GOOD HEALTH CENTRE PRIVACY & UK GDPR POLICY, JULY 2022
This Privacy & GDPR Policy 2022 describes the Good Health Centres practices regarding the collection, use and disclosure of the information we collect from and about you when you use the Good Health Centre’s website, mobile applications, social media, products and services. By accessing or using the services, you agree to this policy.
This Policy contains the following sections:
The Information We Collect
How We Use Your Information
Cookies and Similar Technologies
Online Analytics and Advertising
How We Share and Disclose Your Information
Third Party Links and Services
International Transfer of Data
How Long We Store Your Information
Changes to Our Policy
How We Protect Your Information
Good Health Centre Contact Information
THE INFORMATION WE COLLECT
Good Health Centre collects a variety of information that you provide directly to us. We process your information, when necessary, to provide you with the services that you have requested when accepting our Terms of Service, or where we have obtained your prior consent, or where we have a legitimate interest to do so. For example, we may have a legitimate interest to process your information to be able to provide treatment, invoice & billing, and enhancement purposes of the services we provide to you, or for analytics, research, and reporting purposes. Without your information, we cannot provide you with the services you have requested or you may be limited in your use of the services.
- Information You Provide to Us
Good Health Centre collects information from you through:
Patient Enquiries and Registration.
Good Health Centre services that you use.
Requests or questions you submit to us via forms or email (e.g., website enquiries, Website chat enquiry, direct email, Facebook messenger).
Your communications and dealings with us.
Your participation in Health Point Clinic sweepstakes, contests, or research studies.
Uploads or posts to social media, website & use of service.
Requests for information through 3rd parties or 3rd party referrals assistance.
Information from and about you:
The types of information we collect will depend upon the services you use, how you use them, and what you choose to provide.
The types of data we collect directly from you may include:
Name, address, D.O.B, telephone numbers and email address.
Optional information may include photographs, patient relationships, referral sources etc.
Any email requests or questions you submit to us.
Demographic information such as your gender, age, etc.
User-generated content you post in public online platforms.
We are required to generate records of all treatment provided. The GOsC – General Osteopathic Council mandate that all data must be kept for a period no shorter than eight years and for children up to their 25th year.
This does not impede your right to be forgotten. We are able to archive your content upon your request but your patient records and notes must be kept in line with GOsC guidelines.
Your records are stored either:
On paper (for patients before 2017), in a locked filing box stored securely within my home office.
Electronically (“in the cloud”), using a specialist medical records service (Cliniko). This provider has given me their assurances that they are fully compliant with the General Data Protection Regulations. Access to this data is password protected, and the passwords are changed regularly.
Information about others:
If you choose to recommend our services online, via social media, on use our online referral service we will use that person’s contact information, which may include their email address or their social network identity, to send an invitation, the platform used stores the information you provide to send the invitation & to register that person.
- Information We Automatically Collect
When you use our services that connect to the Internet, including, but not limited to, when you access the services via our website, your mobile devices, any Good Health Centre software/applications, we automatically collect certain information as described in this Section.
As discussed further below, we and our service providers (which are third party companies that work on our behalf to provide and enhance the services) use a variety of technologies, including cookies and similar tools, to assist in collecting this information.
When you use the services, our servers automatically record certain information in server logs. These server logs may include information such as your web request, Internet Protocol (“IP”) address, browser type and settings, referring / exit pages and URLs, number of clicks and how you interact with links on the services, metadata associated with uploaded Content, domain names, landing pages, pages viewed, mobile carrier, date and time stamp information and other such information.
When you access the services using a mobile device, we collect specific device information, including your MAC address and other unique device identifiers. We also collect information such as the type of device you are using, its operating system, and mobile network information, which may include your mobile phone number. We may associate this device identifier with your account and will use data associated with your device identifier to customize our services to your device and to analyse any device-related issues.
We collect and process general information about the location of the device from which you are accessing the Service (e.g., approximate geographic location inferred from an IP address).
- Information We Collect From Third-Party Integrations
When you use third-party integrations (e.g., Drift, Facebook Messenger, Slack, Asana etc), such providers may allow us to have access to and store additional information about your interaction with those services and platforms as it related to use of the services. If you do not wish to have this information shared, do not initiate these connections.
- Information We Collect from Affiliates and Non-Affiliated Third Parties
Good Health Centre may receive additional information about you, such as demographic information, from third parties, such as business partners, marketers, researchers, analysts, and other parties (e.g Facebook) that we may use to supplement the information that we collect directly from you.
COOKIES AND SIMILAR TECHNOLOGIES
To collect the information in the “Information We Automatically Collect” section above, we and our service providers use Internet server logs, cookies, tags, SDKs, tracking pixels, and other similar tracking technologies. A web server log is a file where website activity is stored. An SDK is a section of code that we embed in our applications and software to allow third parties to collect information about how users interact with the services. A cookie is a small text file that is placed on your computer or mobile device when you visit a site, that enables us to: (i) recognize your computer and login session; (ii) store your preferences and settings; (iii) understand which web pages of the services you have visited; (iv), enhance your user experience by delivering and measuring the effectiveness of content and advertising tailored to your interests; (v) perform analytics; and (vi) assist with security and administrative functions. Tracking pixels (sometimes referred to as web beacons or clear GIFs) are tiny electronic tags with a unique identifier embedded in websites, online ads and/or email, and that are designed to provide usage information like ad impressions or clicks, email open rates, measure popularity of the services and associated advertising, and to access user cookies. As we adopt additional technologies, we may also gather information through other methods.
Please note that you can change your settings to notify you when a cookie is being set or updated, or to block cookies altogether. Please consult the “Help” section of your browser for more information (e.g., Internet Explorer; Google Chrome; Mozilla Firefox; or Apple Safari).
HOW WE USE YOUR INFORMATION
We use your information (including any information that we collect, as described in this Policy) for various purposes depending on the types of information we have collected from and about you and the specific Good Health Centre services you use, including to:
Provide the services you have requested.
Respond to your request for information and provide you with more effective and efficient customer service.
Provide you with product updates and information about products & services you have purchased from us.
Provide you with service notifications via email and SMS.
Contact you by email, postal mail, or phone regarding Health Point Clinic and third-party products, services, surveys, research studies, promotions, special events and other subjects that we think may be of interest to you.
Customize the advertising and content you see.
Help us better understand your interests and needs, and improve our services.
Synthesize and derive insights from your use of different Health Point Clinic products and services.
Engage in analysis, research, and reports regarding use of our services.
Provide, manage, and improve the services.
In its administration of its CCTV system, Good Health Centre complies with the
General Data Protection Regulation (GDPR) and the Data Protection Act 2018.
Due regard is given to the data protection principles embodied in GDPR. These
principles require that personal data shall be:
- a) processed lawfully, fairly and in a transparent manner;
- b) collected for specified, explicit and legitimate purposes and not further
processed in a manner that is incompatible with those purposes;
- c) adequate, relevant and limited to what is necessary in relation to the purposes
for which they are processed;
- d) accurate and, where necessary, kept up to date;
- e) kept in a form which permits identification of the data subjects for no longer
than is necessary for the purposes for which the personal data are processed;
- f) processed in a manner that ensures appropriate security of the personal data,
including protection against unauthorized or unlawful processing and against
accidental loss, destruction or damage, using appropriate technical or
Good Health Centre ensures it is responsible for, and able to demonstrate compliance with GDPR.
ONLINE ANALYTICS AND ADVERTISING
We use third-party web analytics services (e.g., Google Analytics) on our services to collect and analyse the information discussed above, and to engage in auditing, research and reporting. The information (including your IP address) collected by various analytics technologies described in the “Cookies and Similar Technologies” section will be disclosed to or collected directly by these service providers.
- Online Advertising
Third parties or affiliates may administer Good Health Centre banner advertising programs and other online marketing on non-Meadows Osteopath Clinic websites and services. To do so, these parties may set and access first-party cookies delivered from the Good Health Centre domain, or they may use third-party cookies or other tracking mechanisms. For example, a third-party provider may use the fact that you visited Good Health Centre website to target online ads for Good Health Centre services to you on non Good Health Centre websites. Or a third-party ad network might collect information on the services and other websites to develop a profile of your interests and target advertisements to you based on your online behaviour. These parties that use these technologies may offer you a way to opt out of ad targeting as described below. You may receive tailored advertising on your computer through a web browser.
HOW WE SHARE YOUR INFORMATION
Good Health Centre will share your information in the following ways:
We may provide access to or share your information with select third parties who perform services on our behalf. These third parties provide a variety of services to us, including without limitation product manufacture, billing, sales, marketing, provision of content and features, advertising, analytics, research, customer service, shipping and fulfilment, data storage, security, fraud prevention, payment processing, and legal services.
When you initiate a connection with a third-party integration through the services (e.g., Drift, Facebook Messenger, Slack, Asana etc), we will share information about you that is required to enable your use of the third-party integration through the services.
If the ownership of all or substantially all of our business changes, we may transfer your information to the new owner so that the services can continue to operate. In such case, your information would remain subject to the promises and commitments contained in this Policy until such time as this Policy is updated or amended by the acquiring party upon notice to you. If such transfer is subject to additional mandatory restrictions under applicable laws, Good Health Centre will comply with such restrictions.
The services make it possible for you to upload and share comments or feedback publicly (i.e., outside of Good Health Centre mobile and web app) with other users, such as on Good Health Centresocial media, blogs etc. Any information that you submit through such public features is not confidential, and Good Health Centre may use it for any purpose (including in testimonials or other Good Health Centre marketing materials). Any information you post openly in these ways will be available to the public at large and potentially accessible through third-party search engines. Such information can be read, collected and/or used by other users, and it could be used to send you unsolicited messages. Accordingly, please take care when using these features of the services.
From time to time, Good Health Centre may share Aggregate/De-Identified Information about use of the services, such as by publishing a report on usage trends. As stated above, this Policy places no limitations on our use or sharing of Aggregate/De-Identified Information.
We may also disclose your information to third parties with your consent to do so. For example, we will write to your GP to update them on your treatment but only with your consent.
We provide you with a number of choices with respect to the information we collect and use as discussed throughout this policy. For example: – You may instruct us not to use your contact information to contact you by email, postal mail or phone regarding products, services, promotions and special events that might appeal to your interests by contacting us at any time.
In commercial email messages, you can also opt out by following the instructions located at the bottom of such emails.
Please note that, regardless of your request, we may still use and share certain information as permitted by this policy or as required by applicable law. For example, you may opt out of certain operational or service-related emails, such as those reflecting our relationship or transactions with you, but we have to retain your medical records for a period of at least seven years.
THIRD PARTY LINKS AND SERVICES
The services contain links to third-party websites such as social media sites, and also contain third-party integrations. If you choose to use these sites or integrations, you may disclose your information not just to those third-parties, but also to their users and the public more generally depending on how their services function. Because these third-party websites and services are not operated by Good Health Centre, Good Health Centre is not responsible for the content or practices of those websites or services. The collection, use, and disclosure of your personal and other information will be subject to the privacy policies of the third party websites or services, and not this Policy. We urge you to read the privacy and security policies of these third-parties.
Our services are available to all ages. For children under 16, we may need to get consent from someone with parental responsibility. This could be: − the child’s mother or father; − the child’s legally appointed guardian; − a person with a residence order for the child; − a local authority designated to care for the child; or − a local authority or person with an emergency protection order for the child. However, some children under 16 can give consent if they can fully understand the information given to them. This is known as ‘Gillick competence’.
INTERNATIONAL TRANSFER OF DATA
Good Health Centre complies fully with the Data Protection Act 2018 (DPA 2018), and the UK General Data Protection Regulation (UK GDPR).
The Data Protection Act 2018 (DPA 2018), and the UK General Data Protection Regulation (UK GDPR) imposes restrictions on the transfer of personal data outside the UK, to third countries or international organisations, in order to ensure that the level of protection of individuals afforded by (UK GDPR) is not undermined.
Good Health Centre may transfer information that we collect about you to third party processors across international borders outside the UK. These third parties may have access to your information for the limited purpose of providing the service we have contracted with them to provide.
For example our Practice Management Software is cloud based and servers are located in Australia. However, the relevant safeguards & documentation is in place so our patient data is secure and we are comfortable meeting the standards of UK GDPR.
If you want to learn more about the information collected through the services, or if you would like to access or rectify your information and/or request deletion of information we collect about you, or restrict or object to the processing of your information, please contact us using the contact information below. You may have to make a ‘Subject Access Request’ This is covered in the JOIC’s Subject Access Request Policy which is available on request. Where you have provided consent, you may withdraw your consent at any time, without affecting the lawfulness of the processing that was carried out prior to withdrawing your consent. If you are dissatisfied with the way we process your information, you may lodge a complaint with the Jersey Office of Information Commissioner, Jersey’s independent body set up to uphold information rights.
HOW LONG WE STORE YOUR INFORMATION
We will retain your information for the period necessary to fulfil the purposes outlined in this Policy unless a longer retention period is required or permitted by law.
We reserve the right to amend this Policy at any time to reflect changes in the law, our data collection and use practices, the features of our services, or advances in technology. We will make the revised Policy accessible through the services, so you should review the Policy periodically. If we make a material change to the Policy, you will be provided with appropriate notice and we will seek your consent to the updated Policy in accordance with legal requirements.
HOW WE PROTECT YOUR INFORMATION
Good Health Centre takes technical and organisational measures to protect your personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access. However, no method of transmission over the Internet, and no means of electronic or physical storage, is absolutely secure, and thus we cannot ensure or warrant the security of that information. If you have any questions about security on our services, you can contact us on 0113 2371173.