Information on General Data Protection Regulation from your Osteopath Dr Damon Murgatroyd
Dr Damon Murgatroyd Osteopathy has created this privacy statement in order to demonstrate our firm and continuing commitment to the privacy of personal information provided by those visiting and interacting with this web site. We hold the privacy of your personal information in the highest regard. The following page discloses Dr Damon Murgatroyd Osteopathy information gathering and dissemination practices for this website.
Dr Damon Murgatroyd Osteopathy recognizes the importance of protecting your privacy and our policy is designed to assist you in understanding how we collect, use and safeguard the personal information you provide to us and to assist you in making informed decisions when using our site. This policy will be continuously assessed against new technologies, business practices and our customers’ needs.
Our Commitment to the 2018 General Data Privacy Regulation
I AM YOUR GDPR DATA PROTECTION OFFICER IN 2 CLINICS
In the Southampton and Bournemouth clinics, for GDPR 2018, Dr Damon Murgatroyd is the ‘data controller’ (ie person who is responsible for, and controls the processing of your personal data). However, in the Poole clinic I have only a data processor role.
GDPR 2018 Privacy Notice
Below is a link to my practice’s Osteopathic GDPR Privacy Notice for you to read online, and to download. It is the same document that you will be given in the Southampton and Bournemouth clinics. The Notice, in part, relates to a legal requirement for me to obtain your signed preferences on data processing.
WHO I AM
Dr Damon Murgatroyd is a Registered Osteopath with the General Osteopathic Concil, and qualified doctor. He operates private practices in Southampton, Hampshire, and in Bournemouth, Dorset. He also works as an associate/self-employed osteopath in Poole, Dorset.
After qualifying as a doctor of medicine in 1984, GMC Ref No 3000340, and then as an osteopath in 1992, Reg No 1600, I have worked parallel careers as a General Practitioner, as a hospital orthopaedic physician, and as a private osteopath. From 2015 I have worked solely as an osteopath. My qualifications are: MBChB, FLCOM, DipMSMed, DipGerMed. I am a registered osteopath.
– If you do not wish to receive marketing material, if you had previously agreed to it.
…That contacting us to opt-out does NOT apply to your contact information saved for purposes of dealing with your clinic booking, and for your care as a patient of this clinic.
Highlights from the full GDPR Privacy Notice
Introduction to the GDPR information for you as my Osteopathic patient
This information is, I hope, presented in a quick to access, and easy to understand way.
The videos at the bottom of this page aim to answer the ‘why’ and ‘what it means for all of us’ questions.
Your feedback will be very welcome.
What Information Do We Collect?
When you visit this web site you may provide us with two types of information: personal information you knowingly choose to disclose that is collected on an individual basis, and Web site use information collected on an aggregate basis as you and others browse our Web site. Medical records are separate from the website, as outlined below.
1. Personal Information You Choose to Provide
When you register online for any of our products, services or newsletters you will provide us information about yourself.
We review our retention periods for personal information on a regular basis. We are legally required to hold some types of information to fulfil our statutory obligations. Dr Damon Murgatroyd Osteopath will hold your personal information on our systems for as long as is necessary for the relevant activity, or as long as is set out in any relevant contract you hold with Dr Damon Murgatroyd Osteopath/
Credit Card Information
You will NOT use a credit card on this site, but if that facility was available you would actually be transferred to a secure site. There are no requirements for transactions directly with employees. Our employees will not take credit card information from you.
If you choose to correspond with us through email, we may retain the content of your email messages together with your email address and our responses. We provide the same protections for these electronic communications that we employ in the maintenance of information received by mail and telephone.
2. Web Site Use Information
We will obtain personal data about you (such as your name, address, contact telephone number, email address, whenever you complete an online form.
For example, we will obtain your personal data when you send us feedback, contact us for any reason, sign up to the newsletter, enter a competition, book appointments. We may also obtain sensitive personal data about you if you volunteer it during the completion of an online form. If you volunteer such information, you will be consenting to our processing it for the purpose of obtaining medical history for case history and treatment purposes
Under the General Data Protection Regulations (2018) you have the options to discover/forget your on-line data held on this site Here
3. Personal Information and Medical Information that is used in keeping medical records of your treatment
As an osteopath who will meet and treat you for your problems, I am obliged to keep and retain accurate records, for legal reasons, for a period of time. These will be both as ‘hardcopy’ written records stored in a locked environment, and as a ‘summary’ record on digital file. The latter is NOT part of my website, and is kept as a password encrypted file. Cloud storage is with Outlook 365, which is GDPR compliant, and is itself accessed by 2-step verification. The following points are from the ICO documentation on GDPR FAQs For Small Health Sector Bodies :
- Individuals are entitled to have personal data rectified if it is inaccurate or incomplete.
- If we have disclosed the personal data in question to third parties, we must inform them of the rectification where possible. We must also inform the individuals about the third parties to whom the data has been disclosed where appropriate.
- However, this doesn’t extend to medical opinions, where the data recorded accurately represents the opinion in question.
- There is no absolute ‘right to be forgotten’.
- People can ask for their personal data to be erased – but only when there is no compelling reason for its continued processing.
How Do We Use Your Personal Data? (What Do We Do With the Info?)
Broadly speaking, we use personal information for purposes of administering our business activities, providing the products and services you requested, to process your payment (if done online), to monitor the use of the service, our marketing and promotional efforts and improve our content and service offerings, and customize our site’s content, layout, services and for other lawful purposes. These uses improve our site and better tailor it to meet your needs.
We will not share your information with third parties, unless on a legally required basis. Personally identifiable information or business information will not be shared with third parties for marketing purposes.
Occasionally, we may also use the information we collect to notify you about important changes to our Website, new services, and special offers we think you will find valuable. You may notify us at any time if you do not wish to receive these offers by emailing us via my Contact Me page, or at the link provided on the newsletter.
Data Security Precautions
When you give us personal information, we take steps to ensure that it’s treated securely. Non-sensitive details (your email address etc.) are transmitted normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we take great care to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems. Online storage of personal information will use GDPR compliant methods: Microsoft 365 and Google Drive. We will not store data outside the EEA. This site’s hosting company is Kualo, who confirm that they use only UK-based servers. Please see their article: GDPR: A Shared Responsibility for Data Security , particularly the paragraph ‘The Obligations of a Data Processor’, point 7.
Acquisition or Changes in Ownership
In the event that the web site (or a substantial portion of its assets) is acquired, your information would be considered part of those assets, and may be part of those assets that are transferred.
It is possible to switch off cookies by setting your browser preferences. For more information on how to switch off cookies on your computer, see just below. Turning cookies off may result in a loss of functionality when using our website.Types of cookies
The length of time a cookie stays on your device depends on its type. We use two types of cookies on our websites.
Session (Transient) cookies: these cookies are erased when you close your browser, and do not collect information from your computer. They typically store information in the form of a session identification that does not personally identify the user.
Persistent (Permanent/Stored) cookies: these cookies are stored on your hard drive until they expire (i.e based on a set expiration date) or until you delete them. These cookies are used to collect identifying information about the user, such as Web surfing behavior or user preferences for a specific site.
For more information on the usage of cookies by Google Analytics please see the Google website. A link to the privacy advice for this product is provided below for your convenience.
IP addresses are used by your computer every time you are connected to the Internet. Your IP address is a number that is used by computers on the network to identify your computer. IP addresses are automatically collected by our web server as part of demographic and profile data known as traffic data so that data (such as the Web pages you request) can be sent to you.
Marketing and Opting Out
If you have given permission, we may contact you by email, SMS, mail, telephone, text/picture/video message about hints and tips, blogs, special offers, updates, new services that may be of interest to you. If you prefer not to receive any direct marketing communications from us, you can opt out at any time – write or email us via the Contact Me page. See ‘Your rights’, below for further information.
Under the General Data Protection Regulation (GDPR), you have rights as an individual which you can exercise in relation to the information we hold about you.
The right to be informed
This encompasses our obligation to provide ‘fair processing information’, typically through a privacy notice that emphasises the transparency in our data processing methods and the reasons we may process your personal data with your consent.
The right of access
This allows individuals to be aware of and verify the lawfulness of the processing.
The right to rectification
This gives individuals the right to have personal data rectified if it is inaccurate or incomplete.
The right to erasure
Also known as ‘the right to be forgotten’ this enables an individual to request the deletion or removal of personal data where there is no compelling reason for its continued processing.
The right to restrict processing
This provides individuals with the right to ‘block’ or suppress processing of personal data.
The right to data portability
This permits individuals to obtain and reuse their personal data for their own purposes across different services. It allows them to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without limiting usability.
The right to object
Individuals have the right to object to processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling); direct marketing (including profiling); and processing for purposes of scientific/historical research and statistics.
You can read more about these rights at https://ico.org.uk/for-the-public/is-my-information-being-handled-correctly/.
Children and Data
Children are not eligible to use our services unsupervised and we ask that children (under the age of 14) do not submit any personal information to us. If you are a minor, you can use this service only in conjunction with permission and guidance from your parents or guardians.
Links to Other Websites