forwarded to our cloud hosted email service at yahoo.com (see their privacy centre at https://policies.yahoo.com/us/en/yahoo/terms/index.htm). Alternatively, you can contact us by phone, where paper enquiry records are kept and stored in a locked, secure environment. At enquiry stage we collect your personal contact details, and any information you voluntarily give us concerning your treatment needs. If you progress with a consultation and treatment nder our professional requirements, we are obliged to retain patient contact history for a minimum of seven years (or to age 25 in the case of minors). We only use your data for the purposes of completing your enquiry, and practice auditing. We do not use this data for electronic or direct marketing purposes.
d) When you attend an appointment. We may ask you to check and update your registration information (see c above). Your consultation will be with a qualified acupuncturist, who is required to record patient notes regarding diagnosis and treatment, advice given, referral suggestions and review information. These records are required to be retained for a period of seven years after the date of last treatment (or age 25 in the case of minors), in compliance with our professional body The British Acupuncture Council https://www.acupuncture.org.uk. Only authorised persons have access to patient records, which are stored in password protected systems and/or in a locked, secure environment. When returning for repeat treatments and booking repeat appointment, the above also applies. We do not use your personal treatment data for marketing purposes, nor do we share this information with third parties unless we are required by law or under supervision of The British Acupuncture Council.
e) Accounting and business administration. We are required by law to keep records of business income, which includes records of patient appointments and payments, including contact details used for invoicing and receipts (name, address, telephone, email, dates of treatments,
category of treatment and amounts paid). This information is shared with our financial accountants Haigh & Co. Fulham Lane, Doncaster DN6 9BW, and retained for the statutory period. The information is used only for transactional and accounting purposes. This data is held in cloud-based accountancy software, Quick Books (Intuit Limited, 1 Cathedral Piazza, Victoria, London SW1E 5BP). The data is encrypted (see the security page https://quickbooks.intuit.com/uk/data-security/).
f) For payment processing. When you book your appointment you can pay through the cloud hosted appointment booking service provided by Acuity Scheduling Inc. (see 2 c above)
Your personal data will be passed on to third parties to the extent permitted by law and required pursuant to Art. 6 (1) sentence 1 lit. b GDPR for the purpose of payments and maintaining contractual relationships with you. This includes, in particular, the transfer of payment data to payment service providers or banking institutes in order to carry out payment transactions. These third parties are not permitted to use this data passed on to them for any other than the aforementioned purposes.
g) Personal and Special category data may be collected for statutory recording of accidents, and in reporting adverse events. Where possible this will be anonymised.
h) Provision has been made for the safekeeping, transfer and timely destruction of records in the event of death or serious injury to the Data Controller.
3. Rights of data subjects
You have the right:
Pursuant to Art. 15 GDPR to request information regarding your personal data processed by us. In particular, you may request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of appeal, the origin of your data, if this was not collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information on their details;
Pursuant to Art. 16 GDPR, to demand immediate rectification of incorrect data or completion of personal data stored by us;
Pursuant to Art. 17 GDPR, to request erasure of your personal data stored by us after the statutory 7 year retention period for medical records unless the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
Pursuant to Art. 18 GDPR, to restrict the processing of your personal data in as far as you dispute the accuracy of the data, if the processing is unlawful but you reject the erasure of data and we no longer need the data, but if you need such data in order to assert, exercise or defend legal claims or if you have filed an objection to processing pursuant to Art. 21 GDPR;
Pursuant to Art. 7 (3) GDPR, to revoke your prior consent at any time to data processed for reasons other than legitimate interest. As a result, we are then no longer permitted to continue processing data based on this consent in the future;
Pursuant to Art. 77 GDPR, to complain to a regulatory authority. For this purpose, you can generally contact the regulatory authority responsible for your usual place of residence or workplace or our company’s registered office.
The contact details of the regulatory authority responsible for our company’s registered office are as follows:
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, Tel 0303 123 1113 https://ico.org.uk/global/contact-us/.
4. Right of objection
If your personal data is processed on the basis of our legitimate interests pursuant to Art. 6 (1) sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR.
If you wish to exercise your right of revocation or objection, simply write to Healing Partners Ltd., Midsummer House, Top House Court, Kirk Smeaton, North Yorkshire WF8 3LA, or send an email to email@example.com,uk. We reserve the right to require proof of identity with all such requests.
5. Data security
Please note that transmitting information and data over the Internet always poses a security risk. We have implemented technical and organisational measures to protect your personal data from unauthorised access, as far as is practically possible, and have terms of service in place with third party system providers as documented above.
“data subject(s)”, “personal data” and “sensitive personal data” have the meanings defined within the Data Protection Act.
This policy, supporting policies and procedures will be subject to periodic internal audit and may be subject to external audits as necessary by the Information Commissioner.
The Business recognises data subject’s rights to raise a Subject Access Request. A formal request from a data subject for information that is held must be made in writing. A fee is payable by the data subject for provision of this information.
The Directors have overall responsibility and authority to ensure that this Policy is effectively implemented and delivered throughout the Business. All personnel are required to play an active role in the protection of company assets and treat information security appropriately in order that this purpose can be achieved.
To support this Policy, the management overseeing security and risk will produce subject specific policies and supporting procedures which will be reviewed and updated in response to changes in risks faced by the Business, legislation, regulation, contractual obligations and operational working practices.
Information security objectives, which are aligned with the business objectives, are reviewed and agreed on an annual basis.
The business recognises the need for continual improvement. The information security management system is constantly reviewed and any changes are communicated to all relevant employees and interested parties.
The Directors will be responsible and have authority for communicating and implementing this policy, supporting policies and procedures within their area of responsibility and will ensure individual accountability. From time to time changes are required to this policy, in order to accommodate changes
in the law or developments within the business. You can view and print the latest version of this privacy statement at any time on the website home page at www.healingpartners.co.uk.
All personnel (i.e. permanent staff, contractors and temporary staff) will adhere to this Policy, supporting policies and procedures.
Failure to comply with this policy, subject specific policies and supporting procedures, may result in disciplinary action being taken.
This Policy and the business performance in meeting its requirements will be monitored and review.
Data Processing Activities are summarised below:
Healing Partners – Data Processing Activities (GDPR)
Healing Partners Limited
Our fully trained acupuncturists at our Doncaster Acupuncture clinic and Pontefract Yorkshire clinic are proud of their professional status as members of the British Acupuncture Council. The British Acupuncture Council (BAcC) is the leading self-regulatory body for the practice of traditional acupuncture in the UK. It is a member-led organisation, governed by an elected executive committee and driven by a specialist staff team.
The British Acupuncture Council provides their members with a wide range of services to assist their practice and work to expand the awareness of traditional acupuncture and how it works. This UK professional acupuncture body representing the interests of fully qualified traditional acupuncturists establishing and maintaining the highest professional standards of practice for acupuncture. It oversees the accrediting of acupuncture education to ensure excellence in training, funds evidence-based clinical research on the benefits of traditional acupuncture, promotes evidence-based research to the public and other healthcare providers and works with the Department of Health towards the statutory regulation of acupuncture in the UK. The British Acupuncture Council also promotes integrated healthcare.
As members of the British Acupuncture Council, we are professionally regulated and are recognised acupuncture practitioners within the broader healthcare community.