Information Governance and Data Management Policy
Privacy Notice
​
About this notice
Clyde Consulting Rooms (“CCR”) takes the privacy of personal data seriously and we are committed to the security of, and transparency around, how we handle personal data. This notice is intended to inform you about the types of personal data we process, how we collect it and our legal bases for doing so. It also informs you of your rights in relation to personal data we may hold about you and how you can contact us should you have any queries or concerns about this. CCR complies with the Data Protection Act 2018 and General Data Protection Regulations (GDPR). CCR also aims to update its policies in line with all relevant UK legislation.
About us
When we refer to ‘CCR’ or ‘we’ (or ‘our’ or ‘us’) we are referring to Clyde Consulting Rooms, a trading name of Medicolegal Scotland Limited (Company Number SC525705). The registered address of Medicolegal Scotland Limited is 16 Robertson Street, Glasgow G2 8DS. For UK and European data privacy purposes when we act as a controller of personal data, we do so as Medicolegal Scotland Limited (registration number ZA827043).
​
How we collect your data
We obtain personal data only directly; for example, directly from our patients when they engage with us for clinical services, directly from our suppliers and other business partners in the course of normal commercial interactions to procure goods and services from them. We do not obtain personal data indirectly from third parties.
What personal data we process and why
We process personal data in respect of the following broad categories of individuals:
-
Patients;
-
Suppliers; and
-
Other business partners.
Patients
Personal data that we collect from you directly is used only in the course of delivering goods and services to you. We will only collect data from you that is relevant to the service, or the goods, being delivered. This may include some or all of the following:
-
Identification and contact data (name, address, telephone number, email address etc).
-
Other personal details that may be considered relevant during the course of our consultations and aural and/or audiological assessments with you;
-
Physical health data relevant to aural and/or audiological assessment, rarely, mental health date only if considered relevant to our nursing and/or audiological assessment.
-
Physical health date that we generate with you (health records, audiograms and other records of hearing tests and aural assessments); and
-
Financial information (bank details, card payment etc) for the payment of good and services delivered.
​
We will add your name, email and postal address to our mailing list unless you tell us not to (see ‘Marketing’ below). We consider our lawful basis for processing the types of personal data above to be the fulfilment of our contract with you to deliver goods and/or services to you.
If you have given us your email address, we will only use that to communicate with you specifically in relation to matters to do with you as a patient. We will not use your email for marketing without your consent.
Your health data
We recognise your health data as ‘Special Category Data’ and as such we take extra special care to protect that. Your health data is protected internally and only practitioners at CCR that have a valid reason to see your health data can do so. Except for data processed within our Clinic Management Systems we do not share your data with any external third parties, unless there is a medical requirement to consult with another medical professional, in which case you would be informed, and your data would be shared and handled securely at all times.
We may, as part of ongoing and agreed treatment plans contact patients using their personal data to inform you of forthcoming appointments. Your data is stored electronically via our Clinic Management Systems in order to provide effective services to you. Your data is managed securely and in accordance with GDPR rules.
How long do we keep your data?
We will retain data for as long as is necessary having regard to the purpose for which it was collected and in accordance with all applicable UK laws. Thereafter we will only retain your data if we have a continuing legal requirement to do so. For example, Health information may need to be retained for a period after you have ceased to be a CCR patient in order to fulfil our obligations to the NHS, regulatory or similar bodies, and financial details in relation to payments for goods and services must be kept for six years as dictated by HMRC. You also have the right, under UK Data Protection legislation, to formally request that you wish your data to be removed from our systems (see destruction of records and the end of this notice for further details).
Our documentation which includes client notes are stored electronically on our patient management system, our patient consent forms are signed in paper form, the document is then scanned onto our blueprint system under client documents, the paper copy is immediately destroyed.
Destruction of records
In compliance with Scottish law, your medical records will be held for 6 years after you ask for your records to be removed and 3 years following your death. On both all of our clinic management systems you will be marked inactive.
Marketing
From time to time, we may contact our existing patients to bring them up to date with our commercial offering. We do this as a way to keep you informed about our products and services at CCR. For this we will use your name, email/postal address. We have a legitimate interest in marketing our services as a normal and expected activity of running a business, and we make every effort to do this in the most informative way and with the minimum amount of intrusion. You have the right to opt out of receiving all marketing communications by the unsubscribe option on the email, or in writing or by email to:
enquiries@clydeconsultingrooms.com
Note: opting out of marketing activity will not put your clinical care at risk, CCR will continue to make patients aware of upcoming appointments or any other information pertaining to your well being.
Who is your personal data shared with?
We may disclose your data to our affiliated organisations and subsidiaries, and to service providers who render services to us or you on our behalf (all of which are contractually obligated to act only on our instruction and in accordance with applicable data protection laws, including GDPR). We may also disclose your information if required by law, requested by law enforcement authorities or to enforce our legal rights; for example, HMRC have the right to inspect our records for TAX and VAT compliance purposes.
Specifically, we will always share your data on request should it be requested by any of our professional regulators. e.g. HCPC The Health and Care Professions Council
Your rights
CCR recognises that your personal data belongs to you, and we do our best to use it in ways that you are happy with.
You can control whether or not you receive marketing emails from CCR by letting us know directly. You can either write to us or send us an email to:
enquiries@clydeconsultingrooms.com
You also have a range of rights depending on our use of your data:
-
You can ask us for a copy of the information we have about you;
-
You can ask us to correct any incorrect data we have about you;
-
You can ask us to delete your data;
-
You can ask for your data in common, machine-readable format;
-
You can object to any processing we do on the basis of legitimate interests; and
-
You can ask us to restrict the processing of your data.
You can exercise any of these rights by contacting us in either writing or by email to:
enquiries@clydeconsultingrooms.com
We will acknowledge your request and let you know the next steps. In most cases we will need to verify your identity before actioning your request.
Your right to lodge a complaint
You have the right to lodge a complaint with the UK Information Commissioner’s Office (https://ico.org.uk/) or the supervisory authority in your country of residence or place of work.
​
​
CCR Complaints Policy
​
Statement:
​
At CCR we take complaints very seriously and try to ensure that all patients are pleased with our service. When patients complain, they can expect to be dealt with courteously and promptly so that the matter can be resolved as quickly as possible.
Aims:
​
-
to react to complaints in the way which we would want our own complaints about a service to be handled; and
-
to make a point of learning from every mistake and we respond toward our patients concerns in a caring and sensitive way.
The person responsible for dealing with any complaints about our service is our Practice Manager.
Our responsibilities:
​
We will ensure:
-
Complaints are dealt with efficiently and are properly investigated.
-
Complainants are treated courteously, fairly, expeditiously, appropriately and are informed of the outcome of the investigation of their complaint.
-
Action is taken in the light of the outcome of the investigation if any is necessary.
Procedure for Managing Complaints:
If we receive a verbal complaint, we will listen to the complainant and offer to refer them to the Practice Manager immediately. The member of staff receiving the complaint will take some brief details of the complaint to pass the information on.
In the event that the Practice Manager is not available immediately, the patient will be contacted by telephone within 48 hrs of the complaint being made. If the Practice Manager is not available within this 48-hour period, the complaint will be passed to Stuart Robertson, Director of Medicolegal Scotland Limited to be actioned.
If a patient complains in writing, the letter will immediately be passed to the Practice Manager. We will acknowledge the patient’s complaint in writing and enclose a copy of this code of practice as soon as possible. Normally, a patient can expect to receive this acknowledgement in 5 working days. We will seek to investigate the complaint within 10 working days of the complaint being received to give a written summary of the investigation and its conclusions.
If the patient does not wish to meet with the Practice Manager, then an attempt will be made to engage with the complainant by telephone. If it is not possible to investigate the complaint within 10 working days, the Practice Manager will notify the patient, giving reasons for the delay and a likely period within which the investigation will be completed. The Practice Manager will confirm the decision of the complaint in writing to the patient immediately after completing our investigation.
Proper and comprehensive records will be kept by the Practice Manager of any complaint received.
If the complainant is not satisfied with the results of our local attempts to resolve any issues, then he or she may refer to the following bodies for an independent review of the complaint:
Private Healthcare Information Service
11 Cavendish Square
London
W16 0AN
Tel no: 0203 479 3810
PHIN - Contact the Private Healthcare Information Network (PHIN)
Email: info@phin.org.uk
General Medical Council
Regent’s Place
London
NW1 3JN
0161 923 6602
https://www.gmc-uk.org/concerns/raise-a-concern-about-a-doctor
Healthcare Improvement Scotland is the regulator for independent healthcare services across Scotland and can accept complaints at any time from a complainant. Contact details are:
Healthcare Improvement Scotland
Independent Healthcare Team
Gyle Square
1 South Gyle Crescent
Edinburgh
EH12 9EB
Tel No: 0141 225 6999
Email: his.ihcregulation@nhs.scot