What is a Privacy Notice?
Under data protection law you, as client of reCentre Health Limited, have specific rights. To communicate these rights to you in a clear and concise manner, we are providing you with this privacy notice.
In accordance with the General Data Protection Regulation (GDPR), we have implemented this privacy notice to inform you of the types of data we process about you. We also include within this notice the reasons for processing your data, the lawful basis that permits us to process it, how long we keep your data for and your rights regarding your data.
Who We Are
We are reCentre Health Limited, 260 Balham High Road, London, SW17 7AN, telephone number: 020 8672 4455, email address: info@recentre-health.co.uk. For the purposes of processing your personal data we are the Controller.
The Personal Data We Process and What We Do with It
We keep several categories of personal data about you in order to provide you with our services. We store this data in a cloud-based client management system and may also keep hard copies of registration forms and medical records.
Specifically, we may hold the following types of data:
- personal details such as name, address, phone numbers
- your gender
- marital status
- details of next of kin / family members
- medical history and health data
- credit card details (in encrypted format)
We will communicate with you by email and / or text message in relation to the services we provide to you, this may include information such as bookings confirmations and reminders, purchase receipts and forgotten login details.
Lawful Basis for Processing
The law on data protection allows us to process your data for certain reasons only. We process your data in order to perform the contract we have with you to provide you with our services.
Special Categories of Data
Health data is a special category of data. We may need to process your health data in order to fulfil our obligations in the performance of the contract.
Failure to Provide Data
Your failure to provide us with data may mean that we are unable to fulfil our requirements for entering into a contract with you or performing the contract that we have entered into.
Sharing your personal data with third-party service providers and international transfers
To provide our healthcare services, manage appointments, maintain clinical records, process payments, administer insurance claims, communicate with you and support our business operations, we use trusted third-party service providers who process personal data on our behalf.
These providers may include services for clinical record management, appointment scheduling, exercise and rehabilitation support, payment processing, insurance administration, communications, IT systems and other operational functions.
Some of these providers may process personal data outside the United Kingdom (UK) and European Economic Area (EEA), including in countries such as the USA, Canada and Australia. Where this occurs, transfers are necessary for the performance of our contract with you and to enable us to provide our services.
Where personal data is transferred internationally, we ensure appropriate safeguards are in place in accordance with UK data protection legislation.
We carefully select third-party providers and require them to maintain appropriate technical and organisational security measures, confidentiality obligations and compliance with applicable data protection laws.
Retaining Your Personal Data
Whilst you are client or patient of reCentre Health Limited we will continue to store and use your personal data.
We will retain your personal data for the following periods:
- Clinical notes and client records – for a period of not more than 25 years following your last visit.
- Emails – for a period of 3 months. If the email is concerning insurance matters these are retained for a period of one year or until the issue is resolved.
Limited information may be retained within our accounts systems indefinitely to maintain the integrity of the data.
Automated Decision Making and Profiling
We do not use any system which uses automated decision making or profiling in respect of your personal data.
Your Rights
As we process your personal data, you have certain rights. These are a right of access, a right of rectification, a right of erasure and a right to restrict processing.
- You may request a copy of your data at any time. Please make such a request in writing or by email to us, at the address shown above. Please provide the following information: your name, address, telephone number, email address and details of the information you require.
- If you believe any of the personal data we hold on you is inaccurate or incomplete, please contact us directly and any necessary corrections to your data will be made without undue delay.
- If you believe we should erase your data, please contact us, at the address shown above.
- If you wish us to stop storing or using your data, please contact as, at the address shown above.
- Where you have provided explicit consent for us to use your data you have a right to withdraw this consent at any time.
Data Breaches
Should your personal data that we control be lost, stolen or otherwise breached, where this constitutes a high risk to your rights and freedoms, we will contact you without delay. We will give you the contact details of the person who is dealing with the breach, explain to you the nature of the breach and the steps we are taking to deal with it.
Should You Wish to Complain
If you think your data rights have been breached, you are able to raise a complaint with the Information Commissioner (ICO). You can contact the ICO at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF or by telephone on 0303 123 1113 (local rate) or 01625 545 745.