Privacy Policy

Name: Cassia Health Ltd
Address: 5, Oxford Court, St James Road, Brackley NN13 7XY
Email address: [email protected]
Company registration Number: 12742879 England & Wales
Director: Sarah Baimbridge MCSP HCPC

Cassia Health Ltd takes your privacy and personal data seriously and is committed to the safe storage of the personal data you provide to us to support your health care with the practice.

This notice will inform you of how we look after your data when you visit our web site or practice and inform you of your rights and how the law protects you.

Purpose of the privacy notice.

This privacy notice aims to provide you, the client, the reader of the website, the employee and any staff within the practice on what data we collect on you, why we require the data , how we process and store any information relating to the provider.

It is important that you fully understand this notice and can contact us with any questions you may have . Please direct any questions or raise any points with Sarah Baimbridge, Director.

Controller

The controller of the data is Cassia Health Ltd

Rights to complain

You have the right to complain to the Information Commissioners Office ( ICO),UK Supervisory authority for data protection issues, https://ico.org.uk.

The Data we collect on you

To be able to collate clinical, staff or carer records we collect personal information ( information whereby the person can be recognised. It does not collect anonymous data ( where the identity has been removed).

We also collect:

  • Contact data; email address, home, work and mobile phone numbers,
  • Identity data; signatory, name ( middle and surname), gender and preferred ‘ known as’, date of birth, occupation, general practitioner, spousal data and emergency contact data.
  • Transactional data: card payment receipt number, how payment was made and date of payment made
  • Healthcare insurance data: Membership and authorisation codes
  • Financial data: for employees/associate team members renumeration- bank details ( accounts and sort codes)
  • Special categories of personal data: health and genetic data to support the clinical record notes.

How is your data collected

We collect your data in the following way:
Direct interactions with our administrators, clinicians, contractors by telephone, email or face to face at the practice. The information you give us will allow us to
a) Create a clinical record to support therapeutic treatment
b) Allow us to correspond with other health care professionals with your agreement and on your behalf
c) Allow us to process financial records for receipt or invoice
d) Liaise with your insurance company
All records are held on ‘Power Diary’.

How we use your data

We will only use your data when we enter into the contractual obligations surrounding
a) Healthcare provision
b) Staff and associate contracts for the provision of services
c) Legal and healthcare statutory requirements for the Health Care Professions Council and …….

Disclosures of your data

Occasionally we may have to share your data with:
a) Human Resources if you are a member of the Cassia Health Team
b) Contacting your GP or secondary care specialist
c) Anyone who you have asked us to contact if you are unwell, need care support, health/sports support.

Data Security

We have chosen secure cloud-based platforms to hold your data as securely as possible. We aim that by using these cloud based platforms your data will be protected from being stolen, lost , accessed in an unauthorised manner, altered or disclosed.
Should any breach of data take place we will contact the appropriate bodies immediately and notify you of the breach, action plan and outcome as we are legally obliged to do so.

Data Retention

How Long do we keep your data for?

By law we are obliged to retain your data for a period of 8 years if the record is a healthcare record and you are an adult.

If you are under 18 years of age, we are obliged to keep the record until your 25th Birthday

If you are a member of the team, we follow the advise of our HR agent but we retain your records for 8 years.

Your legal rights to you data

Under certain circumstances you are entitled to you data under the data protection law in relation to your data

a) Request your personal data
b) Request correction of your data that we hold about you
c) Request erasure of your data
d) Object to processing of your data
e) Request transfer of your data
f) Right to withdrawal consent
Please contact Sarah Baimbridge at [email protected] to make requests concerning you.

Time to respond:

We acknowledge that any request for data must be processed within one month of the request. Occasionally if the request is complex or requires additional administration we may require more time and will notify you of the time response and update you as matters proceed.

OUR LEGAL RIGHTS

You have the right to:

Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

Scroll to Top