Privacy Policy - Practitioners 

 

1. Your personal data – what is it?
 

Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation (GDPR), from 25th May 2018.

 

2. Who is responsible for managing my information? 
 

Southville Clinic Limited is the data controller (contact details in section 16). This means it decides how your personal data is processed and for what purposes. 

Southville Clinic Limited complies with its obligations under the GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data. Our ‘Security Policy’ is available on request.

 

The website www.southville-clinic.co.uk is owned and maintained by Southville Clinic Limited. We do not use cookies. 

 

We are responsible for the collection and proper management of any personal information you submit. We will keep your personal details secure and use the information you provide consistently with applicable privacy and data protection laws and the terms of this ‘Privacy Policy’. 
 

3. What information do we collect?
 

Prospective practitioners: You will be asked to complete a ‘Professional Information’ Form. This data will be held securely until either you enter into a contract with Southville Clinic or you indicate that you do not wish to enter into a contract with Southville Clinic.

 

Practitioners, contract in place/process: You will be asked to complete a ‘Professional Information’ Form. 

 

The following data will be collected via the ‘Professional Information’ Form:

Full Name:

Date of Birth:

Business Description:

Qualifications (Including where and when obtained; sight of documents required):

Home Address:

Home Telephone:

Mobile Telephone:

Email Address:

Website (If applicable):

The following details are a compulsory condition of tenancy at Southville Clinic:

1. Current member of recognised registration body (Sight of original documents and copy required):

a. Name of professional body:

b. Registration no:

c. Date of initial registration:

2. Current indemnity insurance (Sight of original documents and copy required):

a. Name of insurer:

b. Date of renewal:

3. References

a. Professional Referee

Name:

Address:

Telephone no:

Email:

b. Previous business landlord (if applicable)

Name:

Address:

Telephone no:

Email:

 

CCTV: We use CCTV monitoring outside our premises. Signs are in place to identify the locations of the cameras. Recording is 24/7 and images are stored securely on the premises. We run this security measure jointly with Southville Surgery. No images are recorded within our premises.

 

Website information (optional): If you wish to provide information on the Southville Clinic Website, please provide accurate and relevant information for public dissemination. 

 

Bank Information:This data will only be collected if it is required to refund monies to a practitioner. 

 

Telephone call recording: All incoming and outgoing calls may be recorded. Call recording is currently suspended. 
 

4. Practitioners as Data Processors

Data processor have specific legal obligations; for example, they are required to maintain records of personal data and processing activities. They have legal liability if they are responsible for a breach.

We consider all Practitioners to be ‘data processors’ on our behalf. Please see ‘privacy policy – clients’ (available via the website), as this outlines the data we collect on clients and how we use this data. 

Please note that the data we collect can ONLY be used for administration of appointments at Southville Clinic and in line with our ‘privacy policy – clients’. If you wish to use client data for other purposes, you must seek explicit consent for this directly from the client concerned. 

Security: We expect practitioners to ensure they handle any client data supplied by us in a secure way. Please ensure your computer is secured appropriately and that you do not share your password with anyone. You may find the following guidance useful: www.ncsc.gov.uk/smallbusiness

Children (0-18): We are unable to collect or store information about children. When an appointment is requested for a child, we will pass on parental contact details to enable you to deal with this type of query.
 

5. Practitioners as Data Controllers

Practitioners will also act as data controllers in relation to any additional information they collect from clients, such as consultation notes. We expect you to have appropriate policies in place for managing this data collection and storage. Southville Clinic has no role in the collection or management of this additional data i.e. we are not the data controller or processor, and accept no responsibility or liability for the collection, storage or security of this data. 

Please do not store additional information on the ‘Need More Time’ platform. We ask practitioners to make provision for collection and storage of any additional information collected from clients, in line with our ‘privacy policy – clients’. 

 

6. Other Data Processors 

‘Need More Time’ 

Where we use the following ‘Need More Time’ services:

Telephone answering – to supplement our in-house reception staff and manager

Calendar – secure appointment booking system

More information about this company can be found at: 

 

www.needmoretime.co.uk

 

Southville Surgery

In relation to joint CCTV monitoring only. 

 

Channel Communications

Telephone call recording only. Call recording is currently suspended. More information can be found at:

 

https://www.channelcomms.co.uk 

 

7. Lawful basis for processing
 

Contract – Practitioners who enter a contract with Southville Clinic

Consent – Prospective Practitioners

 

When we collect information directly from you, with your consent, consent is obtained verbally or in writing, depending on the method of contact. 

 

8. How do we use your information? 

 

Your personal data will be treated as strictly confidential and will be shared with relevant individuals only. The only exception to this is information provided to be displayed on the Southville Clinic website (optional), where this information is publicly accessible and as such we cannot control how this data will be used by third parties.

Specifically, the information you provide may be used: 

  • to enable us to draw up and administer our contract with you;
  • to confirm and remind you of your professional registration expiry date(s);
  • to put you in direct contact with clients;
  • to enable us respond to your queries;  
  • to enable the directors to review and approve your contract with Southville Clinic;
  • to provide a refund of any monies owing during or at the end of a contract term;
  • CCTV: if an incident or crime occurs in the view of our cameras, we may review the images and resolve a minor matter internally or pass images on to the police, if relevant to a criminal offence.
  • Telephone call recording: if an incident occurs when a client is abusive or inappropriate during a telephone contact. To establish appropriate billing for telephone calls (minimum call duration to do this). 

 

We will never use your information for marketing. We will never use your images for any other purposes.
 

9. Who will we share your information with? 
 

In order to provide you with the services that we offer we may share your information with: 

  • Reception staff
  • ‘Need More Time’ telephone answering staff
  • ‘Need More Time’ secure calendar software for appointment booking
  • Clients
  • Clinic Directors
  • Accountant
  • Bank

 

We will never share your information with 3rd parties for direct marketing.
 

10. When can we contact you in the future? 
 

Other than the circumstances outlined above, we will never send you information about our products and services, or information from third parties.
 

11. How long will we hold your information for? 
 

We have a system of retention periods in place to ensure that your information is only stored whilst it is required for the relevant purposes or to meet legal requirements. Where your information is no longer required, we will ensure it is disposed of in a secure manner. 

 

Practitioners, with a contract in place: We will hold your data securely throughout the duration of our contract with you. Our Policy is to delete information at the end of a contract term as soon as possible. This includes paper and digital copies of data held.  If we have requested your bank information, in relation to processing a refund, we will need to hold this data for accounting purposes and in line with our legal obligations to HMRC (HMRC current requirement for limited companies; 6 years of accounts). 

 

Prospective Practitioners: We routinely delete your data when either you have indicated that you do not wish to enter into a contract with Southville Clinic, or within 3 months of non-contact. If you want us to remove your data ahead of this automated deadline then please contact us (see section 16 for full contact details), either verbally or in writing. Please note we have 28 days to comply with any request for data deletion.
 

12.Cookies 
 

Our website does not use cookies. 
 

13. How can you access and update your information? 
 

You have the right to request a copy of the information that we hold about you. If you would like a copy of some or all of your personal information, please email or write to us at the address below. We will process any requests for information (Subject Access Requests) within 28 days, subject to identity verification. We reserve the right to charge a fee if multiple requests are made for the same information or if the request is ‘unfounded or excessive’. 

 

We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate at any time, either verbally or in writing. We have up to 28 days to consider and correct any inaccuracies. (Contact details, section 16)
 

14. Does the policy apply to linked Websites?
 

Our website contains links to other websites. This privacy policy only applies to Southville Clinic website so when you link to other websites you should read their own privacy policies. Please note we are not responsible for the information or accuracy of information on these linked websites. 
 

15. How do we update this privacy policy? 
 

We keep our privacy policy under regular review and we will place any updates on our webpage. This privacy policy - practitioners was last updated on 8th May 2018. Planned review date: 8thMay 2019. Please note that this policy can be updated at any time and without notice. 
 

 

 

16. Who can you contact if you have queries about this privacy policy? 
 

Please contact us if you have any questions about our privacy policy or information we hold about you. 

 

Clinic Reception Manager: Karen Pitman

 

0117 963 2335
info@southville-clinic.co.uk
Southville Clinic, 68, Coronation Road, Bristol, BS3 1AS

 

17. How can you report a data breach?
 

If you have concerns that your data has been accessed, shared or otherwise used for purposes not outlined within this document or without your consent. Please contact us as soon as possible and we will investigate the matter. (Contact details provided in section 16)
 

18. Your rights and your personal data 

 

Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data: 

  • The right to request a copy of your personal data which Southville Clinic Limited (data controller) holds about you (supplied within 28 days); 
  • The right to request that the Southville Clinic Limited corrects any personal data if it is found to be inaccurate or out of date (corrected within 28 days); 
  • The right to request your personal data is erased where it is no longer necessary for Southville Clinic Limited to retain such data (erasure within 28 days); 
  • The right to withdraw your consent to the processing at any time; 
  • The right to request that the data controller provide the data subject with his/her personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), (where applicable). 
  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing; 
  • The right to object to the processing of personal data, (where applicable) 
  • The right to lodge a complaint with the Information Commissioners Office

Please contact us if you would like to exercise these rights (contact details in section 16). For more information about data protection and your rights visit: www.ico.org.uk
 

19. Comments
 

If you have any comments or suggestions in relation to this policy or require additional information, please contact us (contact details in section 16).