privacy policy

effective data

Chiro Y Cwm is deeply committed to protecting your privacy and handling your data with the utmost care, transparency, and security. This Privacy Policy outlines how we collect, use, store, and protect your personal information in full accordance with the UK General Data Protection Regulation (UK GDPR) and other applicable data protection laws.

Who we are

Chiro Y Cwm is a chiropractic service based in Carmarthenshire. For the data protection law, we are the “data controller” of your personal information, meaning we determine the purposes and means of processing your data.

Contact Details:

📧  info@chiroycwm.com

🏡  Evolution Health & Fitness Centre, Heol Nantyreos, Cross Hands, Llanelli, Dyfed, SA14 6RJ

What information do we collect?

  • Contact Information: Your full name, email address, phone number, and postal address.

  • Appointment Details: Information related to your bookings, including date, time and type of treatment.

  • Health Information (Special Category Data): Detailed health and medical history, symptoms, diagnoses, treatment plans, and progress notes, which you provide during consultations, physical examinations, and through health questionnaires. This is considered 'special category data' under UK GDPR and is treated with the highest level of confidentiality and security.

  • Payment Information: If you make online payments, we may process transaction details. However, we do not store your full payment card details directly; secure, third-party payment processors handle these.

  • Website Usage Data: Information collected automatically when you visit our website, including your IP address, browser type, operating system, referring pages, pages viewed, and the time spent on our site. This is collected through cookies and analytics tools. Please refer to our separate Cookie Policy for more details.

  • Communication Data: Records of your communications with us via email, phone, or in person.

How do we collect your information

We collect your data through various channels:

  • Directly from You: When you:

    • Book an appointment (via our website, phone, email, or in person).

    • Fill out our contact forms or health questionnaires.

    • Communicate with us via email, phone, or in person.

    • Provide information during your chiropractic consultations and treatments.

  • Automatically: When you use our website, through cookies and analytics technologies (as detailed in our Cookie Policy).

Why we collect your data

We process your data for the following purposes, based on the specified lawful bases under UK GDPR:

  • To Schedule and Manage Appointments:

    • Lawful Basis: Performance of a contract (to provide the services you requested).

  • To Respond to Enquiries and Communications:

    • Lawful Basis: Legitimate Interests (to effectively manage our customer relationships and provide good service) or Consent (for general enquiries where no contract exists).

  • To Maintain Clinical Records and Provide Healthcare:

    • Lawful Basis: Legal Obligation (e.g., compliance with General Chiropractic Council requirements and healthcare legislation) and processing is necessary for the provision of health or social care or treatment under a contract with a health professional (Article 9(2)(h) UK GDPR). Where required, we will also rely on your explicit consent for the processing of your health data.

  • To Process Payments for Services:

    • Lawful Basis: Performance of a contract and Legitimate Interests (for financial administration).

  • To Improve Our Website and Services:

    • Lawful Basis: Legitimate Interests (to understand how our website is used and enhance user experience and service offerings).

  • To Comply with Legal or Regulatory Obligations:

    • Lawful Basis: Legal Obligation (e.g., tax, accounting, or regulatory reporting requirements).

sharing your data

We value your privacy and do not sell your personal data to any third parties. We may share your data, where necessary and with appropriate safeguards, with the following categories of recipients:

  • Appointment Booking & Practice Management Platforms: Such as Jane App, which securely manages our patient scheduling and clinical records.

  • Professional Advisers: Including our insurers, legal teams, and accountants, for professional advice and compliance.

  • IT Service Providers: Companies that provide us with IT support, data hosting, and cybersecurity services.

  • Payment Processors: Secure third-party services that handle online payment transactions.

  • Regulatory Bodies & Law Enforcement: If legally required, or to comply with a court order or other legal process.

Any third parties we work with are carefully selected and are required to comply with strict data protection standards. They are also required to enter into data processing agreements (DPAs) where legally required, ensuring that they protect your data in line with the UK GDPR.

International Data Transfers: In some cases, our third-party service providers may process data outside the UK or the European Economic Area (EEA). Whenever this occurs, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses, to guarantee that your data receives the same level of protection as it would within the UK/EEA.

Your rights

Under UK GDPR, you have the following important rights regarding your personal data:

  • Right to Access: To request a copy of the personal data we hold about you.

  • Right to Rectification: To request the correction of inaccurate or incomplete personal data we hold about you.

  • Right to Erasure (Right to be Forgotten): To request the deletion of your personal data, in certain circumstances.

  • Right to Restrict Processing: To request that we limit the way we use your personal data, in certain circumstances.

  • Right to Object to Processing: To object to our processing of your personal data, in certain circumstances (e.g., for direct marketing).

  • Right to Data Portability: To receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller, where processing is based on consent or contract and carried out by automated means.

  • Right to Withdraw Consent: Where we rely on your consent to process your data, you have the right to withdraw that consent at any time.

To exercise any of these rights, please contact us using the details provided in Section 1 ("Who We Are"). We will respond to your request within one month.

Right to Lodge a Complaint: If you are not satisfied with how we have handled your personal data, you have the right to complain to the Information Commissioner’s Office (ICO). You can contact the ICO at:

  • Website: www.ico.org.uk

  • Phone: 0303 123 1113

Security

We are committed to ensuring the security of your personal data. We implement robust technical and organisational measures, including encryption, access controls, secure storage solutions, and regular security assessments, to protect your information from unauthorised access, disclosure, alteration, or destruction. Access to your personal data is strictly limited to authorised personnel who have a legitimate business need to access it.

third-party links

Our website may include links to third-party websites (e.g., Jane App for bookings). Please be aware that we are not responsible for the privacy practices or content of these external sites. We strongly recommend that you review the privacy policies of any third-party websites you visit.

changes to this policy

We reserve the right to update this Privacy Policy from time to time to reflect changes in our practices or for legal, regulatory, or operational reasons. The latest version will always be posted on our website, accompanied by a revised "Effective Date." We encourage you to review this policy periodically.