Privacy Notice
What is a Privacy Notice?
Under EU wide general data protection regulation (GDPR) you, as a patient have specific rights. To
communicate these rights to you in a clear and concise manner, we are providing you with this
privacy notice. To be able to document and process your personal data, and the GDPR you must give
us explicit consent.
Who Are We?
We are an osteopathic practice trading as Corvus Osteo, who diagnose, treat and rehabilitate health
conditions. This is carried out in accordance with the individual governing body of the sole
practitioner Philip Corbin. Who is insured and is a member of the relevant governing bodies.
Personal Data
We have a legal contractual obligation to collect personal data for the purposes of providing care for
which your explicit consent is given during the process of history taking. As a practitioner I may
require detailed medical information. I will only collect what is relevant and necessary for your care.
Under the terms of GDPR the legal basis for the practice to hold personal data is described by article
9 paragraph 2(h). This data is always held securely and is not shared with anyone not involved with
your care. For data storage purposes non-medical pre-vetted staff who have signed a GDPR
processor agreement may handle some of that data. We may use your contact details to remind you
of future appointments, or other information concerning your treatment. In making initial contact
with Corvus Osteo we will keep your contact details unless you do not attend the clinic and then this
information will be destroyed/deleted in one month.
Sharing Your Personal Data
We do not share your personal data with anyone. We may have to use some of your data to
communicate on your behalf with your insurance company these providers are deemed as
processors and we have a contract with them to ensure your data is secure. We may also share your
medical data with external treatment providers such as your GP or medical consultant, this will be
with your explicit consent only.
Retaining Your Personal Data
Corvus Osteo will process personal data during the duration of any treatment and will continue to
store only the personal data needed for eight years after the contract has expired to meet any legal
obligations. After eight years all personal data will be destroyed/deleted, unless basic information
needs to be retained by us to meet our future obligations to you, such as erase your details. Records
concerning minors who have received treatment will be retained until the child has reached the age
of 25. Parental consent is obtained prior to the commencement of treatment of minors.
Data Storage
All data is held physically in the United Kingdom and Corvus Osteo does not store personal data
outside the EEA.
Your Rights
At any point whilst Corvus Osteo is in possession of, or processing your personal data, all data
subjects have the following rights; Right of access – you have the right to request a copy of the
information we hold about you – you can make a subject access request and you will need to
provide identification. There is no charge for this. Please ask at reception if you require more
information. Right of rectification – you have the right to correct data that we hold about you that is
inaccurate or incomplete. Right to be forgotten – in certain circumstances you can ask for the data
we hold about you to be erased from our records. Right of restriction of processing – where certain
conditions apply you have the right to restrict the processing. Right of portability – you have the
right to have data we hold about you transferred to another organisation. Right to object – you have
the right to object to certain types of processing such as direct marketing. Right to object to
automated processing, including profiling – we don’t do this at Corvus Osteo.
Data Breaches
Should your personal data that we control be lost, stolen or otherwise breached, whether this
constitutes a high risk to your rights and freedoms, we will contact you without delay. The breach
will be dealt with by our Data Protection Officer (details below), who will explain to you the nature
of the breach and the steps we are taking to deal with it.
Complaints
In the event that you wish to make a compliant about how your personal data is being processed by
Corvus Osteo you have the right to complain to us. If you do not get a response within 30 days you
can complain to the ICO. ICO Wycliffe House, Water lane, Wilmslow, SK9 5AF Telephone +44 (0) 393
1231113 or email: https://ico.org.uk/global/contacts-us/email/. Data Protection Officer at Corvus
Osteo is Philip Corbin.