Data Protection Policy

DATA PROTECTION POLICY

Nadia Sempels Acupuncture takes your privacy seriously. I am committed to protecting the rights of individuals in line with current Data Protection legislation. As a member of the British Acupuncture Council (BAcC no. 958836), I adhere to the Code of Professional Conduct 2015, and therefore also to the Data Protection Act (DPA) 1998. From May 2018, I also put measures in place to adhere to the General Data Protection Regulation (GDPR). I have been registered as a Data Controller with the Information Commissioner’s Office since July 2009 (registration number Z1842767).

All information provided will be treated as confidential, and will not be given to any other person/organisation without the written consent of the patient concerned.
However, disclosures without consent may be necessary in the public interest if my duty to society overrides the duty to the patient. A court may also order disclosure of information about a patient. In such circumstances only information relevant to the proceedings will be disclosed. In either case, no disclosure will take place from my part until I have obtained official advice by the BAcC.

What personal information do I collect, for how long and why?
In order to create a full Patient Record, I am required to retain information for the purpose of consultation for treatment and recording subsequent treatments: name, contact details, date of birth, GP details and full health history. I need this information in order to treat you effectively and it will only be used to support your treatment or occasionally contact you to (re)schedule appointments. I have a legal obligation to keep this information for as long as the patient remains a patient of Nadia Sempels Acupuncture and thereafter for a period of 7 years (or up to the age of 25 for minors – age 18 plus 7), at which point it will be securely destroyed/deleted. Use by third party medical practitioners will only be allowed with the specific permission of the patient in writing.

How do I keep it and who has access to it?
For safe storage of this information, I use the cloud-based application WriteUpp. No data is therefore locally stored, but on servers in a secure data centre (in UK/EU). I alone have access to the application, secured both by facial recognition and password. Data is encrypted in flight. Pathway Software (UK) Ltd, based in Chester and the developer of WriteUpp, is registered with the Information Commissioner’s Office (registration number Z2865352) and has ISO27001:2013 certification. They act as Data Processor for the information I put into the system.
My place of practice, the Victoria Clinic, Sycamore Road, Woking GU21 4AA (registration number ZA238631), will also act as an additional Data Processor for Nadia Sempels Acupuncture and they will store only data needed to identify and contact the patient for booking/scheduling purposes, i.e. name and number.

Your rights
Patients have a right to access their own personal information. A patient may request a copy of their patient record at any time and expect this to be delivered within the period of 1 calendar month. A patient may ask for any inaccuracies to be rectified. In order to keep details accurate, I will also ask whether anything should be updated when a patient returns after a break in treatment / or at the beginning of each calendar year.

If you have any concerns about the way Nadia Sempels Acupuncture is handling your personal data, please contact info@nadiasempelsacupuncture.co.uk and head your email “Data Protection Enquiries”.

Patients who attended my previous clinic (Crofton Healthcare) : please contact me direct to find out about your specific data protection issues on the above mentioned email address.