Privacy policy

Your privacy is important to us.

Confidentiality & your patient records – our professional obligations

For patients in the UK, we abide by the Code of Professional Conduct of the British Acupuncture Council.  Amongst other things, this requires us to:

  • Keep all information, medical or otherwise, about you entirely confidential, and such information may only be released with your explicit consent, other than in exceptional circumstances.
  • Disclosures without consent may be necessary in the public interest if our duty to society overrides our duty to you. This may be because you are putting yourself or others at serious risk by, for example, the possibility of a violent or criminal act or failing to report a notifiable illness
  • A court may order us to disclose information about you. In such circumstances only information relevant to the proceedings should be disclosed.
  • Retain your records for seven years, and destroy them after that time.

Your consent

Our process for your consent to our use of cookies is as described below.

Our process for your consent to our use of your contact details for marketing purposes is as described below.  You can withdraw your consent at any time by emailing us at the address below, using ‘unsubscribe’ as the title of your email.

For any further information including health information that you provide us with via this website, we will view your choice to provide this information as agreement to us processing your data in line with this privacy policy.  Additionally, if you proceed to treatment with us, at your first appointment we will formally seek your consent to our processing of your data (and of course, your consent to treatment itself).

You are under no obligation to provide us with any data, but not providing some or all of it may limit the services we can provide to you, or the quality of those services.

Cookies

This website uses cookies, to improve your experience of our site.  For an explanation of what these are, please see Wikipedia’s description of cookies.

Some of our suppliers may also use cookies within our website, for example Google Analytics (Google’s privacy policy) and Facebook’s marketing pixels (Facebook’s privacy policy).

We will ask you to consent to our use of cookies the first time you visit this site.  If you prefer not to consent to this, please do not proceed to use this site.

Or, your internet browser may allow you to block cookies in general, see this Google search on how to do this.

Sharing your data – for marketing purposes

We will not share your data with any third party for them to market their products or services to you.

Sharing your data – our service providers

The data you provide us with may also be processed by our service providers, who include:

We rely on these service providers to protect your data appropriately, and we do not accept liability for their services.

How we obtain your data

The source of this information will be your use of this website, emails and other messages you have sent us, forms you have completed for us, and phone calls and conversations with us, when you enquire about, or make use of, our services.

How we use your data

We may process your data for the purposes and reasons below.

Usage data such as your IP address, location, length of visit, etc.  This is for the purpose of analysing and improving our website.  Our legal basis for this is our legitimate interests of providing our services and running our business.

Contact details (within the GDPR definition of ‘personal data’).  For the purpose of:

  • Arranging your appointments. Our legal basis for this is our legitimate interests.
  • To send you marketing materials. We will only do this more than once if you have opted in by registering to receive our updates/newsletters/etc.  Our legal basis for this is our legitimate interests and/or your consent.  You can withdraw your consent at any time by emailing us at the address below, using ‘unsubscribe’ as the title of your email.

Date of birth (‘personal data’).  For the purpose of identifying you separately from any other patient with the same name, or referring you to another health or medical practitioner.  Our legal basis for this is our legitimate interests.

Your health information, including your presenting complaint(s) and symptoms, and your relevant medical and family history, and our clinical findings (‘special category data’).  For the purpose of a full traditional diagnosis, treatment strategy and treatment planning.  Our legal basis for this is our legitimate interests and that it is necessary for the provision of health treatment pursuant to our contract together and that we are subject to obligation of professional secrecy under EU or UK law.

Your GP’s name and address (‘personal data’).  For the purposes of contacting your GP if necessary, including in the event of an emergency.  Our legal basis for this is our legitimate interests.

The treatments you receive from us (‘special category data’).  For the purpose of:

  • Reviewing your diagnosis, treatment strategy and planning. Our legal basis for this is our legitimate interests and that it is necessary for the provision of health treatment pursuant to our contract together and that we are subject to obligation of professional secrecy under EU or UK law.
  • Necessary in the event of a criminal prosecution, civil action, insurance claim or complaint. Our legal basis for this is our legitimate interests and necessary for legal claims.

Attendance details (‘personal data’).  For the purpose of:

  • Keeping a record of when you were treated, in the event of a criminal prosecution, civil action, insurance claim or complaint. Our legal basis for this is our legitimate interests.
  • Necessary as a record for tax purposes. Our legal basis for this is our legal obligation.

Record of your consent (or your next of kin’s), any decisions we make together, or information or advice we give including in the event we refer you to another health professional (‘special category data’).  Our purpose is that this is necessary in the event of a criminal prosecution, civil action, insurance claim or complaint.  Our legal basis for this is our legitimate interests and necessary for legal claims.

Accident records for patients, practitioners and staff, if you are involved in an accident while using our services (‘special category data’).  For the purpose of compliance with accident reporting legislation (RIDDOR in the UK).   Our legal basis for this is our legal obligation.

Adverse incident reports, if you are involved in an adverse incident while using our services (‘special category data’).  For the purpose of helping the acupuncture profession develop safer practice.  Our legal basis for this is our legitimate interests.

International transfer of your data

Some or all of our team may be temporarily or permanently based outside the UK and the EU, including in Australia.  We will continue to apply this privacy policy to your data.

Automated decision making

We do not use any automated decision making in relation to your data.

Your rights

In the UK, under the GDPR, you have:

  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights in relation to automated decision making and profiling.

You can find more information on this on the Information Commissioner’s website.

For your data where the legal basis for our processing is your consent, you have the right to withdraw that consent at any time, by emailing us at the address below.

Complaints

You can lodge complaints with the Information Commissioner’s Office and the British Acupuncture Council.

Updates to this policy

To make sure we are doing a good job in looking after your privacy, we may update this policy from time to time.

You can re-check this page to see the current policy at any time.

If we make substantial changes we may let you know about these by email.

Improvements to this policy

Your privacy is important to us, and we are doing our best to protect it appropriately.

If there is something about this policy that you think could be improved, please let us know, our contact details are as below.

About us

This website is owned and operated by Jessica Kennedy Ltd, registered in England and Wales with company registration number 06704090.  Our registered address is at 7 New Road, Bledington, Chipping Norton, OX7 6UU, United Kingdom.

For the purposes of GDPR (General Data Protection Regulation), the data controller is Jessica Kennedy Ltd.

You can contact us using the form on this website or by emailing jessica@jessicakennedy.com.