1. The identity of the Data Controller: Lisa Linton
You are hereby informed that the Data that you provide is collected, used, protected and processed by clinic staff in order to carry out the services requested by you and any contact in relation to those services only.
2. Collection of Data
We may collect Data about our clients.
Your data is collected when you contact us, at initial appointment and at other appointments you have with us.
Data we collect fall into the following categories:
Identification information – Contact information – Medical information
This data is gathered directly from you via direct communication with us (i.e. When booking an appointment, when filling out consultation form at initial appointment and at other appointments you have with us)
2.1. Information you provide to us
We process Data you provide directly to us, in particular when completing a Consultation Form.
For example, we collect Data when you create a booking, use the services or otherwise communicate with us.
The Data may include the following data as well as any other type of information that we specifically request you to provide to us through our Consultation Forms, such as:
Name, Address, Date of Birth, Phone Number, Email Address, Doctor’s Details, Next of kin, Medical history, Treatment Notes, Relationship Data, Monies Payed.
3. How we use the Data
We may use information about you for the following purposes:
Identification, Receipts (including Health Insurance and Revenue), Safety of practitioner, Treatment Considerations, To send reminder texts for appointments, to keep cancellations and no shows to a minimum, to cancel/reschedule appointment, to know if you present with serious medical issues, to liaise with your GP or specialist, to contact your next of kin if you feel unwell while attending the clinic, to make sure that our therapists understand what you are presenting with on a given day, to decide if treatment is appropriate and if so what kind, to carry out treatments in a safe way, To keep a record of what happened during any contact with you, to track effectiveness, or otherwise, of treatments, To keep a record of who you were referred by to help us understand and improve our marketing and services, to keep record of who parent/guardian is to book appointments, pay for treatments, and discuss treatment options (if client you are under 18 or a vulnerable adult), To make sure treatments have been paid for up to date and in full, to issue receipts and for tax purposes.
According to the GDPR, each Data processing is performed on one of the following legal basis:
Your consent, The performance of the service requested by you.
4. How we share your Data
4.1. If requested by you to transfer data to another therapist, solicitor, and/or medical professional, a photocopy of the client’s original physical document file(s), kept by the clinic, will be sent by registered post, to the address provided by the client. You must sign consent to this transfer, which states the date, name and address of the recipient and acknowledgement of permission to send. This will be kept with your file, as a record of the transfer and request to do so. You will be responsible for all charges.
4.2. In response to a request for information if we are required by, or believe disclosure is required by, any applicable law, regulation or legal process, including in connection with lawful requests by law enforcement, national security, or other public authorities (example: An Garda Síochána).
5. The period of Data retention
Our insurance providers require us to retain all Client Data for a minimum of 5 years after the client’s last appointment. Other entities (i.e. organisations and Revenue) require us to keep certain Client Data for a minimum of 7 years after the client’s last appointment. Therefore, certain Client Data obtained between 5 and 7 years ago may be retained by the clinic at the full discretion of Lisa Linton. Data of clients who have not attended the clinic in 7 years or more will be retained by the clinic and will be destroyed in due course. This will be done on an annual basis. (GDPR states that clients have a right to be forgotten and can request data deleted, however the the clinic may refuse to treat client if this is requested as we require this data to treat clients safely and effectively)
6. Data amendments
If a client’s name, address, phone No., email address, doctor’s details, next of kin, medical history, relationship data and/or treatment information changes, the treating therapist may amend the Client Data when informed by the client. If client’s name, address, phone number, and/or treatment category is amended on the Client’s physical document files, it will be amended on the Business Laptop, Business DropBox System, Business Mobile, Business Diary, Business External Hardrive and Business USB stick by Lisa Linton in due course.
We are committed to taking appropriate measures designed to keep your Data secure. Our technical, administrative and physical procedures are designed to protect Data from loss, theft, misuse and accidental, unlawful or unauthorized access, disclosure, alteration, use and destruction. We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once it is received.
8. Your rights
Under the General Data Protection Regulations 2018 (GDPR) individuals have the significantly strengthened rights to:
Obtain details about how their data is processed by an organisation or business; Obtain copies of personal data that an organisation holds on them; Have incorrect or incomplete data corrected; Have their data erased by an organisation, where, for example, the organisation has no legitimate reason for retaining the data; Obtain their data from an organisation and to have that data transmitted to another organisation (Data Portability); Object to the processing of their data by an organisation in certain circumstances.
9. In the event of a Breach
Every precaution will be taken to avoid a breach of your Data, but if such a breach should occur, it will be documented, assessed as to its severity and appropriate action taken. The Data Protection Commission will be informed, An Garda Siochana and financial institutions will be contacted for assistance and you will be contacted to help you take steps to mitigate the risks to yourself, if it is deemed a severe enough breach as to put you, your identity, your financial means etc. at risk.