Privacy Notice


What data we collect

We will need to collect certain personal information, this may include:

• Name
• Contact information (including your email address).
• Payment information 

Why we need to collect your data

• Contact information – this may be needed in order to send relevant information (such as an invoice for your appointment). This will only be done if requested by you. Your contact information will not be used for marketing  purposes.
• Payment information – when paying by debit or credit card, in order to process your payment and maintain our accounts and records.
• Name – as above, for maintaining accounts and records and sending relevant information. 

How your data is processed and stored

Paper records of all debit and credit card payments (in the form of a receipt), these are kept securely locked away and are accessible only by authorised personnel.
• Electronic records are kept securely and only accessible by authorised personnel (on a secure password protected computer or email account).

Legal basis for processing personal information

It is necessary for us to collect your personal information:

• To perform a contract - to fulfill your contractual obligation to pay for the services that have been provided.
• Legal obligation - we have a legal obligation to retain payment information for records for tax purposes.
• Legitimate interest in contacting you to provide information requested by you (this includes information relating to and invoices for the services provided).

Retention policy

Your personal information will be kept only as long as required. For accounts and records for tax purposes we have a legal obligation to retain payment information for a minimum of 5 years following the end of the financial year in which your payment was processed. Other personal information (name and contact information) will be deleted a maximum of two years following the last provision of services.


Who we share data with
In order to process credit and debit card payments your payment information is processed by Worldpay (our payment processor). Worldpay’s terms and conditions state that they comply with data protection legislation. For further information regarding payment processing please see Worldpay’s Terms and Conditions or contact them directly. 

From time to time, we may have to employ the services of other professionals (such as our accountant) to perform tasks which might give them access to your personal data. We will ensure that they are fully aware that they must treat that information as confidential, and we will ensure that they sign a non-disclosure agreement. 

Your rights

You have the right to see what personal data of yours we hold, and you can also ask us to correct any factual errors. Provided the legal minimum period has elapsed, you can also ask us to erase your records. 
We will never share your data with anyone who does not need access without your written consent. We want you to be absolutely confident that we are treating your personal data responsibly, and that we are doing everything we can to make sure that the only people who can access that data have a genuine need to do so. 

Changes to our privacy notice

Any future changes to our privacy notice will be displayed on this web page. Please check frequently to see any changes or updates to our privacy notice.

Complaints

If you feel that we are mishandling your personal data in some way, you have the right to complain. Complaints need to be sent to what is referred to as the “Data Controller”. The details for this contact are listed below:

Sarah Statham
sarah@sarahstathamosteopathy.co.uk

If you are not satisfied with our response or do not get a response within 30 days, then you have the right to raise the matter with the Information Commissioner’s Office.

Please note: any other information (i.e. any information not specified within this privacy notice) that is collected in association with osteopathic services is done so by (and therefore the responsibility of) the practice which you have attended. For information regarding how this data is processed you should see the privacy notice of the relevant practice or contact the practice’s data controller. If you are not sure who to contact regarding this information please use the contact information above to enquire and we will provide the relevant contact details.