BOOKING

Clinic Privacy Policy

Inverclyde Chiropractic
59 Shore Street, Gourock, PA19 1RF
Email: reception@inverclydechiropractic.com

Data Controller: Fiona Hutchinson 

1. Purpose of this Privacy Notice

This Privacy Notice explains how Inverclyde Chiropractic collects, uses, stores and protects your personal data. It is written in accordance with:

  • UK General Data Protection Regulation (UK GDPR)
  • Data Protection Act 2018
  • Information Commissioner’s Office (ICO) guidance for healthcare providers
  • General Chiropractic Council (GCC) Code of Practice (effective January 2026)

We are committed to protecting your privacy and handling your personal data lawfully, fairly and transparently.

2. Personal Data We Collect

We may collect and process the following categories of personal data:

  • Identity and contact details (name, address, telephone number, email address, date of birth)
  • Health data (medical history, examination findings, clinical notes, treatment records, imaging reports, correspondence, GP or NHS reports where relevant)
  • Administrative and financial data (appointment records, consent forms, insurance details and claim information)
  • Safeguarding data where applicable for patients under the age of 16

Health data and safeguarding information are classified as special category data under UK GDPR and are subject to enhanced protection.

3. Lawful Basis for Processing Your Data

We process your personal data on the following lawful bases:

  1. Contract – You request chiropractic care and we agree to provide it. Without relevant personal and health information, we cannot safely or effectively treat you. For health information, Inverclyde Chiropractic relies on UK GDPR Article 9 conditions relating to the processing of special category data, including processing necessary for the provision of healthcare and management of healthcare services. Health information is processed only where necessary, proportionate and lawful.
  2. Legitimate Interests – We have a legitimate interest in collecting and processing personal data to:
    • Provide safe, appropriate and effective chiropractic care
    • Maintain accurate clinical records
    • Manage appointments, reminders and clinical follow‑up
    • Communicate with other healthcare professionals involved in your care where appropriate
  3. Consent – We will ask for your consent where required, including:
    • Sending optional newsletters, health information or general updates
    • Sharing information with insurers for the purpose of claims
    • Sharing information with GPs, NHS services or other healthcare professionals when this is not otherwise justified by direct care requirements
    • You may withdraw your consent at any time by informing us verbally or in writing. Withdrawal of consent does not affect the lawfulness of processing carried out before consent was withdrawn.
  1. Legal Obligation – We are legally required to retain clinical records for minimum statutory periods and to comply with safeguarding and professional regulatory duties.
4. How We Use Your Information

Your information is used to:

  • Provide chiropractic assessment, treatment and ongoing care
  • Safeguard children and vulnerable individuals
  • Communicate with you regarding appointments, reminders or matters related to your care via email, SMS or telephone
  • Liaise with GPs, NHS services or other healthcare professionals involved in your care where appropriate
  • Process insurance claims with your insurer where requested
  • Maintain professional, legal and regulatory records

We do not sell your data or use it for automated decision‑making.

5. Marketing and Health Information

We may send general health information, articles or newsletters by email. This is optional and based on your consent.

You may opt out at any time by:

  • Informing us verbally or in writing, or
  • Using the unsubscribe option included in electronic communications
6. Data Storage and Security

We take appropriate technical and organisational measures to protect your data.

Your records may be stored:

  • Paper records – Stored in locked filing cabinets within locked premises
  • Electronic records – Stored using specialist practice management and clinical records software compliant with UK GDPR
  • Online booking systems – Used to manage appointments securely
  • Clinic computers and devices – Password‑protected, regularly backed up, and secured outside working hours

Email and SMS reminder systems are used for appointment communications. Access to all systems is restricted to authorised individuals only.

7. Personal Data Breaches

If a personal data breach occurs, Inverclyde Chiropractic will assess the nature and risk of the breach and take appropriate action. Where required by UK GDPR, the Information Commissioner’s Office (ICO) and affected individuals will be notified within the required timescales.

8. Who Has Access to Your Data

We only share your data where necessary, lawful and proportionate. Routine access may include:

  • Your treating chiropractor(s)
  • Our reception team (limited to contact details, appointment scheduling and reminders only)
  • Our practice management and clinical records software providers
  • Online booking system providers
  • Email and SMS communication providers
  • Insurance companies, for the purpose of processing claims with your consent
  • GPs, NHS services or other healthcare professionals involved in your care, where appropriate and lawful

Where third-party suppliers process personal data on behalf of Inverclyde Chiropractic, appropriate contracts, confidentiality requirements and security safeguards will be maintained. This may include clinical records software providers, appointment booking systems, email/SMS providers, insurers and IT service providers. Some service providers may process information outside the UK. Where this occurs, Inverclyde Chiropractic will ensure appropriate safeguards are in place in accordance with UK GDPR requirements.

We will only share your information where there is a lawful basis to do so, including where necessary for your care, where you have provided consent, where there is a legal obligation, or where required to protect vital interests.

9. How Long We Keep Your Records

We are legally required to retain clinical records:

  • Adults: at least 8 years from the date of last treatment
  • Children: until the patient reaches age 25

These retention periods reflect legal, insurance and professional requirements, including safeguarding obligations.

After this period, you may request deletion of your records. Otherwise, records may be retained securely in case you return for care.

10. Your Rights Under UK GDPR

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate or incomplete data
  • Request erasure of your data (subject to legal retention requirements)
  • Restrict or object to certain processing
  • Withdraw consent where processing is based on consent
  • Lodge a complaint with the Information Commissioner’s Office (ICO)

Requests should be made in writing to the Data Controller.

11. Complaints

If you have concerns about how your data is handled, please contact:

Data Controller: Fiona Hutchinson
59 Shore Street, Gourock, PA19 1RF
Email: fiona@inverclydechiropractic.com

If you are not satisfied with our response, you may contact the Information Commissioner’s Office.

12. Confirmation

You will be asked to confirm that you have read and understood the Privacy Policy.

Last updated: June 2026