The EU General Data Protection Regulation (GDPR) imposes stringent standards of data protection when handling EU citizens’ personal data.
We at WuDou Chinese Medicine & Acupuncture are committed to protecting your personal data.
The use of your personal data is strictly limited to the following two purposes:
- to provide our services to you and
- to comply with our legal obligations
We will never share your personal details with third parties for marketing purposes.
The type of data we collect and how we use it
We do not collect any personal data on our website that would allow us to identify you. Where we use third parties to provide our services (e.g. for website hosting, sending emails, online bookings, order prescriptions and taking payments) the providers have given us their assurances that they are fully compliant with the GDPR.
Where we collect your personal data (e.g. on patient forms and during treatment sessions), we do so solely to provide our services to you and to comply with our legal obligations:
- Name, phone number, email and postal addresses: these are required to communicate with you, e.g. to make appointments, herbal prescriptions delivery, provide dietary or lifestyle advice as a follow-up to treatments, send appointment or payment reminders; notify you if our business address or opening times change.
- Medical history, health complaints and treatment records: these are required to make a qualified diagnosis; assess treatment success; and to fulfil our legal obligations (see next point).
Retention and disclosure of your personal data
For insurance purposes, we are legally obliged to take written notes of each treatment session and to retain these for 8 years after your most recent appointment. In the case of minors, notes must be kept for 7 years after they reach the age of 18. After this period you can ask us to delete your records if you wish.
Otherwise, we will retain your records indefinitely in order that we can provide you with the best possible care should you need to see us at some future date.
Treatment records are confidential and will not be disclosed to a third party without your written consent.
Protecting your data is important to us and we have security measures in place to prevent your data from being accidentally lost, used or accessed in an unauthorised way.
We have procedures in place to deal with personal data breaches and will notify you of a breach where we are legally required to do so.
You have certain rights in relation to your personal data. These are set out at https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
You can request a copy of the data we hold about you, including your client file. We will reply within one month of the date of the request and if possible earlier. Requests must be submitted in writing to firstname.lastname@example.org.
We will not charge a fee for responding to your general request. A fee will be charged if copies of your file notes and / or payment records are requested. If request is repetitive or excessive, we may decline to respond.