GDPR Privacy Notice
PRIVACY POLICY AND NOTICE
Your privacy and the protection of your personal data are important to Synthesis Clinic. The goal of the data protection framework is to make sure that we deal with your data in a lawful and transparent manner and that we take steps to ensure that your data are adequately protected.
This Privacy Policy is a notice to explain to you how Synthesis Clinic will collect your data, use your data and store it. It also lays out who your data may be shared with and how you can request that your data be updated and deleted.
How we obtain your personal data
You provide us with personal data in the following ways:
- By completing any clinic questionnaire
- By signing a terms of engagement form
- During a consultation
- Through email, over the telephone or by post
- By making an online payment
This may include the following information:
- basic details such as name, address, contact details and next of kin
- details of contact we have had with you, such as referrals and appointment requests
- health information, including your previous medical history, dietary, lifestyle, supplement and medicine details, biochemical test results, clinic notes and health improvement plans
- GP contact information
- Bank details
We use this information in order to provide you with direct healthcare. This means that the legal basis of Synthesis Clinic holding your personal data is for legitimate interest.
Legitimate interest
Your Personal Data is held and processed on the lawful basis that such action is in the legitimate interest of the company in pursuing the purposes described. This has been considered through the use of a legitimate interest assessment which does not outweigh risks to the rights, freedoms and interests of you as the Data Subject. The purpose of collecting your Personal Data is to provide health and wellbeing services to you. Personal Data is collected and used for the purpose of delivering the services you have requested from Synthesis Clinic and/or the practitioners contracted with Synthesis Clinic as Data Controllers. We have adopted a “Privacy by Design” approach to your personal information, meaning that, to the best of our ability, we will employ state of the art means of collecting, storing, and transmitting your data, with a view to promoting privacy and data protection from the outset. We use the services of Data Processors, who are contracted by Synthesis Clinic. Our Data Processor is Function365, our practice management application and service platform.
How we use your personal data
We act as a data controller for use of your personal data to provide direct healthcare. We also act as a controller and processor in regard to the processing of your data from third parties such as testing companies and other healthcare providers. We act as a data controller and processor in regard to the processing of credit card and online payments. We undertake at all times to protect your personal data, including any health and contact details, in a manner which is consistent with our duty of professional confidence and the requirements of the General Data Protection Regulation (GDPR) concerning data protection. We will also take reasonable security measures to protect your personal data storage. We may use your personal data where there is an overriding public interest in using the information e.g. in order to safeguard an individual, to prevent a serious crime and where there is a legal requirement such as a formal court order. We may use your data for clinical audit, education and marketing purposes, such as newsletters, but this would be subject to you giving us your consent. You will receive a separate information consent form to complete. You may opt out at any time.
We also ensure the information we hold is kept in secure locations, restrict access to information to authorised personnel only, protect personal and confidential information held on equipment, such as laptops with password protection and/or encryption (which masks data so that unauthorised users cannot see or make sense of it). We ensure that all our staff operate the clinical system with security precautions in place. We ensure external data processors that support us are legally and contractually bound to operate and prove security arrangements are in place where data that could or does identify a person are processed.
Sharing your personal data
Synthesis Clinic and its practitioners use your Personal Data for legitimate interest to provide health and wellbeing services for you. Within the health sector, we have to follow the common law duty of confidence, which means that where identifiable information about you has been given in confidence, it should be treated as confidential and only shared for the purpose of providing direct healthcare. We will protect your information, inform you of how your information will be used, and allow you to decide if and how your information can be shared. Please note that information will be shared within the clinic between staff as necessary for the purposes of providing safe and effective care, we cannot work properly without sharing information. We will ask for your explicit consent to share any information outside the clinic with your NHS or other private care providers. We do not sell or trade your Personal Data to others.
Our website also uses cookies and collects IP addresses, which means a number that can uniquely identify a specific computer or other device on the internet. This non-personal identification data may be collected whenever you interact with our website and may include technical data about your browser, type of device used, operating system, Internet service provider, and other similar data. For more information on this see our cookie policy. We use Google Analytics to track visits to our website. More information about Google Analytics can be found on the Google Analytics website.
If you would like detailed information from Get Safe Online on how to protect your Personal Data and your computers and devices against fraud, identity theft, viruses and many other online problems, please visitwww.getsafeonline.org.
Your rights
You have the right to determine how your data is collected and used by us. In particular:
- Your personal information can only be held on valid bases, such as your consent, and our contractual obligation to provide services to you
- You have the right to know whether or not we are processing your personal information
- You can request that your personal information be sent to you in electronic format provided that it is conveyed securely
- You have the right to restrict the purposes for which we may use your personal information
- You have the right to request that incorrect information about you be rectified
- You have the right to request that your personal information be erased, also known as the “right to be forgotten,” subject only to imperatives of public policy specified in the GDPR (Art. 17.3), or to our own specific needs concerning legal obligations or claims.
You can exercise your rights at any time by contacting us. If you consented to us collecting and/or processing your personal information but change your mind, you can get in touch with us to request that we erase the personal information that we hold about you.
Contact information
If you have any questions or concerns regarding any aspect of this policy, wish to find out what data we hold about you, or would like to request the erasure of your personal data, please contact us using one of the methods outlined below.
Synthesis Clinic – hello@synthesisclinic.co.uk, 01628964330 (Hampshire: 023 8017 8340)