Fusion Acupuncture Privacy Policy

  • This privacy notice tells you what to expect when Fusion Acupuncture collects your personal information. All personal information is held strictly in accordance with the Data Protection Act 1998 and the General Data Protection Regulation 2018. This legislation places a requirement to inform you about the way in which we use, share and store this information.

  • Who is Fusion Acupuncture?

    Laura Robertson in the Data Controller at Fusion Acupuncture, and is responsible for the personal data in this privacy notice. This notice applies to any information that we collect from patients, the visitors to our website, and the people who subscribe to our newsletters. Our website address is:

    https://fusionacupuncture.co.uk

  • What is personal data?

    Personal data means any information held that is capable of identifying you as an individual. This includes personal information provided by you, your contact details, any appointment details and also clinical data provided regarding your health, symptoms, and any other information relevant to your care.

  • Why do we collect your personal data?

    We comply with all our obligations under GDPR by keeping personal data up to date, storing it securely, in addition to, not collecting excessive amounts of data, and ensuring that adequate technical measures are in place to protect this personal data from loss, misuse, and unauthorised access.

    We need to legitimately collect personal data from you not just to enable us to provide you with the best possible treatment, but also to ensure that we can treat you safely.

  • What do we do with your personal information?

    The data we collect from you is almost all exclusively provided by you when you complete the ‘initial patient health questionnaire’ prior to any treatment. This includes your full name, date of birth, address, occupation, phone number(s), email address(es), next of kin, details of medication and your medical history. All this data is stored electronically (in ‘the cloud’) using a specialist software for health practitioners (called “Cliniko”). This software provider complies with GDPR requirements, ensuring that all data stored is backed up on a secure and encrypted server that cannot be accessed by any third parties. Access to this database is password protected and this is changed on a regular basis. Any digital notes taken during consultations are on a designated work tablet which is also password protected. The password is changed on the 1st of the month to avoid any breaches of security and/or unauthorised access. This data is thereafter stored securely with Cliniko and filed under your patient notes.

    This personal and health data is necessary and ultimately used to provide you with the most effective and relevant diagnosis and treatment. Consent for any treatment forms part of your ‘initial health questionnaire’, and acts as a two way contract to enable us to provide this to you legally. We are unable to treat you should you refuse to provide this information and/or consent.

    We may also contact you by email or on occasions by phone to confirm your appointment times and/or contact you with regards to any aspects that are relevant to your treatment.

    In addition to this, and should you provide additional consent, we may periodically send you general health articles, or newsletters. You can withdraw consent for this at any time by contacting us directly.

    Please be assured that we will not share your data with any other parties without written consent from you. The only people that will be able to access your information will be your practitioner to ensure they are able to carry out your treatment safely and effectively. In addition to this, our newsletters or other information is circulated by gmail, and generated from mailing lists held on Squarespace therefore details of your name and email address may possibly be saved with them on their server to facilitate this process.

  • How long do we keep your personal data?

    We have a legal obligation to retain your patient records for a period of 7 years after your most recent contact, or in the case of minors when they reach the age of 25 years.

    All records will be deleted electronically after this period.

    At any time you may request that changes are made to the data held by us.

  • Accessing your personal data

    You can request a copy of any personal data that we hold about you at any time. Please contact us to directly to arrange this.

    You can also request that we correct any factual errors or any inaccurate or out of date information. You also have the right to request that your personal data is erased when it is no longer necessary or legally required for us to retain this.

    Please be absolutely confident that we treat your personal data responsibly, securely, and ensure that it is only be accessed by individuals who have a genuine need or requirement to do so.

    Should your data be lost or it is subject to any breach of security you will be notified. We shall also inform the Information Commissioner’s Office in accordance with the time limits in the GDPR, and also with the British Acupuncture Council (BAcC).

  • Sharing your personal data

    Your personal data will be treated as strictly confidential, and will only be shared in the following situations:

    a) With named third parties with your explicit consent;

    b) With the relevant authority such as the police or a court, if necessary for compliance with a legal obligation to which we are subject e.g. a court order;

    c) With your doctor or the police if necessary to protect yours or another person’s life;

    d) With the police or a local authority for the purpose of safeguarding a children or vulnerable adults; or

    e) With my regulatory body, the British Acupuncture Council, or my insurance company in the event of a complaint or insurance claim being brought against me; or

    f) My solicitor in the event of any investigation or legal proceedings being brought against me.

    For further details about the situations when information about you might be shared please see the Information Commissioner’s website at https://ico.org.uk/for-the-public/personal-information/sharing-my-info/

  • Complaints

    Should you feel unhappy or believe that your data is being mishandled in any way, you have the right to complain. Please send details of this to the “data controller” listed above in the first instance and we will ensure the this matter is addressed appropriately.