This privacy notice was last updated on 26.05.2021.
The Miller's Way Project is committed to complying with the provisions outlined in the General Data Protection Regulation and the Data Protection Act 2018. Looking after the personal information you share with our organisation is very important and we want you to be confident that your personal data is kept safely and securely.
The information outlined below will help you to understand:
How and why we collect information from you;
Whom we share your information with, if anyone, why and on what basis; and
What your rights are in relation to managing the personal data that is held by us.
By using this website you signify your acceptance of this policy. If you do not agree to this policy, please do not use our website. Your continued use following the posting of changes to this policy will be deemed your acceptance of those changes.
1. Who are we and how can you contact us?
The Miller's Way Project provides a wide range of health services which are provided to clients who book personally or through the Millers Way Website. The health services include (but are not limited to) Acupuncture, Massage, Osteopathy, Physiotherapy, Herbal Medicine, Yoga, Pilates, Movement, Qi Gong and Self defence.
The Miller's Way Project is responsible for processing the personal information you provide to us in a secure and fair manner and in accordance with the new EU General Data Protection Regulations that come into force on 25th May 2018. and is registered with The UK Information Commissioner’s Office (ICO) under the UK Data Protection Act 1998.
Your request will be directed to the appropriate The Miller's Way Project member. Please allow 3 working days for a response.
You have the right to tell us if you:
Do not want to be contacted in the future by us.
Would like a copy of the personal information which we hold about you.
Would like us to correct, update, or delete your personal information in our records.
Wish to report any misuse of your personal information.
To assist us in dealing with your request, please provide your full name and details.
You have key rights over how your data is used and stored by us. These are known as your ‘Data Subject Rights’. You can read more about them on the Information Commissioners website – www.ico.org.uk.
2. What information do we collect?
At your time of booking, we collect your contact information and details of why your booking our services i.e. your appointment details.
If you sign-up to our newsletter, we will keep your contact details.
When relevant we will send out a form to gather additional information that is relevant to your upcoming therapy appointment or class.
At the time of your appointment we will collect personal information in relation to your health concern.
3. What do we use your personal information for?
To respond to customer inquiries and provide more information about our products and services, when requested to enable us to:
Communicating with you through e-mail, SMS, or other electronic methods.
Administer and manage your account(s) and send you updates and relevant information.
Answer questions you have submitted to us and respond to your requests.
Improve our systems and security through testing (to ensure security when updating systems), data processing, website administration, and Information Technology system support and development.
Manage fraud, operational, and security risks to safeguard your information.
Comply with laws and regulations.
Submitted information: to provide and tailor Services directly to you and communicate with you;
Provide information, products, and services you request, or (with your consent) which we think may interest you.
We comply with our obligations under the GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data. We use your personal data for the purposes set out below.
Sections 1 – 15 apply to our patients, prospective patients, former patients and visitors to our clinic
1. We use your name, address, telephone number and email address to make, remind and rearrange appointments. We are unable to send or receive encrypted emails so you should be aware that any emails we send or receive may not be protected in transit. We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send us is within the bounds of the law.
2. We use your name, address, telephone number and email address, only if we have your explicit consent, to send you marketing materials. We are unable to send or receive encrypted emails so you should be aware that any emails we send or receive may not be protected in transit. We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send us is within the bounds of the law.
3. Some patients and prospective patients return pre- 1st appointment questionnaires or tell us about their medical conditions and medication by email or online enquiry forms. We are unable to send or receive encrypted emails so you should be aware that any emails we send or receive may not be protected in transit. We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send us is within the bounds of the law.
4. We keep a permanent attendance register which records all appointments for patients attending our clinic to keep a record of when you were treated for tax purposes and to secure potential evidence in the event of a criminal prosecution, civil litigation, insurance claim or complaint to my regulatory body, the British Acupuncture Society or British Acupuncture Council or British Acupuncture Association.
5. We may use your date of birth to help identify patients with the same name to avoid mistakes being made as to safe and appropriate treatment, for identification purposes if referring a patient to another health practitioner, and for identification purposes if writing to a registered medical practitioner so that they correctly identify the patient.
6. We use your presenting complaint and symptoms reported by you for the purposes of making a full traditional diagnosis, formulating treatment strategy and treatment planning.
7. We use any relevant medical and family history you have told us for making a full traditional diagnosis, formulating treatment strategy and treatment planning.
8. We use your GP’s name and address in the event that we need to contact your GP including in an emergency.
9. We use our clinical findings about your health and wellbeing for making a full traditional diagnosis, and formulating treatment strategy and treatment planning.
10. We keep a record of and refer to that record of any treatment given and details of progress of your case, including reviews of treatment planning to enable us to: review the full traditional diagnosis, treatment strategy and planning; and to secure evidence in the event of criminal proceedings, civil litigation, an insurance claim or complaint.
11. We record and use any information and advice that we have given, especially when referring patients to any other health professional, to help you to receive the most appropriate treatment and to secure evidence in the event of criminal proceedings, civil litigation, an insurance claim or complaint.
12. We record any decisions made in conjunction with you to help you to receive the most appropriate treatment and to secure evidence in the event of criminal proceedings, civil litigation, an insurance claim or complaint.
13. We keep accident records for any patients, visitors or staff who are involved in accidents at our clinic in accordance with UK Health and Safety legislation including the Reporting of Injuries, Diseases and Dangerous Occurrences Regulations (RIDDOR) to comply with the law and to secure evidence in the event of criminal proceedings, civil litigation, an insurance claim or complaint.
14. In the event of an adverse incident occurring to any of our patients we report the matter to the British Acupuncture Society or British Acupuncture Council or British Acupuncture Association and our insurance company to enable the insurance company to deal with any potential claims and to help the British Acupuncture Society or British Acupuncture Council or British Acupuncture Association to develop its safe practice guidelines.
15. Where relevant we maintain records of the patient’s consent to treatment, or the consent of their next-of-kin in order to be able to prove that the patient (and/or parent/guardian/next of kin) has given informed consent to treatment to secure evidence in the event of a civil claim, criminal prosecution, insurance claim or complaint.
Section 16 applies to those who complain about our services
16. When we receive a complaint from a person we make up a file containing the details of the complaint. This normally contains the identity of the complainant and any other individuals involved in the complaint.
We will only use the personal information we collect to process the complaint and to check on the level of service we provide. We usually have to disclose the complainant’s identity to whoever the complaint is about. If a complainant doesn’t want information identifying him or her to be disclosed, we will try to respect that. However, it may not be possible to handle a complaint on an anonymous basis. We may need to provide personal information collected and processed in relation to complaints to the British Acupuncture Council or our insurance company.
We will keep personal information contained in complaint files in line with our retention policy. This means that information relating to a complaint will be retained for two years from closure. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.
Similarly, where enquiries are submitted to us we will only use the information supplied to us to deal with the enquiry and any subsequent issues and to check on the level of service we provide.
Sections 17 – 18 apply to our website users
17. When someone visits our website we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. If we do want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it.
18. We use a third party service, wix.com, to host our website including publishing our blog. This site is hosted at (wix.com), which is run by (wex.com). We use wix.com to collect anonymous information about users' activity on the site, for example the number of users viewing pages on the site, to monitor and report on the effectiveness of the site and help us improve it. For more information about how wex.com processes data, please see https://www.wix.com/about/privacy.
4. How do we protect and use your personal information?
Online privacy and information security is a key aspect of our customer service to you and we take it extremely seriously. We use a variety of the latest technologies and procedures to protect your personal information at all times from unauthorised access, alteration, use, disclosure, or destruction.
We have legal obligations, under the EU General Data Protection Regulation and the UK Data Protection Act 1998, to process any personal information that you provide to us securely and fairly. Each time you provide us with personal information we will let you know how we intend to use it.
Your usage of our website is your responsibility and we assume you are completing information that is your own. We’d prefer you did not complete information on someone else’s behalf but if you do please ensure you have obtained explicit permission to share it.
5. How long do we keep your personal information for?
We keep your personal data for no longer than reasonably necessary.
We keep patient records for a period of 7 years in accordance with the British Acupuncture governing bodies Code of Professional Conduct https://www.acupuncture.org.uk/public-content/effective-practice/bacc-professional-codes.html
Data will be modified as required in order to keep your records up to date and accurate either through a health consult with yourself face to face, or if you provide that information via email or text.
All information is held electronically and will be deleted when the need to destroy it arrives including the emptying of recycling bins.
At any time you may request that changes are made to your contact details.
6. Who do we share your personal information with and how do we do it?
When customers have provided personal information to The Miller's Way Project, this information may be shared with the relevant team member/department to ensure that the best service is provided to the customer.
All personal information is shared in a manner that is compliant and protects the privacy of the individual.
The Miller's Way Project does not sell any personal information to third parties.
The Miller's Way Project may be required to disclose personal information in response to lawful government requests, including to meet national security or law enforcement requirements.
As part of the services offered to you through this website, the information which you give to us may be transferred to countries outside the European Union (“EU”). For example, some of our suppliers may be Privacy Shield whereby participating companies are deemed to have adequate protection and therefore facilitate the transfer of information from the EU to the US. If you use our services while you are outside of the EU, your information may be transferred outside the EU to give you those services.
7. Your rights and your personal data
Unless subject to an exemption under the GDPR, you have certain rights with respect to your personal data as set out below.
· The right to request a copy of your personal data which we hold about you.
· The right to request that we correct any personal data if it is found to be inaccurate or out of date.
· The right to request your personal data is erased where it is no longer necessary for us to retain such data.
· The right to withdraw your consent to the processing at any time. This right does not apply where we are processing information using a lawful purpose other than consent.
· The right to request that we provide you with your personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), (where applicable) [This right only applies where the processing is based on consent or is necessary for the performance of a contract with you and in either case the we are processing the data by automated means].
· The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing.
· The right to object to the processing of personal data, (where applicable) [This right only applies where processing is based on legitimate interests (or the performance of a task in the public interest/exercise of official authority); direct marketing and processing for the purposes of scientific/historical research and statistics].
· The right to be informed if your data is lost. We shall also inform the Information Commissioner’s Office in accordance with the time limits in the GDPR.
· The right to lodge a complaint with the Information Commissioner’s Office.
For further details about these rights please see the Information Commissioner’s website at https://ico.org.uk/for-the-public/is-my-information-being-handled-correctly/
8. IP Address
If you are connected to the internet you will have an IP Address. The address will be automatically collected and logged as part of the connection of your computer to our web server and may be used to determine the total number of visits to each part of the site. If there is a security breach the Internet Service Provider will identify the relevant IP Address and the user may be contacted.
10. Scope of this policy
Links within this site to other websites are not covered by this policy.