Privacy Statement

Dorset Orthopaedic Clinic is committed to protecting your privacy. In order to provide our services to our patients, we need to collect certain information from you. This Privacy Notice explains when and why we collect personal information about you as well as the types of personal data we may collect when you interact with us in person, online or over the phone. It also explains how we’ll look after your data and keep it safe.

The GDPR law on data protection sets out a number of different reasons on why we may collect and process your personal data, including:

Consent
In specific situations, we can collect and process your data with your consent. This consent may be overridden by other reasons listed below, for example legal obligations or legitimate interest reasons.

Contractual obligations
In some instances, we need your personal data to comply with our contractual obligations. For example, if you require an investigation or opinion from another specialist, we will need to share your personal details in order to organise this. We also may need to pass your details to a third party billing service, in order that you are invoiced for the services that we provide.

Legal compliance
We may be legally bound to collect and process your data, and also to hold those records for a period of time that is compliant with legal requirements.

Legitimate interest
We require your data to pursue our legitimate interests in a way which might reasonably be expected as part of providing the necessary medical care and running of the service/business and which does not materially impact your rights, freedom or interests.

We also have a legal basis on which to process your data, as stated by Article 9(2)(h) – ‘processing is necessary for the purpose of preventative or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services...’

2. How we collect your personal data
There are a number of ways in which we may collect information about you:
  • When you call our secretarial team or fill in a website contact form
  • When you email us
  • Consultations or visits to the hospital or clinic
  • Clinical Photographs (with prior consent)
  • Outcome data
  • When you engage with us on social media

3. The type of personal data we collect
The personal data we may collect includes your name, billing/delivery address, email address, telephone number, your insurance details, medical notes from consultations, notes from conversations we have with you. We will also share this data with other healthcare providers, such as your GP.

4. How and why we use your personal data
When you engage with us, we want to give you the best possible care. By collecting data about you, it allows us to offer a safe, personalised and effective service.
We use your data so we can fulfill our contractual obligations to you (healthcare). The data privacy law allows this as part of our contractual obligations and legitimate business interest in understanding our customers and providing the highest levels of service. We will hold your data in our systems for as long as is necessary for each relevant activity or as long as is set out in any contract we have with you. If you choose not to share your personal data with us, or refuse certain contact permissions, we might not be able to provide some services you’ve asked for.

5. Protection of your personal data
The security of your personal data is very important to us and we take a lot of care to handle and store it as best we can and in line with new legislation as we know it is important to you as well as us.

Here are some ways we secure your data:
  • Medical notes are stored securely in paper form or electronically.
  • Surgical logbook data
  • We use password protected or encrypted emails between our team in order to protect sensitive personal data.
  • Information that is not required is destroyed in a confidential manner.

6. Period of time we keep your personal data
We only keep your data for as long as is necessary for the purpose it was collected. After that period, your data is deleted or anonymised and for example aggregated with other data to be used for business planning and analysis.


7. Who we need to share your personal data with and why
At times we need to share your personal data with trusted third parties e.g. other health providers such as your GP, or billing services. We only provide what they need and they cannot use your data for anything other than the purposes that they have your data for.

Sharing your data with third parties for their own purposes:
We will never sell or trade your contact details with any third parties, unless you have given us your consent to do so, for example marketing purposes. There are some instances where we may have to share your information based on our legal obligations, for instance:
  • If the police/government ask us to disclose information we may be required to share your personal data with them, however we would assess this sort of request very carefully
  • For fraud management, we may share information about fraudulent or potentially fraudulent activity in our premises or systems. This may include sharing data about individuals with law enforcement bodies

8. Your rights over your personal data
You have a choice as to whether or not you receive marketing information from us and you can withdraw your consent from specific communication channels at any time.
Requesting access and making changes to your personal data
You also have the right to access and rectify mistakes in the data we hold about you at any time.
These requests will be handled on a case by case basis and we estimate will be processed in no longer than 1 month depending on our legitimate business interests, legal and contractual obligations. If we refuse your request we will explain to you the reason for our refusal.

Legitimate Business Interests
In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.

9. Contacting the Regulator
If you are at all unhappy about the handling of your data, you can send a complaint to the Information Commissioner’s Office by calling 0303 123 1113 or go online to www.ico.org.uk/concerns
If you are based outside the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence.

10. Questions?
We hope this Privacy Notice has been helpful in setting out the way we handle your personal data and your rights to control it.
If you have any questions that haven’t been covered, email us at nick.savva@fortiusclinic.com.