First Floor, Hawkhurst Pharmacy, 1 The Colonnade, Hawkhurst, Kent, TN18 4ES
Tel: 01580 753526
Data Controller: Philip Williamson (partner)
The way personal data is held and processed across the EU is changing from May 2018 with the introduction of the General Data Protection Regulation (GDPR), which supersedes its predecessor the Data Protection Act. The General Data Protection Regulation is far more extensive than the Data Protection Act, and along with the Privacy and Electronic Communications Regulations (PECR), seeks to protect and enhance the rights of EU data subjects. These rights cover the safeguarding of personal data, protection against the unlawful processing of personal data and the unrestricted movement of personal data within the EU and its storage within the EEA.
Who are we?
Hawkhurst Osteopaths is group practice providing osteopathic diagnosis and treatment to our patients. Osteopathic services are carried out in accordance with the Institute of Osteopathy’s “Patient Charter” (view at www.iosteopathy.org) and the General Osteopathic Council’s “Osteopathic Practice Standards” (view at www.osteopathy.org.uk).
What information do we collect about you?
How will we use the information about you?
Who do we share your data with?
What is our legal basis for processing your data?
We are required to have a lawful basis to hold data concerning you. The lawful bases for processing are set out in Article 6 of the GDPR. Different types of data we hold about you may require different lawful bases. We hold your data on the lawful basis of:
Legal obligation*: This requires that the data processing is necessary to comply with the law (The Osteopaths Act 1993).
Special Category Data (Article 9 of GDPR)**: This applies to the holding of sensitive data (such as medical data).
Legitimate interests pursued by Osteopaths: To promote treatments for patients with all types of health problems indicated for osteopathic care.
Consent: Through agreeing to this privacy notice you are consenting to Hawkhurst Osteopaths processing your personal data for the purposes outlined. You can withdraw consent at any time by using the postal, email address or telephone number provided at the start of this Privacy Notice.
*The lawful basis of Legal obligation applies because osteopathic services in the UK (including the gathering and retention of medical data) are regulated by the General Osteopathic Council (GOsC), a statutory regulatory body constituted by act of parliament. By law, osteopaths must be registered with the GOsC in order to practise in the UK. The GOsC places legal obligations on us regarding the gathering and holding of medical data from our patients which must be considered in conjunction with the provisions contained within the General Data Protection Regulation, and limits our capacity to comply with requests to erase data.
**Special category status applies as Article 9 of GDPR deems that “processing [of sensitive data] is necessary for reasons of . . . ensuring high standards of quality and safety of health care . . . .”
How long will we hold on to your data?
The GDPR requires that we hold data about data subjects only for as long as is necessary for the purpose that the data is required. As osteopaths operating under statutory regulation (Osteopaths Act 1993), our regulatory body (The General Osteopathic Council) requires us to retain medical records of our patients for a minimum period of 8 years from the last recorded treatment (for adults) and for minors who have received treatment we are required to keep the records until that patient has reached the age of 25. We are, however, permitted to retain data for longer than this period if there is a reason to do so. As we have many patients who return for treatment many years after a previous visit, it is our policy for adequate provision of their continuing care to retain medical records for a period of 20 years from the date of their last treatment, and in certain circumstances (for legal or clinical reasons) we may retain records for longer.
Important rights you have regarding the data we hold about you
1.The right of access to your information and correction
You have a right to see the data we hold about you. If you would like copies of some or all of the personal information we hold about you, please contact us using the contact details listed at the top of this Privacy Notice. We have an obligation to provide you with this information within one month of application. 
Our aim is that all the data we hold about you is accurate and complete. If this is not the case, you have the right to ask us to correct the information we hold.
In certain circumstances you can ask for the data we hold about you to be erased from our records. In the event that Osteopaths refuses your request under rights of access, we will provide you with a reason as to why, which you have the right to legally challenge.
You also have the right to ask us how we process your data, and who can see your data.
2. Your right to be forgotten
You have the right to ask us not to contact you again. We will respect this whilst not prejudicing our legal obligation to retain your medical records.
3.The right of portability
You have the right to transfer the data we hold about you to other organisations. As we have a legal obligation to retain your original records within our practice, our policy is to provide, on request, copies of your records, or a written summary to transfer to other organisations. Your osteopath will be able to provide guidance on the most appropriate format for your data transfer.
4. The right to object
You have the right to withdraw your consent for us to process your data at any time, within the constraints placed on us by our obligation to retain your medical data for statutory reasons. Please inquire from the Data Controller named at the top of this notice about the implications of withdrawing your consent on your osteopathic care.
We have an obligation to report any data breaches to the Information Commissioner’s Office (ICO) within 72 hours of the discovery of any breach.
In the event that you wish to make a complaint about how your personal data is being processed by Hawkhurst Osteopaths you have the right to complain to us. Please contact the person named as Data Controller at the top of this notice. If you do not get a response within 30 days, you can complain to the ICO. The ICO can be contacted at:
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF
Telephone: +44 (0) 303 123 1113
1. Or to detect, prevent or mitigate fraud or security or technical issues; or to protect against imminent harm to the rights, property or safety of its staff.
2. We will accept the following forms of identification (ID) when information on your personal data is requested: a copy of your driving licence, passport, birth certificate and a utility bill not older than three months. A minimum of one piece of photographic ID listed above and a supporting document is required. If Hawkhurst Osteopaths is dissatisfied with the quality, further information may be sought before personal data can be released.