The General Data Protection Regulation (GDPR) is a new legal framework on data protection and privacy in the UK and EU. It sets regulations about data collection and processing and applies to everyone who processes data as part of their business.
This privacy policy, as part of the consent form, sets out how Malvern Diabetes Dietitian uses and protects any personal information that you provide us.
We are committed to protect your privacy and confidentiality of your personal information. Our policy is not just an exercise in complying with the law, but a continuation of our respect for you and your personal information.
Our policy complies with the Data Protection Act 2018 accordingly incorporating the EU General Data Protection Regulation (GDPR).
Should we ask you to provide certain information by which you can be identified when using our services, you can be assured that it will only be used in accordance with this privacy policy effective as from 20/12/2020
By giving your consent you are accepting and consenting to the practices described in this policy.
We collect personal data in order to provide and independent nutrition and dietetic services to you.
What type of information we have?
We currently collect and process the following information:
- Information in relation to your consent.
- Name and contact information including: home address, e-mail, contact telephone numbers.
- Occupation, gender, marital status.
- Contact details of GP/ other Health Professionals involved in your care.
- Past and current medical condition and medical tests, current medication, blood results, anthropometry and lifestyle information provided by the client.
How we get the information and why we have it:
Most of the personal information we process is provided to us directly by you for one of the following reasons:
Professional clinical record keeping of client information
Sharing information with relevant health professionals
Security
Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:
Your consent. You are able to remove your consent at any time. You can do this by contacting us. See the contact us section.
What we do with the information we have:
We use the information that you have given us in order to provide you appropriate advice to support your diabetes.
We may share this information with your Diabetes Team, General Practitioner or Consultant with your consent.
We will not distribute, sell or lease your personal information to third parties unless we have your explicit permission or we are required by law to do so.
If you believe that any information we are holding on you is incorrect or incomplete, please email or write to us as soon as possible. We will promptly correct any information found to be incorrect.
How we store your information:
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure we have put in place encrypted electronic systems to safeguard and secure the information we collect.
We keep the information you provide us for 8 years. We will then dispose of your information by deleting the electronic copy.
Your data protection rights.
Under data protection law, you have rights including:
– Your right of access – You have the right to ask us for copies of your personal information.
– Your right to rectification – You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
– Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
– Your right to restriction of processing – You have the right to ask us to restrict the processing of your information in certain circumstances.
-Your right to object to processing – You have the right to object to the processing of your personal data in certain circumstances.
– Your right to data portability – You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.
– You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Please contact us if if you wish to make a request. See the contact us section.
How to complain:
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113