Your privacy is of the utmost importance to us. Here’s how we take care of your data at the Women’s Wellness Centre (WWC).
Why does WWC need to process personal data?
We use personal data to provide services to our patients, which includes medical records with past and current data.
What types of data are processed at WWC?
- Names, addresses, phone numbers, email addresses and other contact details
- Medical records, consultation letters, pathology and blood test results, and ultrasound reports
- Financial information recorded on our database
- CCTV recordings (in public areas only)
- Consent forms
How does WWC collect data?
- New and existing patient registration forms
- Referral letters, both external and internal
- Insurance companies
- Feedback forms
Who has access to personal data?
- Staff at WWC, including your doctors
- Your GP, if you have given us written consent to share your medical records with them
- The Care Quality Commission (CQC), the healthcare regulatory body
- Government authorities
How does WWC protect personal data?
We take our duty of care and legal obligations very seriously. We only share personal patient data with Local Authority Designated Officers or police if we believe it is necessary to report any safeguarding concerns. We do this in line with current General Data Protection Law (GDPR) regulations.
We never transfer your personal data to external organisations, such as hospitals, GPs and independent doctors, without your written consent and request.
Discarding, deleting and removing personal data
We never discard, delete or remove your personal data without your consent. When we do so, it is done in compliance with General Data Protection Law (GDPR) guidelines.
How does WWC process personal data with third parties?
In line with General Data Protection Law (GDPR), some of WWC’s processing activities are carried out by third parties, such as IT systems, web developers and cloud storage providers.
Wherever possible, our contracts with these third parties explicitly assure that personal data will be kept securely and only in accordance with WWC’s specific directions.
How long does WWC keep personal data?
As a healthcare provider, we’re obliged to hold medical records for eight years and ultrasound images and reports for 25 years.
What are my rights of access?
Under data protection law, you have the right to access and understand any personal data that WWC holds for you. You can always ask for it to be deleted or amended, have it transferred to another clinic, or for us to stop processing it, subject to certain exemptions.
We’ll respond to your written request within 30 days. If we are unable to comply with your wishes, we’ll explain why, in writing.
Do I have to give consent to have my data processed by WWC?
By law, we are required to obtain your consent to process your personal data, and you can withdraw your consent at any time. However, we reserve the right to process your personal data based on lawful reasons without your consent.
How does WWC keep my data accurate?
We will always endeavour to make sure that all personal data we hold is as up to date and accurate as possible. Please do tell us about any significant changes to your personal information, such as contact details.
Can WWC transfer personal data outside the EU?
We’ll need a written request before we can transfer data to a country outside the EU. We’re not able to take responsibility for any breach of data protection outside the European Economic Area.
Is this policy reviewed?
- The General Data Protection Regulation (GDPR)
- The Data Protection Act 2018
- The Protection of Freedoms Act 2012 (CCTV)
- The Privacy and Electronic Communications Regulations 2011 (PECR) – to continue after 25th May 2018 until replaced by the ePrivacy Regulation
How do I lodge a data-related complaint?