Data Protection & Privacy Policy

This privacy notice tells you what to expect when The Artemis Clinic collects your personal information. It applies to information we collect about our clients, enquirers, current and former staff members and co-workers and requests from the aforementioned in relation to data protection rights, queries and freedom of information.

1.a. What information do we ask for and why? Your personal data is data which by itself or with other data available to us can be used to identify you. This privacy notice sets out how we will use your personal data. We do not collect more information than we need to fulfil our stated purposes and will not retain it for longer than is necessary.

We collect your personal data when you: email or phone us, contact us via our website, book and attend appointments for yourself or others, make payments or require a refund, purchase a gift card, request information from us, engage with us on social media, fill in forms online or in the clinic, review our services, visit our clinic which operates CCTV.

The information we collect includes:

• Name, date of birth, home address, email address, telephone numbers (in order to ensure accurate identification and communication);
• Employment, hobbies and interests (often relevant to the presenting complaint/s and recovery);
• Medical history both past and current (necessary as may/may not be relevant to presenting complaint/s);
• Medication being taken (necessary as may/may not be relevant to presenting complaint/s);
• Source of introduction to the clinic (to enable us to ascertain where our clients are coming from).
• Reviews, survey responses and comments.
• Recorded phone calls and CCTV data.

1.b. How do we use the information provided to us and how long will we keep it for? All information provided is used for the purpose of identification, communication, building a medical profile, communication with GP’s/consultants/private health insurance companies and source of introduction to the clinic. We do not share any of the information you provide us with any third parties, apart from those mentioned in 1.c. below. The information you provide will be held securely by us and our data processors whether the information is in electronic or physical format. The clinic keeps client’s paper records for either ten or seven years, depending on the service used. After this time, all paper records are destroyed by cross shredding.  We do not delete client contact details and medical reports/letters from our database to maintain recognition for returning clients. If you would like your contact details deleted from our database please inform us and this can be facilitated.

1.c. Who has access to the data we gather?

• Our clinic uses Power Diary which is a cloud-based practice management system. Client data we enter in Power Diary include name, address, phone numbers, date of birth, email address, source of introduction, appointment and payment history, medical notes, medical history and private health insurers details.

For more information about how Power Diary processes data see – www.powerdiary.com/uk/privacy-policy/

• On occasion we email clients exercises via the UK based My Physio Rehab website. Only clients receiving these emails via My Physio Rehab will have their name and email addresses shared with this company. Verbal consent will be obtained prior to this facility being utilised. For their privacy policy see www.myphysiorehab.com/privacy-policy/
• For telecoms the clinic uses BT Cloud Phone which is a call-management service that uses the latest VoIP technology. Client data we enter are phone numbers and names. For BT’s privacy policy see www.bt.com/privacy-policy/
• It is occasionally necessary to communicate letters/emails/reports with your GP/consultant/private medical insurance company which will be sent by letter, encrypted email or relevant portals. These communications will include personal contact information and medical reporting/updates. All such communication will be done with your prior verbal consent. The clinic’s IT systems and email services are secured with ESET soft wear.
• We use a third-party provider, Active Campaign, to deliver occasional group emails to those who have consented to receive them. To facilitate this, Active Campaign have access to those clients’ names and email addresses. We gather statistics around email opening and clicks using industry standard technologies including clear gifs to help us monitor and improve our e-newsletter. For Active Campaign’s privacy policy see www.activecampaign.com/legal/privacy-policy

2.a. Enquiries: People who email us: We use ESET to protect select email traffic. We also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.

2.b. People who make a complaint to us: If we receive a complaint from a person we make up a file containing the details of the complaint. This normally contains the identity of the complainant and any other individuals involved in the complaint. We usually have to disclose the complainant’s identity to whoever the complaint is about and to a legal third party if necessary. This is inevitable where, for example, the accuracy of a person’s record is in dispute.

2.c. Job Applicants, Current and Former Artemis Clinic Staff/Therapists: The Artemis Clinic is the data controller for the information you provide during the application process. Current and past clinic staff and therapists will have this data and any subsequent payroll information securely stored in physical or electronic formats. The clinic will keep such paper records for eight years after which they will be destroyed and any data held in electronic format will be permanently deleted.

3.a. Your Rights: You have rights which you can exercise in relation to the information we hold about you. You can read more about these rights via the Information Commissioner’s Office’s dedicated webpage – https://ico.org.uk/for-the-public/is-my-information-being-handled-correctly/. You have the right of erasure which is the right to withdraw consent for the clinic to hold your personal details on BT Cloud, My Physio Rehab and Active Campaign. If you have not had treatment your data can be erased from Power Diary. If you have had treatment, the relevant data must be retained as part of your medical record. You may withdraw your consent for us to retain your permissible data at any time and without detriment in relation to your data however it will likely impede your ability to have treatment within the clinic.

3.b. Our Data Handling – Queries or Complaints: The Artemis Clinic strives to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our procedures are unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures. You have the right to complain to the Information Commissioner’s Office (tel. 0303 123 1113) if you feel dissatisfied with our use or handling of your personal data.

3.c. Access to Personal Information: We aim to be as open as possible in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by contacting us. If we do hold information about you we will: respond within four working days, give you a description of it, tell you why we are holding it, tell you who it could be disclosed to and let you have a copy (on presentation of photographic ID) of the information with no charge.

If you have any queries regarding your data protection rights or requests in relation to the contents of the above, please contact the Data Protection Officer at The Artemis Clinic, Elaine Gavin, at office@artemisclinic.co.uk or 020 8777 1500.