SpineArt is committed to safeguarding your privacy and is registered with the Information. Commissioner as Data Controller in respect of your personal information.
What information we may collect from you?
- information that you give us when you enquire or become a patient such as name and contact details
- name and contact details of next of kin
- name and contact details and information from other professionals involved in your medical care
- information that you give us about your occupation, your current and/former health, details of services you receive from me, and other sensitive data
- patient feedback and outcome data
- information about compliments, complaints or incidents
- financial or other information provided when you make a payment
- name and contact details of insurers and other third parties such as employers and solicitors
- information about your computer and about your visits to our website in the form of cookies and Google Analytics
How may we use your information?
- to provide you with healthcare.
- to communicate with other individuals that you ask us to communicate with about your care, which may include other healthcare professionals and their staff, employers, insurance companies, solicitors and family members.
- for account settlement purposes.
- for the purposes of an appropriate business need that does not cause harm such as quality assurance, IT suppliers, maintenance of business records, monitoring outcomes, responding to complaints, compliance with the Private Healthcare Information Network (PHIN).
- for the purposes of a legal or regulatory obligation.
- to establish, exercise or defend our legal rights.
The legal grounds for each of our processing purposes
- We may process your personal data to provide you with healthcare because we have a legitimate interest to do so.
- We may communicate with other individuals that you ask us to communicate with about your care because we have a legitimate interest to do so and you have given us your consent to do so.
- We may process your personal data for account settlement purposes in order to fulfil a contract between you and SpineArt.
- We may process your personal data for quality assurance purposes which include audit, monitoring outcomes, responding to complaints and compliments because we have an appropriate business need that does not cause harm to you.
- We may process your personal data for the purposes of a legal or regulatory obligation because there is a requirement to comply with legal obligations when providing healthcare.
- We may process your data to establish, exercise or defend our legal rights because we have a legitimate interest to do so.
How is your data stored?
Personal data about your healthcare is held in a secure electronic format and is held by Clan William Health (DGL Ltd) of Aurora House, Deltic Avenue, Milton Keynes, MK13 8LW. This organisation is SpineArt’s primary Data Processor and SpineArt has received the necessary assurances that this data is held securely on its Practice Manager Software.
Your personal financial data may be used for billing purposes via Barclays Merchant Services. No card numbers or payment data are permanently held on our electronic systems. Paper copies of invoices and payments may be held securely in SpineArt Ltd premises for book-keeping and tax record purposes. Security of these documents will be maintained at all times.
How long is information kept for?
The minimum retention periods for information are the same those provided within the guidance by the Department of Health for NHS records (8 years).
- Full documentation of what rights you have in relation to your data are contained within the Information Commissioner’s Office website: www.ico.org.uk..
- Amongst other rights you have:
- the right to have a copy of the data we have about you.
- the right to have factual inaccuracies corrected about the data we hold about you.
You also have the right to complain to the Information Commissioner’s Office. If you are unhappy with the way that we have handled any requests in relation to your personal data. More information can be found on the Information Commissioner’s Office website: