Privacy Policy
Dragon Ultrasound believes strongly in protecting our users' privacy. We will not wilfully disclose information about our users to any third party without first receiving our users' consent.
This Privacy notice sets out the privacy practices for the services offered on Dragon Ultrasound’s website. In this policy, the word “Website” refers to Dragon Ultrasound’s website: www.dragonultrasound.co.uk.
All data is held securely and in compliance with the Data Protection Act 2018.
Our privacy notices may be updated from time to time. You should check this page from time to time to ensure that you are happy with any changes.
If you have any queries about this privacy notice or how we process your personal data, you can contact our Data Protection Officer, by email: dragonultrasound.info@gmail.com, telephone: 01443 224397, or by post: Data Protection Officer, Dragon Ultrasound, 14 The Courtyard, Parc Busnes Edwards, Llantrisant, RCT, Wales, CF72 8TQ.
Data Protection
We are committed to the principles inherent in the GDPR and particularly to the concept of privacy by design, the right to be forgotten, consent and a risk-based approach. In addition we aim to ensure:
· Transparency with regards to how we use data
· Any processing is lawful, fair, transparent and necessary for a specific purpose.
· Data is accurate, kept up to date and destroyed when no longer necessary.
· Data is kept safely and securely.
Your Personal Information
All personal information you provide via the website will be treated as private and confidential. Please see any pages where information is collected for further relevant information.
Access to information
Under data protection legislation an individual has the right (subject to certain exemptions) to access the information that an organisation holds about them. Accessing personal data in this way is known as making a subject access request. Subject access requests are different to requests submitted under Freedom of Information (FOI) legislation, which relate to information about the organisation itself. We provide further clarity at the links below:
Sharing of Information
Dragon Ultrasound will not sell, rent, trade or give away any user's personal information or email lists to third parties without first obtaining the user's consent.
This Website contains links to other websites. Dragon Ultrasound is not responsible for the privacy practices and/or the content of such websites. You should exercise caution and look at the privacy statement applicable to the website in question.
Where possible we will let you know when you are visiting an external website within the link text.
Security
Dragon Ultrasound is committed to the security of our users' personal information and we have security procedures in place to protect against loss, misuse or alteration of personal information under our control.
Capturing of Personal Information outside the European Economic Area
Along with processing personal information in accordance with the requirements set out in the Data Protection Act 2018, there may be instances where we may capture and process personal information from outside the European Economic Area. When this is done we will endeavour to comply with the requirements of any local data protection laws.
Contacting Us
If you have any queries about this privacy notice or how we process your personal data, you can contact our Data Protection Officer by email: dragonultrasound.info@gmail.com, telephone: 01443 224397, or by post: Data Protection Officer, Dragon Ultrasound, 14 The Courtyard, Parc Busnes Edwards, Llantrisant, RCT, Wales, CF72 8TQ.
You may contact us to request details of personal information which we hold about you.
If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible, at the above address. We will promptly correct any information found to be incorrect.
Client Privacy Notice
How we manage and protect information about you
The General Data Protection Regulations and The Data Protection Act 2018 replace the Data Protection Act 1998 meaning that new laws have been introduced which govern how we manage the information you share with us. The new law is designed to ensure that you have control over the information we hold about you and that you are fully informed about how we keep this information, who we share it with and when and how we erase this data. Dragon Ultrasound collects information about you to help us give you the best possible care. We are required to maintain full and accurate records of the information we collect about you and the care we provide for you. We are required to keep this information confidential and secure. These records are known as your personal information and relate to you as the data subject.
What personal information do we collect from you?
We collect personal information about you such as your name, DOB, address and contact details alongside any health-related information required for the delivery of health care services. We may also ask you to provide us with your GP details so that we can inform your practice of any treatment you receive while under our care. The information you provide may be recorded in your printed report, and in the electronic copy of the report on a computer. By collecting this information from you we are legally recognised as processors of your information and are required by law to adhere to strict processing rules. When you arrive for an appointment, staff may check your details with you to ensure that our records are accurate. To assist with this, it is important that you notify us of any changes to your personal details (e.g. address, contact number, next of kin etc.). Most of our clients find it helpful to receive clinic appointment reminder text messages, please ensure that you let us know whether or not you wish to receive this service. If you change your mobile number, even if you have elected to not receive text reminder messages it is important that you let us know about the changes.
Why do we need a legal basis for processing your data?
Under the new law, we are only allowed to process your details if we can evidence the legal basis for doing so. We therefore process your information under the legal basis of ‘Provision of Healthcare or Treatment and Services’ (Article 9 GDPR) and (chapter 2, section 9 of the Data Protection Act 2018). For further information on this legislation please visit: http:// www.legislation.gov.uk/ How long do we keep your records for? Notice owner: Dragon Ultrasound maintains client records and stores them safely and in good condition for eight years from the date of the client’s last visit or, if the client is a child, until his or her 25th birthday, or 26th birthday if the patient was 17 at the conclusion of treatment.
How do we use the information we collect to help you?
We may use the information we collect to help us provide services to you in the following ways:
· GPs or other healthcare professionals involved in your care need accurate information about you to assess your health and deliver the care you need.
· To ensure information is available if you need to be referred to another health professional.
· To ensure your concerns can be properly investigated if you are unhappy with the care you have received.
How else could your information be used? Your information may also be used to help us to:
· Review the care we provide to ensure it is of the highest standard.
· Investigate incidents, complaints, or legal claims.
· Make sure our services can meet client needs in the future.
· Assist in training and education of healthcare professionals.
· Remind you about your appointments and send you relevant correspondence.
· Contact you regarding feedback you have provided.
· Contact you to discuss clinical matters relating to care, or onward referral. Where possible we will anonymised your personal information so as to protect client confidentiality, unless there is a legal basis to act otherwise.
Do we share information about you with anyone?
There are times when it is appropriate for us to share information about you and your healthcare with others. We may share your information with the following main partners:
1. GPs and other referring healthcare professionals We will only share contact and ultrasound report/clinical history details with these professional services with your explicit consent unless compelled to do so by law.
2. Text/Email Reminders - SimplyBook.me. This is the organisation which sends out client appointment reminder texts/emails. We share your mobile number, email address, your name, appointment details in order that they can remind you of your next visit. We will only share your contact and appointment details with this organisation with your explicit consent. We will not disclose your information to third parties without your permission unless there are exceptional circumstances such as the health and safety of another person is at risk or where the law requires information to be passed on. Where patient information is shared with or processed by other organisations, Dragon Ultrasound ensures information is managed in a way that complies with relevant legislation.
There may be occasions when we must pass on information without your consent which can include:
· Reporting of some infectious diseases as required by the Health Protection (Notification) Regulations 2010.
· To help prevent, detect, or prosecute serious crime.
· If a court orders us to do so.
· When you have expressly requested that we do so i.e., to your solicitor or insurance company. In all cases where we must pass on information, we will only share the minimum amount of information required and where possible data will be anonymised (i.e., does not identify you personally). Anyone who receives personal information from us also has a legal duty to keep it confidential. Even when we are legally required to pass on your personal information will always endeavour to obtain your consent wherever possible. We will make every effort to inform you if we are compelled by legal requirement to share your information without your consent. We will only pass on information to your relatives, friends, and carers with your consent, unless we are compelled to do so by law.
How do we keep your information confidential?
We protect your information in the following ways:
· Training – All relevant staff are trained to understand their duty of confidentiality and their responsibilities regarding the security of client information.
· Access Controls – Any member of staff having access to our systems holding client personal information will only be able to do so through with an authorised login containing a complex password which is changed regularly.
· Records Management – All records are stored confidentially in secure locations.
· Legal requirement – We are bound by law to protect your information via the following legislation: General Data Protection Regulation (GDPR) o Data Protection Act 2018 o Human Rights Act 1998.
How we ensure that we are compliant with the law?
We have appointed a Data Protection Officer who ensures that these laws are upheld within our clinical services. We hold and process your data in accordance with the GDPR and the Data Protection Act 2018. We have a duty to:
· Maintain full and accurate records of the care we provide to you.
· Keep records about you confidential and secure.
· Provide information in a format that is accessible to you.
Dragon Ultrasound is committed to securing your personal information from unauthorised access, use or disclosure. All personal information is stored on computer systems in controlled, secure environments which are protected from unauthorised access, use or disclosure and satisfy the requirements of UK and EU law. All our records are destroyed in accordance with the legal retention period relevant to the status of the information contained within these records. All records are destroyed confidentially once their retention period has been met, and Dragon Ultrasound has made the decision that the records are no longer required.
What are your rights?
If we need to use your personal information for any reasons beyond those stated above, we will discuss this with you and ask for your explicit consent. GDPR and the Data Protection Act 2018 gives you the following rights:
· To request access to the personal data we hold about you, e.g. in health records.
· To request the correction of inaccurate or incomplete information recorded in our health records, subject to certain safeguards.
· To refuse or withdraw consent to the sharing of your health records
· To request your personal information to be transferred to other providers on certain occasions.
· To ensure that your personal information is kept confidential and only shared within the legal framework of the GDPR or the Data Protection Act 2018.
Can you see the information we collect about you?
The GDPR also gives you the right to know what information we hold about you, what we use it for and if the information is to be shared, who it will be shared with. You have the right to apply for access to the information we hold about you, whether it is stored electronically or on paper. We have a duty to provide this information in a format that is accessible to you and in a way that you can understand, explaining any abbreviations where necessary. Where you agree, this access right may be met by enabling you to view the record without obtaining a copy. After having viewed your records, if you believe any information is inaccurate or incorrect, please inform us of this in writing.
If you are not satisfied with how we are processing your personal data, you can make a complaint to the Information Commissioner. Data Protection Officer, by email: dragonultrasound.info@gmail.com, telephone: 01443 224397, or by post: Data Protection Officer, Dragon Ultrasound, 14 The Courtyard, Parc Busnes Edwards, Llantrisant, RCT, Wales, CF72 8TQ.