Skip to content

Mariana Bakewell Osteopathy & Sports Massage

CrossFit Aldgate East, 78 Alie Street, London E1 8PZ • t: 020 8088 0852 • e: marianaosteopathy@gmail.com

CrossFit Aldgate East
78 Alie Street
London E1 8PZ
t: 020 8088 0852
e: marianaosteopathy@gmail.com

Privacy Policy

Privacy Policy

Mariana Bakewell is the appointed Data Protection Controller at Mariana Osteopathy and is registered with the Information Commissioner’s Office.

Information Held

The following information is collected: patient name, address, date of birth, email address, phone numbers, GP details, past medical history, family medical history and case history for treatment carried out at clinic.  All information is given by the patient or their carer, parent or legal guardian.

Data Collection

Information collected is sufficient for the purpose of making informed clinical decisions.

Data is collected verbally on the phone by reception staff or practitioners to book appointments and take contact details. Medical information is collected by osteopaths verbally at a face to face appointment.

Patient contact details and appointments are stored on the computer and manually.  Patient clinical records are manual and electronic.

Data Storage

We use Cliniko for all appointment bookings. When booking online, you are required to enter your name, date of birth, address, phone number and email address. Our access to this information is password protected and stored on the Cliniko servers. For more information, please visit http://www.cliniko.com

We use hand written notes which are stored securely and are only accessed by the osteopaths working here.

We use MailChimp to  send out newsletters. If you have agreed to receive marketing emails, including newsletters and exercise advice, your personal details will be stored securely on the servers at MailChimp. For more information, please visit http://www.mailchimp.com

Data disposal

Records cannot be deleted before statutory requirements for data retention – 8 years or up to 25 years of age for children

Notes are disposed of securely after 8 years or 25 years of age for children.

Electronic records are deleted from the system after 8 years or 25 years of age for children.

Consent

Patient data is also used for appointment reminder emails and text messages, a newsletter and marketing which patients opt in to with a tick box/verbally on their first visit.  We check patients still want to receive communications on a regular basis.

We process your data using the lawful basis of consent for marketing, and fulfilment of contract and legitimate interest for processing your medical record and sending you health information and exercises relating to your condition. Your medical record is processed as Special Category Data under Article 9 2(h) of the GDPR.

Parents must give consent for communication with children under 16 years.

If you have consented to receive marketing (newsletters, exercise information and advice), you may withdraw your consent at any time and this request will always be fulfilled.

Data Sharing

Information is only shared with other persons with patient’s permission.  This would usually be with other health professionals for the purposes of referral.  Patient information is never passed on to other practitioners, persons or companies.

Data would extremely rarely be shared without consent, only if there was a legal order or in cases of serious safety risks.

We do not sell your data to any third parties.

Data Checks

Every year we check all active patient data is correct.

Security

Access to patient records is restricted to practitioners and admin staff who have signed a confidentiality agreement.

All electronic data is password protected and access to information can be restricted.  Systems are kept updated and antivirus security systems are in place and updated.

Passwords are changed every year.

Data breaches will be detected by observing signs of unauthorized entry to storage areas, monitoring communications or becoming aware of a security breach (e.g. a virus or unauthorized log on or change to permissions) on the computer system.  Data breaches will be investigated and reported to the Information Commissioner’s Office within 72 hours by the appointed person.  Patient’s will be informed if we believe a data breach has occurred.

Patients may contact the Information Commissioner’s Office if they believe a data breach has occurred.  Information Commissioner’s Office: 0303 123 1113

Subject Access Requests

All staff know that subject access requests must be responded to within a month and no charge can be made.

Data is only released on receipt of a signed request from patients or in exceptional circumstances.  Any data sharing is detailed in the patient record.

Patient Rights

You can request to see your data at any time, move your data to another practice, correct any inaccuracies, prevent marketing. You may request for details to be deleted but due to our legal obligation we cannot delete your health record but we can remove you from our contact list.

Complaints

If you have any concerns or complaints about data processing, please contact the data controller at Mariana Osteopathy.

You may also contact the Information Commissioner’s Office Directly on 0303 123 1113

Privacy Policy

Mariana Bakewell is the appointed Data Protection Controller at Mariana Osteopathy and is registered with the Information Commissioner’s Office.

Information Held
The following information is collected: patient name, address, date of birth, email address, phone numbers, GP details, past medical history, family medical history and case history for treatment carried out at clinic.  All information is given by the patient or their carer, parent or legal guardian.

Data Collection
Information collected is sufficient for the purpose of making informed clinical decisions.

Data is collected verbally on the phone by reception staff or practitioners to book appointments and take contact details. Medical information is collected by osteopaths verbally at a face to face appointment.

Patient contact details and appointments are stored on the computer and manually.  Patient clinical records are manual and electronic.

Data Storage
We use Cliniko for all appointment bookings. When booking online, you are required to enter your name, address, phone number and email address. Our access to this information is password protected and stored on the Cliniko servers. For more information, please visit http://www.cliniko.com

We use hand written notes which are stored securely and are only accessed by the osteopaths working here.

We use MailChimp to  send out newsletters. If you have agreed to receive marketing emails, including newsletters and exercise advice, your personal details will be stored securely on the servers at MailChimp. For more information, please visit http://www.mailchimp.com

Data disposal
Records cannot be deleted before statutory requirements for data retention – 8 years or up to 25 years of age for children

Notes are disposed of securely after 8 years or 25 years of age for children.

Electronic records are deleted from the system after 8 years or 25 years of age for children.

Consent
Patient data is also used for appointment reminder text messages, a newsletter and marketing which patients opt in to with a tick box/verbally on their first visit.  We check patients still want to receive communications on a regular basis.

We process your data using the lawful basis of consent for marketing, and fulfilment of contract and legitimate interest for processing your medical record and sending you health information and exercises relating to your condition. Your medical record is processed as Special Category Data under Article 9 2(h) of the GDPR.

Parents must give consent for communication with children under 16 years.

If you have consented to receive marketing (newsletters, exercise information and advice), you may withdraw your consent at any time and this request will always be fulfilled.

Data Sharing
Information is only shared with other persons with patient’s permission.  This would usually be with other health professionals.  Patient information is never passed on to other practitioners, persons or companies.

Data would extremely rarely be shared without consent if there was a legal order or in cases of serious safety risks.

We do not sell your data to any third parties.

Data Checks
Every year we check all active patient data is correct.

Security
Access to patient records is restricted to practitioners and admin staff who have signed a confidentiality agreement.

All electronic data is password protected and access to information can be restricted.  Systems are kept updated and antivirus security systems are in place and updated.

Passwords are changed every year.

Data breaches will be detected by observing signs of unauthorized entry to storage areas, monitoring communications or becoming aware of a security breach (e.g. a virus or unauthorized log on or change to permissions) on the computer system.  Data breaches will be investigated and reported to the Information Commissioner’s Office within 72 hours by the appointed person.  Patient’s will be informed if we believe a data breach has occurred.

Patients may contact the Information Commissioner’s Office if they believe a data breach has occurred.  Information Commissioner’s Office: 0303 123 1113

Subject Access Requests
All staff know that subject access requests must be responded to within a month and no charge can be made.

Data is only released on receipt of a signed request from patients or in exceptional circumstances.  Any data sharing is detailed in the patient record.

Patient Rights
You can request to see your data at any time, move your data to another practice, correct any inaccuracies, prevent marketing. You may request for details to be deleted but due to our legal obligation we cannot delete your health record but we can remove you from our contact list.

Complaints
If you have any concerns or complaints about data processing, please contact the data controller at Mariana Osteopathy.

You may also contact the Information Commissioner’s Office Directly on 0303 123 1113