Why We Collect Your Personal Data and How We Use It

When you provide your personal details to this clinic, we store and process them for the following reasons, in line with the General Data Protection Regulation (UK GDPR):

1. Providing Treatment – We need to collect details about your health to offer the best possible care. By requesting treatment and our agreement to provide it, we form a contract. While you have the right to withhold information, doing so may prevent us from delivering treatment.
2. Legitimate Interest – We require this information to ensure that we can provide safe and effective care within the clinic environment.
3. Communication – We may contact you to confirm appointments or provide updates relevant to your treatment.
4. Health Information & Marketing – With your consent, we may occasionally send you general health-related advice, articles, or newsletters. You can withdraw this consent at any time by informing us through any preferred method.

Data Retention We are legally required to keep your records for 8 years after your last appointment (or until age 25, if that is longer). After this period, you may request deletion of your records. Otherwise, we may keep them indefinitely to provide continuity of care in the future.

How Your Data Is Stored Your records are kept:

• On paper – Stored in locked filing cabinets within a secure office.
• Electronically (Cloud-based) – Using Care Response, a specialist medical records service that complies with UK GDPR regulations. HIPPA compliant.
• On office computers – These are password-protected, backed up regularly, and secured when not in use.

Who Has Access to Your Data? We will never share your information without your written consent, except where necessary for your treatment or administration. Those with routine access include:

• Your practitioner(s) – To provide your care.
• Cliniko – Our secure medical records provider.
• Administrative staff – Limited to essential contact details for bookkeeping purposes.

In some cases, external consultants may perform administrative tasks that involve accessing your personal data (not medical notes). They will be required to sign confidentiality agreements.

Your Rights Under UK GDPR, you have the right to:

• Request access to the personal data we hold about you.
• Correct any inaccurate information.
• Request deletion of your records (subject to legal retention requirements).

We are committed to handling your data responsibly and ensuring it is only accessed by those who genuinely need it.

If you believe your data is being mishandled, you have the right to complain to the Data Controller. Please contact us using the following details:

Jodi Crawford
Office 54, Pure Offices, 1 Port Solent Way, Port Solent, Portsmouth, PO4 4TY
Phone: 02392 379447
Email: hello@jodicrawford.co.uk

Last Updated: 02/04/2025