Privacy Policy
At Prozone Health your privacy is important to us. We take great care to safeguard the personal information provided by our clients and to process such data fairly and lawfully in accordance with data protection regulations and clinical confidentiality guidelines. This Privacy Policy explains details of what personal and special data (personal information) we collect from you, the lawful basis we have for processing your data, what we do with it, how secure it is and who we might share it with. In this policy ‘Personal Data’ includes any information relating to an identified or identifiable person e.g. names and addresses, dates of birth and telephone numbers and ‘Special Category’ are personal data that reveal the health status of an individual.
Why we collect information about you
At Prozone Health we aim to provide you with the highest quality of healthcare. Our lawful basis for collecting and processing your data is that it is necessary for the provision of healthcare and that processing the data we hold is in the vital interests of our clients. In order to provide you with healthcare, we must keep records about you, your health and the treatment we have provided or plan to provide to you i.e. both personal and special categories of data. The information we collect may include:
- basic details about you such as your name, address and date of birth
- contact we have had with you such as telephone consultations
- notes and reports about your health that you have given to us or have given us express permission to get from a third party
- details and records about your treatment and care
- Lorem Ipsum
How your records are used
Our treatment consultants use your records to:
- provide a good basis for all health decisions made in consultation with you
- deliver appropriate health care
- contact you from time-to-time with other information about the clinic and with the clinic newsletter
Disclosure
At Prozone Health we maintain our duty of confidentiality to you at all times. We will not disclose your personal information to a third party without your consent, other than when it is required to deliver the service we provide e.g. if you pay your account using a debit or credit card your details will be shared with the card payment company. Your details will never be shared with another company for marketing purposes. The clinic will only disclose your personal information to a third party without your consent when it is required to do so by law e.g. under a court order or if it is justified in the public interest.
Security of your personal information
We take the security of your personal information very seriously and have taken appropriate measures to prevent unauthorised access or information from being lost, damaged or destroyed.
In order to support the delivery of our service we may, on occasion, use third party companies e.g. to manage our healthcare software, to process payments and for the confidential destruction of patient records. In every instance, these companies are contractually obliged to be operating within General Data Protection Regulations (GDPR) guidelines.
We use Ovatu to store our patient records electronically which is GDPR compliant and secure. Data is encrypted to safeguard and secure personal information and protect it from misuse, interference, loss and unauthorised access, modification and disclosure.
Personal information which is held in paper files is stored securely at the clinic, which is fully alarmed when not in use.
All of our staff and contractors receive appropriate and on-going training to ensure they are aware of their personal responsibilities and have contractual obligations to uphold confidentiality, enforceable through disciplinary procedures.
In the unlikely event of a data breach involving your personal information and affecting your privacy rights, a report will be made to the Information Commissioner’s Office (ICO) within 72 hours.
Online security and use of cookies
Prozone Health does not capture and store any personal information about individuals who access its website, except when personal details are given voluntarily either via email or using an online form. Any information provided in this way is used exclusively by the clinic to provide you with information about our services. Personal information will never be disclosed to a third party for marketing purposes.
It is not possible to guarantee the security of personal information transmitted over the internet and any information submitted on our website or by email is at your own risk. By submitting information to us in this way, you agree to its transfer, processing or being stored. Any information received in this way will be treated securely and in line with this policy.
When you enter the clinic website your computer will automatically be issued with a cookie. Cookies in themselves do not identify the individual user, just the computer being used. Many websites use cookies whenever a user visits them in order to track traffic flows. Cookies from the clinic website will no longer be stored on your computer once your browser is closed.
The cookies on Prozone Health’s website are only used to identify your computer to our server in order to do the following:
- monitor which areas of the site you use during your visit so that we can assess which areas of the site are of most interest and plan future development accordingly
- provide online services which provide information to be passed from page to page during the course of their execution
You are able to set your computer to notify you when a cookie is issued or to not receive cookies at any time. If you decide to not receive cookies it means that certain personalised services cannot be provided to you.
By using Prozone Health’s website you consent to our use of cookies.
Transferring personal information to a country outside the EU.
On very rare occasions the clinic may wish to transfer a client’s personal information to a country outside of the European Union (EU). GDPR allow personal information to be transferred to countries with what the European Commission has determined to be ‘adequate’ levels of data protection. Transfers may also be allowed to non-EU countries which are not considered to offer adequate levels of data protection under certain circumstances. Should there be a need to transfer client information to such a country, the clinic will investigate whether or not it is in fact possible to make the transfer on a case-by-case basis. If it is deemed that the transfer is allowable, personal information will only be sent with the express consent of the client.
Your rights
You have a right under GDPR to view information the clinic holds about you, to have that information amended should it be inaccurate or to have it erased. In general, if you would like to see your information, request any changes or have your record erased then you should contact the clinic in writing. You will receive a written reply within one month. It may be possible, however, to make some simple changes e.g. correcting a telephone number, by contacting the team. If you are not sure who to contact, the clinic will be happy to guide you to the correct person. Other than for simple changes you may be required to provide appropriate evidence of your identity (for this purpose we will normally accept sight of your original passport, or a copy certified by a solicitor, plus an original copy of a utility bill dated within the last 3 months showing your current address).
There may be exceptions to your right to view your record or have it amended or deleted e.g. if you request a copy of your medical record and a treatment consultant believes that it contains information that, if released, might cause serious harm to your physical or mental health, or to that of any other person, this information may be redacted. In addition, any information from, or identifying, a third party will be removed unless consent has been received from the third party that it can be included. Medical records are also required by law and practice policy to be kept for a minimum period of time and cannot be deleted before this. You do, however, have the right to opt-out of receiving any contact from the clinic at any time. Furthermore, if you request an alteration to your record but your treatment consultant believes that it represents a fair account of your diagnosis and treatment, then the treatment consultant is not obliged to alter your record in any way.
If you are unhappy about the way in which your data are being handled by the clinic you have the right to complain to the ICO.
Contact
If you have any queries about this policy please contact the clinic and we will be happy to help.
Data Controller
For the purposes of GDPR the data controller is Prozone Health, Unit 2, Woodhorn Business Centre, Woodhorn Lane, Oving, Chichester, West Sussex, PO20 2BX.