Privacy and Consent

This notice is to explain why Oxford Acupuncture collects your personal data, and what we do with it.

The information you share with us is treated as confidential. We do not share information between practitioners unless it is with your explicit consent, and this would only be to help joint working.

Heather Davidson also teaches at the College of Integrated Chinese Medicine in Reading (http://www.acupuncturecollege.org.uk/). To enable the education of future practitioners, patient information may be shared anonymously for teaching purposes. The clients whose cases are discussed in this way will always first have been requested to give consent for their cases to be used for teaching purposes.

In terms of safeguarding the information you share with us, we work in accordance with the newly revised General Data Protection Regulation (GDPR). Terms from the act are indicated in bold below.

When you supply your personal details, when we communicate by text or email, and when we take notes in the clinic, this information is stored and processed for 3 reasons in line with GDPR:

1. We need to collect personal information about your health in order to provide you with the best possible treatment. Your requesting treatment and our agreement to provide that care constitutes in law an (unwritten) contract.
2. We have a legitimate interest in collecting that information, because without it we couldn’t practice our professional disciplines effectively and safely.
3. We keep records of your contact information because we think that it is important that we can contact you in order to confirm your appointments with us or to update you on matters related to your care. This again constitutes a legitimate interest, but this time it is your legitimate interest.

We have a professional obligation to retain your records for 7 years after your most recent appointment (or 7 years after you have reached age 25, if this is longer), but after this period you can ask us to delete your records if you wish, but in most cases we will delete records before ten years has elapsed.

You have the right to see what personal data of yours we hold, and you can also ask us to correct any factual errors. We are legally required to respond to any request from a client to see their personal data within a timescale of 30 days. However, we would ensure that we responded as soon as we possibly could to any reasonable request for access to personal records. Any access request may be subject to a fee of £10 to meet our costs in providing you with details of the information we hold about you.

Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail.

Questions, comments and requests regarding this privacy policy are welcomed and may be addressed to us via our Contact form.

We will do everything we can to make sure that the only people who can access your clinical information have a genuine need to do so. Of course, if you feel that we are mishandling your personal information in any way, then you have the right to complain. Please first raise your concern with us, as we hope very much we will be able deal with any concerns you might have. However, you can also raise a concern directly with the Information Commissioner’s Office on https://ico.org.uk/concerns/