GDPR Policy: Isabelle Scobie Osteopathy

I, Isabelle Scobie, operating as an independent practitioner am committed to ensuring the security and privacy of my patients' personal data. This GDPR compliance policy outlines how I collect, use, store, and protect personal data in accordance with the UK General Data Protection Regulation (UK GDPR).

1.     I collect and process the following personal data:

  • Contact Information: Name, address, email, and phone number.

  • Health Information: Medical history, treatment records and other relevant health information.

  • Communications: Records of communication with clients, including emails and phone calls.

2.     Lawful Basis for Processing Personal Data: 

I process personal data under the following lawful bases:

  • Contractual Obligation: To fulfil a contract or agreement with you.

  • Legal Obligation: To comply with a legal obligation.

  • Consent: When you have provided clear consent for us to process your personal data for a specific purpose.

  • Legitimate Interests: For purposes such as improving our services, provided these interests are not overridden by your privacy rights.

 3.     How your data is used:

I will only ever use your personal data to:

  • Provide and manage your healthcare services.

  • Communicate with you regarding appointments, services, and updates.

  • Maintain and update my records.

  • Improve our services and website.

  • Comply with legal and regulatory obligations.

4.     Data Retention:

I will retain your personal data for as long as necessary to fulfil the purposes outlined in this policy and in accordance with legal obligations according to the General Osteopathic Council. Specific retention periods are determined based on:

  • Legal requirements.

  • The nature of the personal data.

  • The purposes for which it was collected.

5.     Client Re-Engagement:

As part of my commitment to maintaining accurate records, I may contact clients who have not been treated for several years, in order to update their information and seek consent to remain on my database. This communication will include a clear opt-out option for clients who do not wish to be contacted further.

 6.     Data Security:

I implement appropriate technical and organizational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  •  Secure storage of electronic records.

7.     Data Subject Rights:

You have the following rights regarding your personal data:

  • Access: The right to request a copy of the personal data we hold about you.

  • Rectification: The right to request correction of inaccurate or incomplete data.

  • Erasure: The right to request deletion of your personal data in certain circumstances.

  • Restriction: The right to request that we limit the processing of your personal data.

  • Portability: The right to receive your personal data in a structured, commonly used format.

  • Objection: The right to object to the processing of your personal data in certain circumstances.

To exercise any of these rights, please contact me directly.

8.     Data Sharing:

I will not share personal data with third parties except:

  •  Where required by law or regulatory authorities.

  • With service providers who support me in delivering my services (e.g., the software company “Cliniko” which stores all data) under strict confidentiality agreements.

  • If necessary to protect the vital interests of a client or another person.

9.     Changes to This Policy:

I may update this GDPR policy from time to time to reflect changes in my practice or for other operational, legal, or regulatory reasons.  I will notify clients of any significant changes.

10.  Questions:

For any questions or concerns about this GDPR policy or my data processing practices, please contact me directly at isabelle.scobie.osteopathy@gmail.com

 Updated October 2024.