GDPR Patient Privacy Policy

Purpose of this privacy notice

This privacy notice aims to give you a summary of how Eastleigh Chiropractic Centre collects and processes your personal data during and after your time as a patient under General Data Protection Regulations (GDPR). The Eastleigh Chiropractic Centre is the controller and responsible for your personal data (collectively referred to as "Eastleigh Chiropractic Centre", "we", "us" or "our" in this privacy notice). Name or title of Data Privacy Manager: Robert Wilson, Chiropractor, Eastleigh Chiropractic Centre,  52 Leigh Road, Eastleigh, Hampshire, SO50 9DT, Tel: 02380616069.

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (

Data Protection Principles

In relation to your personal data, we will comply with data protection law. This says that the personal information we hold for you must be:

  •   Processed fairly, lawfully and in a clear, transparent way.

  •   Collected only for valid reasons that we find proper for the course of your time as a patient and not used in any way that is only

         compatible with those purposes

  •   Only used in the way that we have told you about

  •   Kept accurate and up to date

  •   Kept only as long as is necessary for the purposes we outline

  •   Process it in a way that ensures it will not be used for anything that you are not aware of or have consented to, lost or destroyed

  •   Kept securely

The data we collect about you

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together follows:

  •   Identity Data includes title, first name, last name, date of birth and gender.

  •   Contact Data includes email address, home address, billing address and telephone numbers.

  •   Special Category Data includes information about your health and past medical history. Letters of referral to or from the clinic regarding

          your treatment with us. Information concerning examination and treatment at your first and subsequent visits.

  •    Financial Data includes bank account, electronic bank transfers and payment card details.

  •   Transaction Data includes details about payments to and from you and other details of products and services you have purchased from 


How is your personal data collected?

We use different methods to collect data from and about you including through:

  •    Direct interactions. You may give us your Identity, Contact, Special Category and Financial Data when you become a patient.

  •    Third parties. We may receive personal data about you from various third parties and public sources such as referrers who may provide      us with Special Category data to facilitate your treatment with us, insurance companies and solicitors.

Purposes for which we will use your personal data

  •   Performance of our contract with you

  •   To register you as a new patient or take steps to register you as a new patient.

  •   To comply with our obligations under our contract, namely to provide you with the necessary and appropriate treatment.

  •   Legitimate interests

  •   To collect and recover money owed to us.

  •    Legal or regulatory obligation

  •    We also rely on the legal or regulatory obligation ground to process your data in some circumstances.

Change of purpose

We will only use your personal information for the purposes for which we collected it unless we reasonably consider that we need to use it for another reason and that the reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.


Conditions under which we process your special category data 

To process your special category we rely on the contractual ground and also the special condition which allows health professionals to process the data for the purposes of preventative or occupational medicine, and the provisions of health care treatment.

Disclosures of your personal data

We may have to share your personal data with the parties set out below:

  •  Professional healthcare practitioners including x-ray reporters to report on x-rays, to facilitate a referral, to keep your GP informed and any

        locum chiropractors working for us to facilitate your continued treatment.

  •  Service providers based in UK who provide IT and system administration services.

  •  Professional advisers including lawyers, bankers, auditors and insurers based in the United Kingdom who provide consultancy, banking,

        legal, insurance and accounting services.

  •  HM Revenue & Customs, regulators and other authorities based in the United Kingdom who require reporting of processing activities in

        certain circumstances.

  •  Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets.


Data security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. All information provided will be treated as confidential and data will only be accessible to staff of the clinic only where it is necessary for them to undertake their duties.

Data retention

We will only retain your personal data securely in either paper files or electronically for as long as you the patient remains a patient of the clinic, and thereafter for a period of eight years. Personal data is stored securely in lockable storage boxes and electronically encrypted on computer on the data controller’s personal premises. Once we no longer have a lawful use for retaining your information, we will dispose of it in a secure manner that maintains data security.

Your duty to inform us of changes

It is important that the personal data we hold for you is accurate and current. Please keep us informed if your personal information changes during your time as a patient with us.

Your legal rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data.


  • Request access to your personal information (commonly known as a "data subject access request").

  • Request correction of the personal information that we hold about you.

  • Request erasure of your personal information.

  • Object to processing of your personal information where we are relying on a legitimate interest.

  • Request the restriction of processing of your personal information.

  • Request the transfer of your personal information to another party.

  • Withdraw consent at any time where we are relying on consent to process your personal data.




You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee for a second or subsequent copy of information or if your request for access is clearly unfounded or excessive. Alternately, we may refuse to comply with the request in such circumstances.


If you would like to exercise any of the above rights, please contact Data Controller in writing at the clinic’s address.