GDPR, Privacy and Cookies Policy 1 . We   at   Osteopathy   Derby   take   your   privacy   seriously.   This policy   covers   the   collection,   processing   and   other   use   of personal    data    under    the    Data    Protection    Act    1998 (“DPA”)    and    the    General    Data    Protection    Regulations (“GDPR”). 2 . For   the   purpose   of   the   DPA   and   GDPR   we   are   the   data controller   and   any   enquiry   regarding   the   collection   or processing   of   your   data   should   be   addressed   to   Mike Bexson     at     Osteopathy     Derby,     Unit     1,     Park     Farm Surgeries,   Park   Farm   Drive,   Allestree,   Derby,   DE22   2RP. Alternatively,      you      can      email      your      enquiry      to info@osteopathyderby.co.uk.   Information we collect 3 . We   will   collect   personal   data   directly   provided   to   us   by you,    e.g.    your    name,    e-mail    address,    home    or    work address     and     telephone     number,     and     past     medical history.   This   has   been   provided   to   us   by   you,   therefore, with your consent. 4 . Some     treatments     should     not     be     performed     under certain    medical    conditions,    therefore,    the    information you    provide    to    us    should    include    all    known    medical conditions     and     all     questions     should     be     answered honestly.   It   is   your   responsibility   to   keep   the   therapist updated   as   to   any   changes   in   your   medical   profile   and there   shall   be   no   liability   on   the   therapist’s   part   should you fail to do so. 5 . Your   payment   information   provided   when   you   make   a purchase    through    credit/debit    card    is    not    received    or stored   by   us.   That   information   is   processed   securely   and privately   by   the   third-party   payment   processors   that   we use.    Osteopathy    Derby    will    not    have    access    to    that information   at   any   time.   We   may   share   your   personal data    with    our    payment    processors,    but    only    for    the purpose       of       completing       the       relevant       payment transaction.   Such   payment   processors   are   banned   from using    your    personal    data,    except    to    provide    these necessary   payment   services   to   us,   and   they   are   required to   maintain   the   confidentiality   of   your   personal   data   and payment information. Use of your information 6 . We    may    hold    and    process    personal    data    that    you provide   to   us   in   accordance   with   the   DPA   and   GDPR.   The information   that   we   collect   and   store   relating   to   you   is primarily      used      to      enable      us      to      provide      our services/advise to you. 7 . In     addition,     we     may     use     the     information     for     the following purposes: 8 . To   notify   you   about   any   changes   to   our   services,   such   as improvements    or    service/product    changes,    that    may affect   our   service.   We   may   contact   you,   where   you   have consented,    to    receive    our    e-newsletter    from    time    to time. Disclosure of your information 9 . We   may   disclose   your   information   to   regulatory   bodies to   enable   us   to   comply   with   the   law   and   to   assist   fraud protection.   Please   be   assured   that   we   do   not   reveal   any information      about      identifiable      individuals      to      our advertisers. Controlling the use of your data 1 0 . If    you    have    given    us    consent    to    use    your    data    for    a particular   purpose   you   can   revoke   or   vary   that   consent at   any   time.   If   you   do   not   want   us   to   use   your   data   or you   wish   to   vary   the   consent   that   you   have   provided   you can    write    to    us    or    email    us    using    the    information detailed in clause 2. Where we store and transfer your data 1 1 . As   part   of   the   services   offered   to   you   by   Osteopathy Derby,    the    information    you    provide    to    us    may    be transferred    to    and    stored    in    countries    outside    of    the European    Economic    Area    (EEA)    as    we    use    remote website   server   hosts   to   provide   our   booking   software, website   and   some   other   aspects   of   our   service,   which may   be   based   outside   of   the   EEA,   or   use   servers   based outside   of   the   EEA   -   this   is   generally   the   nature   of   data stored   in   “the   Cloud”.   It   may   also   be   processed   by   staff operating    outside    the    EEA    who    work    for    one    of    our suppliers,   e.g.   our   website   server   host,   or   work   for   us when temporarily outside of the EEA. 1 2 . We   have   a   legal   obligation   to   retain   your   records   for   8 years    after    your    most    recent    appointment,    after    this period   you   may   ask   us   to   delete   your   records   if   you wish.   Otherwise   we   will   retain   your   records   so   that   we may   provide   you   with   the   best   possible   care   should   you need to see us at some future date. Our records are stored: • On     paper     in     locked     filing     cabinets     in     an     alarmed building. • Electronically    using    a    cloud    based    booking    software system    10    to    8.    This    provider    has    given    us    their assurances that they are fully compliant with GDPR. • We   will   never   share   your   data   with   other   companies   for marketing purposes. • We     will     only     share     your     data     to     other     medical professionals with your written consent. Only    the    following    people    will    have    routine    access    to your data: • Your    practitioner,    Nicky    Healy,    in    order    that    we    may provide you with appropriate treatment. • Our   booking   software   provider,   10   to   8   in   storing   your contact details. Security 1 3 . The    transmission    of    information    via    the    internet    or email   is   not   completely   secure.   Although   we   will   do   our best   to   protect   your   personal   data,   we   cannot   guarantee the   security   of   data,   any   such   transmission   is   at   your own   risk.   Once   we   have   received   any   personal   data,   we will   use   strict   procedures   and   security   features   to   try   to prevent unauthorised access. Use of cookies on our website 1 4 . Our    Website    uses    cookies.    We    use    cookies    to    gather information   about   your   computer   for   our   services   and to   provide   statistical   information   regarding   the   use   of our    Website.    Such    information    will    not    identify    you personally   -   it   is   statistical   data   about   our   visitors   and their   use   of   our   Website.   This   statistical   data   does   not identify   any   personal   details   whatsoever.   We   may   also gather   information   about   your   general   Internet   use   by using    a    cookie    file.    Where    used,    these    cookies    are downloaded     to     your     computer     automatically.     This cookie   file   is   stored   on   the   hard   drive   of   your   computer, as    cookies    contain    information    that    is    transferred    to your   computer's   hard   drive.   They   help   us   to   improve   our Website    and    the    service    that    we    provide    to    you.    All computers   have   the   ability   to   decline   cookies.   This   can be   done   by   activating   the   setting   on   your   browser   which enables    you    to    decline    the    cookies.    Please    note    that should    you    choose    to    decline    cookies,    you    may    be unable to access particular parts of our Website. Third party links 1 5 . You    might    find    links    to    third    party    websites    on    our website.   These   websites   should   have   their   own   privacy policies,   which   you   should   check.   We   do   not   accept   any responsibility   or   liability   for   their   policies   whatsoever   as we have no control over them. Your rights 1 6 . The    DPA    and    GDPR    give    you    the    right    to    access information   held   about   you   by   us   at   any   point.   Please write   to   us   or   contact   us   by   email   if   you   wish   to   request confirmation    of    what    personal    information    we    hold relating    to    you.    You    can    write    to    us    at    the    address detailed      in      clause      2,      above,      or      by      email      to info@osteopathyderby.co.uk.    There    is    no    charge    for requesting    that    we    provide    you    with    details    of    the personal     data     that     we     hold.     We     will     provide     this information   within   one   month   of   your   requesting   the data. 1 7 . You   have   the   right   to   change   the   permissions   that   you have   given   us   in   relation   to   how   we   may   use   your   data. You   also   have   the   right   to   request   that   we   cease   using your   data   or   that   we   delete   all   personal   data   records that    we    hold    relating    to    you.    You    can    exercise    these rights   at   any   time   by   contacting   us   using   the   information detailed in clause 2. Changes to this policy 1 8 . We   may   update   these   policies   to   reflect   changes   to   our services.    Please    regularly    review    these    policies    to    be informed of how we are protecting your personal data. 1 9 . We   welcome   any   queries,   comments   or   requests   you may   have   regarding   this   Privacy   Policy.   Please   do   not hesitate   to   contact   us   at:   Osteopathy   Derby,   Unit   1,   Park Farm   Surgeries,   Park   Farm   Drive,   Allestree,   Derby,   DE22 2RP. Version: October 2021