At Pain Puzzle we’re committed to protecting and respecting your privacy.
This Policy explains when and why we collect personal information, how we use it, the conditions under which we may disclose it to others and what choices you have. It relates to all our business activities, not just this website.
We may change this Policy from time to time so please check this page occasionally to ensure that you’re happy with any changes. By using our services, you’re agreeing to be bound by this Policy.
Any questions regarding this Policy and our privacy practices should be sent by email to firstname.lastname@example.org,
Date: 13th August 2018
Author: Deborah Smith
1. Who are we?
We are Deborah Smith, an osteopath providing health information and osteopathic care in the Pain Puzzle clinic or in your own home. Our website address is: https://painpuzzle.co.uk
Deborah Smith is a sole trader.
2. How do we collect information from you?
We obtain information about you when you contact us to enquire about our services.
We also collect information from you if you leave a comment on our blog or fill in our feedback or help forms.
We collect information about you when you complete an online appointment booking or make a booking by phone, email or message.
We collect medical information during your appointments.
3. What information do we collect & how is it used?
We collect information to respond to enquiries. We also collect information to allow us to fulfil our obligations to our patients – to fulfil appointments and to make a thorough assessment and diagnosis and keep a record of diagnostic reasoning and treatment. We also collect your information if you leave a comment on our blog. The section 3.3 below outlines what information we collect, and for what purpose.
3.0. Sensitive Data
Medical data is classified as Special Category Data. Our condition for processing this data is to fulfil our healthcare services. This is condition Article 9 2(h).
The information we collect is your personal contact details in order to make appointments and respond to enquiries, this is to fulfil our contract with you. We also collect and record information about your health so that we can provide you with osteopathic care. We collect this data to fulfil our contract to provide health services to you. We use your email and telephone details to confirm appointments and provide you with information about your care. This is considered a legitimate interest but you are free to tell us you would rather we didn’t contact you. Your health data is considered Special Category data and as such the condition for processing is Article 9 2(h).
We use Cliniko as the provider of our electronic clinic software. We can reassure you that information entered in our online appointment system is handled securely. All your case history information is entered and securely stored with back-ups on the Cliniko system. Access to the system and all our devices are password protected.
From time to time we like to pass on information about health and well-being and the services we offer. Be reassured that we will not use your email or text message for marketing unless you have given us permission to do so. We obtain your consent for this and record it in Cliniko. Mailchimp is used to generate newsletters and therefore will have your name and email address on their server. You can withdraw your consent for receiving marketing at any time.
We have verified that these 3rd party services are GDPR compliant (or are working towards GDPR compliance),and are certified under the EU-US Privacy Shield Framework (or are working towards certification) where these organisations are based outside of the EU.
Your data will not be shared without your consent unless there is a legal requirement to do so.
4. Controlling your information
4.0. Health information – your rights
Please help us to keep your information accurate by telling us if there have been any changes. We will periodically check that your information remains accurate.
You can request to see the data we hold about you. You can also ask for mistakes to be corrected. You can ask to be removed from our marketing lists. You can ask for your notes to take them to another practice.
We are unable to delete the data we hold about you. We have a legal obligation to keep your notes for 8 years or for children until they are 25 years old. After this time we will delete your record so if you come to the clinic again we will start a new record.
5. Website Privacy
You can manage these small files yourself. You can find out how to do this, and learn more about Cookies in general here.
Google Analytics sets cookies to help us accurately estimate the number of visitors to the website and what content is most popular. This helps to ensure that our website is responding to your needs in the best way possible. Google Analytics sets the following cookies:
When you leave a comment on our blog, three cookies are set to store your name, email address and website. This is so that if you wish to leave another comment, you won’t have to re-type this information. These cookies will last for one year.
We use a technology called ‘Adaptive Images’ to display appropriately sized images across all screensizes. This sets a cookie to store your screensize:
By using and browsing the Pain Puzzle website, you consent to cookies being used in accordance with this Policy.
If you do not consent, you must turn off cookies or refrain from using the site. Most browsers allow you to turn off cookies. To do this, look at the ‘help’ menu on your browser. Switching off cookies should not noticeably restrict your use of this website.
5.5.Links to other websites
Our website contains links to other third party sites. Deborah Smith is not responsible for the privacy practices within any of these other sites. You should be aware of this when you leave the Pain Puzzle website and we encourage you to read the privacy statements on other websites you visit.
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
5.6.How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
5.7.What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
5.8. Where we send your data
Visitor comments may be checked through an automated spam detection service
Deborah Smith takes security seriously. In order to protect your information from loss, misuse or unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect. These steps include the following:
A copy of our internal Data Security Policy is available on request.
Our Data Security Policy includes a clear process for handling a personal data breach, should one occur. Where appropriate, Deborah Smith will promptly notify you of any unauthorized access to your personal information.
If you wish to raise a complaint on how we have handled your personal information, you can contact us directly and we will investigate the matter – Deborah Smith 07733 274931 email@example.com
If you are not satisfied with our response or believe we are processing your personal information not in accordance with the law you can complain to the Information Commissioner’s Office (ICO).