Privacy Policy

Privacy Policy for MDOsteo

Effective Date: 01/06/2024 
Last Updated: 27/01/2025 

At MDOsteo, your privacy is important to us. This Privacy Policy explains how we collect, use, and protect your personal information in compliance with the General Data Protection Regulation (GDPR) and other applicable laws.

Who We Are

MDOsteo is an osteopathy clinic operating in Morden and Wallington, providing healthcare services to promote your well-being. For the purposes of data protection law, we are the data controller of the personal information you provide to us.

What Information We Collect

We may collect the following categories of personal information:

  1. Contact Information

    • Name
    • Address
    • Phone number
    • Email address

  2. Health Information

    • Medical history
    • Current health conditions
    • Treatment notes
    • GP or other healthcare provider details (if necessary)

  3. Payment Information

    • Bank details or card payment data (processed securely through third-party payment processors)

  4. Website Usage Information (if applicable)

    • IP address
    • Cookies and browsing activity on our website

How We Use Your Information

We collect and use your personal information for the following purposes:

  • To provide osteopathy treatments and related healthcare services.
  • To manage appointments and communicate with you about your care.
  • To comply with legal and regulatory requirements.
  • To process payments for our services.
  • To improve our website and services through analytics (if applicable).

Legal Basis for Processing

Under GDPR, we process your personal information based on the following lawful grounds:

  1. Consent – When you provide explicit consent, such as agreeing to treatment or opting in to marketing communications.
  2. Contractual Necessity – To deliver the services you have requested.
  3. Legal Obligations – To comply with regulatory and legal requirements, including maintaining medical records.
  4. Legitimate Interests – For purposes related to the improvement of our services or communications with you, provided such interests are not overridden by your privacy rights.

How We Share Your Information

We may share your personal data only when necessary, including:

  • Healthcare Professionals: If a referral to another healthcare provider is required, we will seek your consent before sharing your information.
  • Service Providers: Third-party providers who assist us with payment processing, IT support, or email communications.
  • Legal and Regulatory Bodies: If required by law or for regulatory compliance.

We do not sell or rent your personal information to third parties.

How We Protect Your Data

We take the security of your personal data seriously. Measures we employ include:

  • Encryption of sensitive information.
  • Secure access controls and password-protected systems.
  • Regular staff training on data protection.
  • Routine audits of our data handling practices.

How Long We Keep Your Data

We retain personal data only as long as necessary for the purposes outlined in this policy, including:

  • Medical Records: Retained for a minimum of 8 years following the last appointment, or longer if required by law.
  • Financial Records: Retained for at least 6 years for tax and accounting purposes.

After the retention period, your data will be securely destroyed or anonymized.

Your Rights

Under GDPR, you have the following rights regarding your personal data:

  1. Access: Request a copy of your personal data.
  2. Rectification: Request corrections to inaccurate or incomplete data.
  3. Erasure: Request deletion of your data where applicable.
  4. Restriction: Request limitations on how your data is processed.
  5. Portability: Request a copy of your data in a machine-readable format.
  6. Objection: Object to processing based on legitimate interests.
  7. Withdraw Consent: Withdraw your consent for processing at any time.

To exercise these rights, please contact us using the details below.

Contact Us

If you have questions or concerns about this Privacy Policy or how we handle your data, please contact us at:

MDOsteo


Email: info@mdosteo.co.uk
Phone: 02031466531

Lodging a Complaint

If you are dissatisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) in the UK:

Website: www.ico.org.uk
Phone: 0303 123 1113

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted on our website with a revised “Effective Date.” We encourage you to review this policy periodically to stay informed.

By using our services, you acknowledge that you have read and understood this Privacy Policy.

Get In Touch