The Delphi Clinic Privacy Policy

The Delphi Clinic takes personal data protection seriously and manages all


your data under the new GDPR framework. The priority is to manage your


data in a lawful and transparent way and that measures are taken to


ensure your data is protected appropriately. This policy is to explain how


we use, store, share and process your data.


When and how do we obtain your data?


We obtain your data when:


 You sign up to our newsletter


 When you book an appointment


 When you complete the patient intake forms


 When you sign a terms and conditions policy


 When you have a consultation


 When we take payment from you


The personal data we may obtain but not limited to:


 Your name/date of birth/email address/telephone number


 Previous medical records


 Test results


 GP contact details


 Medical history


 Bank details


 Referral letters


If you visit our website and make enquiries through this website, your


usage may be tracked by using “cookies” and other similar technologies to


help us make improvements to the websites and to the services we make


available. 



How do we process your data?


We keep all your records confidential through our data processor where


your information is stored. Our data processor is F365 Ltd (Privacy Policy).


Function 365 Ltd registered address is Third Floor, 95 The Promenade,


Cheltenham, Gloucestershire, United Kingdom, GL50 1HH, and their ICO


registration number is ZA539196.


We will also take reasonable security measures to protect your personal


data storage and restrict access to authorised personnel only. This includes


our administrative team who are bound by our confidentiality clauses.


If we need to share information outside the clinic, we will ask for your


consent specifically otherwise we will only share your personal data where



there is an overriding public interest in using the information e.g. in order


to safeguard an individual, to prevent a serious crime and where there is a


legal requirement such as a formal court order.


We may also be required to share information with the Care Quality


Commission staff upon inspection for them to assess safety and quality of


our services.



We use Google Analytics to analyse our website activity. More information


about Google Analytics can be found on the Google Analytics website.



Why do we hold your data?


We hold your medical record in order to provide you with safe health care.


We will also use your information so that we can review the quality of the


care we provide on a regular basis through clinical audit and education.


This helps us to improve the services we offer to you.


We also use your data for marketing purposes, such as newsletters, but we


will ask for your express GDPR consent for this and you can opt out at any


time.


What rights do I have regarding the information you hold about me?


In accordance with GDPR:


 You can withdraw your consent to the processing of your


information at any time.


 You can request information about the person who is processing


your information.


 You can access your personal data when you need to.


 You can prevent the use of your personal data being used for


direct marketing purposes.


 You can request that your data is deleted when it is no longer


required for the purposes it was collected for.


 You can restrict the processing of your data in specific


circumstances.



Accessing your data and applications to delete your data


Under the GDPR, you have the right to request a record of the data held


about you. A request for this would need to be submitted in writing to the


Data Protection Officer at contact@thedelphiclinic.com.



For legal purposes, we maintain a record of your information for 8 years


from our last clinic contact. Applications for deletion prior to this


timeframe will be processed on a case by case basis and the request


granted at our discretion.




Patients who have completed their treatment and no longer wish to have


their data accessed will have their data securely stored away from the


main patient database and all contact details removed from our systems


until the above timeframe is concluded.



For past patients, who no longer wish to remain on our contacts list and


who do not wish their data to be accessed, their data will be stored (for the


time specified above), in a secured form away from our patient database.


During this time, contact details will be removed from our systems and the


records will not be accessed for any purpose other than defending a legal


claim if needed.





Please see the Information Commissioner’s website. For further


information.