GDPR - Privacy Notice
Turning Point takes the protection of your data seriously and this page sets out how we use and protect any personal information you may provide us with.
We may change this policy from time to time by updating this page, you should therefore check this page occasionally to ensure that you are happy with any changes. The date of any updates or amendments to this Policy will be made clear at the top of the page.
When you supply your personal details to this clinic they are stored and processed for the following 4 reasons (the parts highlighted in bold are the relevant terms used in the Data protection Act 2018, which includes the General Data Protection Regulation):
- We need to collect personal information about your health in order to provide you with the best possible treatment. Your requesting treatment and our agreement to provide that care constitutes a contract. You can, of course, refuse to provide the information, but if you were to do that we would not be able to provide treatment. You may be asked to sign a consent form to allow us to collect and store your personal data.
- We have a ‘Legitimate Interest’ in collecting that information, because without it we could not do our job effectively and safely.
- It is also in your "Legitimate Interest" that we retain your contact details (such as telephone numbers, email addresses, postal addresses) so that we may be able to contact you in order to confirm your appointments with us or to update you on matters concerning your treatment.
- Provided we have your consent, we may occasionally send you general health information in the form of articles, advice or newsletters. You may withdraw this consent at any time – just let us know by any convenient method.
We have a legal obligation to retain your records for 8 years after your most recent appointment (or age 25, if this is longer), but after this period you can ask us to delete your records if you wish. Otherwise, we will retain your records indefinitely in order that we can provide you with the best possible care should you need to see us at some future date.
Your records are stored:
- On paper, in locked filing cabinets, and the offices are always locked out of working hours as well as the whole building being securely locked.
- Electronically (“in the cloud”), using Private Practice Software software (PPS).
We rely on them to protect patient data and are satisfied they comply with the General Data Protection Regulations. Regarding how they protect data they state:
"if you use our cloud-based products, including PPS Hosted, PPS Express, PPS Remote and PPS Online Booking then we host your data. This means that your data is held in state-of-the-art secure UK data centres managed by iomart, one of the UK’s leading data centre providers. Our supplier is ISO 27001 certified and employs an array of methods to ensure that your data is kept safe, secure and accessible, including:
An Enterprise class firewall system that prevents unauthorised access to the servers and data.
Redundant hardware ensures that failure of a component piece of hardware does not cause loss of access to systems or loss of data.
Physical security is provided through 24/7/365 data centre staffing and with CCTV cameras, motion detectors and a secure key fob access system.
Whenever you connect to any of our cloud-based systems SSL is used to encrypt the connection, ensuring that your data remains safe and secure. If you have multiple PPS systems that synchronise, TLS is used to encrypt your data whilst it is being synchronised between your systems."
- On our office computers. These are password-protected, backed up regularly, and the offices are always locked out of working hours as well as the whole building being securely locked.
We will never share your data with anyone who does not need access without your written consent. Only the following people/agencies may have access to your data:
- Your practitioner(s) in order that they can provide you with treatment.
- Our reception staff, because they organise our practitioners’ diaries, and coordinate appointments and reminders (but they do not have access to your medical history or sensitive personal information).
- Other administrative staff, such as our bookkeeper. Again, administrative staff will not have access to any notes made regarding your medical history or sensitive personal information, just your essential contact details.
- The provider of our Private Practice Software (PPS) who store and process some of our data on their fully encrypted system.
You have the right to see what personal data of yours we hold, and you can also ask us to correct any factual errors. Provided the legal minimum period has elapsed, you can also ask us to erase your records.
Cookies are small text files that are downloaded and stored on your computer when you visit a website. Most websites use them but the information they contain varies from website to website. They can used for example to enable a website to remember your preferences, remember what you have put in your shopping basket, or count the number of visitors to each web page.
We do not use any third party Cookies or third party analytical software.
For more information on Cookies and how to control and manage them please visit this link
Links to other websites
How to contact us
If you would like a copy of the personal information we hold on you, or if you have any requests concerning your personal information or any questions or concerns about our privacy practices, please email us, or write to us at the following address:
Turning Point Clinic
79c South Street
Devon EX36 4AG
We will respond to your communication within one month of receipt of the request.
You have the right to complain to the Information Commissioner’s Office (ICO) if you feel that we have not responded fairly to your requests. You can find their contact details here: https://ico.org.uk/concerns/