Privacy Policy

Effective Date: Friday 1st December, 2024
Review Date: Friday 31st October, 2025

Definitions and Compliance Framework
Poundbury Chiropractic is designated as the Data Controller under the UK General Data Protection Regulation (UK GDPR). JaneApp, our client management system, acts as the Data Processor. The scope of Personal Data collected includes but is not limited to client details, medical history, informed consent forms, treatment notes, diagnoses, and clinical images.

Purpose of Data Collection and Utilisation
We collect and utilise your Personal Data to ensure comprehensive healthcare provision. This encompasses maintaining up-to-date and accurate patient records, facilitating targeted treatments, and efficiently communicating appointment specifics. Additionally, with your explicit ‘opt-in’ consent, we extend information about in-clinic promotions, health talks, and other relevant marketing activities. Patients can revoke consent for marketing at any time by contacting us.

Disclosure to Third Parties
We maintain the highest levels of confidentiality. Your Personal Data is shared only with entities directly associated with your healthcare. This includes JaneApp for secure client record storage, Physiotrack for specific exercise prescriptions, and Inger Roug DACBR for diagnostic imaging assessments. Further, we may share your data with other healthcare professionals such as GPs, Physiotherapists, or Medical Insurance Companies, but only when medically or legally necessary and often with your explicit consent.

Legal Foundation for Processing Data
Data processing adheres to the UK GDPR’s “Legitimate Interests” framework for general information. Special Category Data, particularly health-related information, is processed under the additional conditions specified in Article 9(2) of the UK GDPR, all aimed at the provision and administrative management of healthcare services.

Data Security and Retention Policy
Your Personal Data is securely stored in compliance with multiple standards, including ISO 27001, SOC 1, and SOC 2. JaneApp, our data processor, aligns with these standards and is fully UK GDPR compliant. For more details, you can consult JaneApp’s privacy policy at https://jane.app/legal/privacy-policy. We are obliged to retain your data for eight years following your last treatment, as mandated by the General Chiropractic Council. For minors, records are retained until the patient reaches the age of 25.

Your Rights and Contact Information
You hold specific rights concerning your Personal Data, including the right to inquire, amend, erase, limit, or object to data processing, and to lodge complaints. For all data protection matters, or if you require a copy of this notice, contact Martyn Clark at info@PoundburyChiropractic.com. You can also lodge complaints with the Information Commissioner’s Office (ICO) via their website at https://ico.org.uk. This policy demonstrates our adherence to lawful and ethical data management protocols, safeguarding your rights and fulfilling our compliance obligations. Poundbury Chiropractic is registered with the Information Commissioner’s Office (ICO). This document is available for your records via download or upon request in alternative formats.