ASK A QUESTION
GET DIRECTIONS
PRIVACY POLICY
GDPR, Privacy and Cookies Policy
1
.
We
at
Osteopathy
Derby
take
your
privacy
seriously.
This
policy
covers
the
collection,
processing
and
other
use
of
personal
data
under
the
Data
Protection
Act
1998
(“DPA”)
and
the
General
Data
Protection
Regulations
(“GDPR”).
2
.
For
the
purpose
of
the
DPA
and
GDPR
we
are
the
data
controller
and
any
enquiry
regarding
the
collection
or
processing
of
your
data
should
be
addressed
to
Mike
Bexson
at
Osteopathy
Derby,
Unit
1,
Park
Farm
Surgeries,
Park
Farm
Drive,
Allestree,
Derby,
DE22
2RP.
Alternatively,
you
can
email
your
enquiry
to
info@osteopathyderby.co.uk.
Information we collect
3
.
We
will
collect
personal
data
directly
provided
to
us
by
you,
e.g.
your
name,
e-mail
address,
home
or
work
address
and
telephone
number,
and
past
medical
history.
This
has
been
provided
to
us
by
you,
therefore,
with your consent.
4
.
Some
treatments
should
not
be
performed
under
certain
medical
conditions,
therefore,
the
information
you
provide
to
us
should
include
all
known
medical
conditions
and
all
questions
should
be
answered
honestly.
It
is
your
responsibility
to
keep
the
therapist
updated
as
to
any
changes
in
your
medical
profile
and
there
shall
be
no
liability
on
the
therapist’s
part
should
you fail to do so.
5
.
Your
payment
information
provided
when
you
make
a
purchase
through
credit/debit
card
is
not
received
or
stored
by
us.
That
information
is
processed
securely
and
privately
by
the
third-party
payment
processors
that
we
use.
Osteopathy
Derby
will
not
have
access
to
that
information
at
any
time.
We
may
share
your
personal
data
with
our
payment
processors,
but
only
for
the
purpose
of
completing
the
relevant
payment
transaction.
Such
payment
processors
are
banned
from
using
your
personal
data,
except
to
provide
these
necessary
payment
services
to
us,
and
they
are
required
to
maintain
the
confidentiality
of
your
personal
data
and
payment information.
Use of your information
6
.
We
may
hold
and
process
personal
data
that
you
provide
to
us
in
accordance
with
the
DPA
and
GDPR.
The
information
that
we
collect
and
store
relating
to
you
is
primarily
used
to
enable
us
to
provide
our
services/advise to you.
7
.
In
addition,
we
may
use
the
information
for
the
following purposes:
8
.
To
notify
you
about
any
changes
to
our
services,
such
as
improvements
or
service/product
changes,
that
may
affect
our
service.
We
may
contact
you,
where
you
have
consented,
to
receive
our
e-newsletter
from
time
to
time.
Disclosure of your information
9
.
We
may
disclose
your
information
to
regulatory
bodies
to
enable
us
to
comply
with
the
law
and
to
assist
fraud
protection.
Please
be
assured
that
we
do
not
reveal
any
information
about
identifiable
individuals
to
our
advertisers.
Controlling the use of your data
1
0
.
If
you
have
given
us
consent
to
use
your
data
for
a
particular
purpose
you
can
revoke
or
vary
that
consent
at
any
time.
If
you
do
not
want
us
to
use
your
data
or
you
wish
to
vary
the
consent
that
you
have
provided
you
can
write
to
us
or
email
us
using
the
information
detailed in clause 2.
Where we store and transfer your data
1
1
.
As
part
of
the
services
offered
to
you
by
Osteopathy
Derby,
the
information
you
provide
to
us
may
be
transferred
to
and
stored
in
countries
outside
of
the
European
Economic
Area
(EEA)
as
we
use
remote
website
server
hosts
to
provide
our
booking
software,
website
and
some
other
aspects
of
our
service,
which
may
be
based
outside
of
the
EEA,
or
use
servers
based
outside
of
the
EEA
-
this
is
generally
the
nature
of
data
stored
in
“the
Cloud”.
It
may
also
be
processed
by
staff
operating
outside
the
EEA
who
work
for
one
of
our
suppliers,
e.g.
our
website
server
host,
or
work
for
us
when temporarily outside of the EEA.
1
2
.
We
have
a
legal
obligation
to
retain
your
records
for
8
years
after
your
most
recent
appointment,
after
this
period
you
may
ask
us
to
delete
your
records
if
you
wish.
Otherwise
we
will
retain
your
records
so
that
we
may
provide
you
with
the
best
possible
care
should
you
need to see us at some future date.
Our records are stored:
•
On
paper
in
locked
filing
cabinets
in
an
alarmed
building.
•
Electronically
using
a
cloud
based
booking
software
system
10
to
8.
This
provider
has
given
us
their
assurances that they are fully compliant with GDPR.
•
We
will
never
share
your
data
with
other
companies
for
marketing purposes.
•
We
will
only
share
your
data
to
other
medical
professionals with your written consent.
Only
the
following
people
will
have
routine
access
to
your data:
•
Your
practitioner,
Nicky
Healy,
in
order
that
we
may
provide you with appropriate treatment.
•
Our
booking
software
provider,
10
to
8
in
storing
your
contact details.
Security
1
3
.
The
transmission
of
information
via
the
internet
or
email
is
not
completely
secure.
Although
we
will
do
our
best
to
protect
your
personal
data,
we
cannot
guarantee
the
security
of
data,
any
such
transmission
is
at
your
own
risk.
Once
we
have
received
any
personal
data,
we
will
use
strict
procedures
and
security
features
to
try
to
prevent unauthorised access.
Use of cookies on our website
1
4
.
Our
Website
uses
cookies.
We
use
cookies
to
gather
information
about
your
computer
for
our
services
and
to
provide
statistical
information
regarding
the
use
of
our
Website.
Such
information
will
not
identify
you
personally
-
it
is
statistical
data
about
our
visitors
and
their
use
of
our
Website.
This
statistical
data
does
not
identify
any
personal
details
whatsoever.
We
may
also
gather
information
about
your
general
Internet
use
by
using
a
cookie
file.
Where
used,
these
cookies
are
downloaded
to
your
computer
automatically.
This
cookie
file
is
stored
on
the
hard
drive
of
your
computer,
as
cookies
contain
information
that
is
transferred
to
your
computer's
hard
drive.
They
help
us
to
improve
our
Website
and
the
service
that
we
provide
to
you.
All
computers
have
the
ability
to
decline
cookies.
This
can
be
done
by
activating
the
setting
on
your
browser
which
enables
you
to
decline
the
cookies.
Please
note
that
should
you
choose
to
decline
cookies,
you
may
be
unable to access particular parts of our Website.
Third party links
1
5
.
You
might
find
links
to
third
party
websites
on
our
website.
These
websites
should
have
their
own
privacy
policies,
which
you
should
check.
We
do
not
accept
any
responsibility
or
liability
for
their
policies
whatsoever
as
we have no control over them.
Your rights
1
6
.
The
DPA
and
GDPR
give
you
the
right
to
access
information
held
about
you
by
us
at
any
point.
Please
write
to
us
or
contact
us
by
email
if
you
wish
to
request
confirmation
of
what
personal
information
we
hold
relating
to
you.
You
can
write
to
us
at
the
address
detailed
in
clause
2,
above,
or
by
email
to
info@osteopathyderby.co.uk.
There
is
no
charge
for
requesting
that
we
provide
you
with
details
of
the
personal
data
that
we
hold.
We
will
provide
this
information
within
one
month
of
your
requesting
the
data.
1
7
.
You
have
the
right
to
change
the
permissions
that
you
have
given
us
in
relation
to
how
we
may
use
your
data.
You
also
have
the
right
to
request
that
we
cease
using
your
data
or
that
we
delete
all
personal
data
records
that
we
hold
relating
to
you.
You
can
exercise
these
rights
at
any
time
by
contacting
us
using
the
information
detailed in clause 2.
Changes to this policy
1
8
.
We
may
update
these
policies
to
reflect
changes
to
our
services.
Please
regularly
review
these
policies
to
be
informed of how we are protecting your personal data.
1
9
.
We
welcome
any
queries,
comments
or
requests
you
may
have
regarding
this
Privacy
Policy.
Please
do
not
hesitate
to
contact
us
at:
Osteopathy
Derby,
Unit
1,
Park
Farm
Surgeries,
Park
Farm
Drive,
Allestree,
Derby,
DE22
2RP.
Version:
October 2021