Privacy Policy
Amber Osteopathy Ltd is committed to ensuring that your and your family’s privacy is protected in accordance with the law. This privacy policy explains what information Amber Osteopathy Ltd may collect, how it is protected and how this information may be used, in accordance with the General Data Protection Regulations 2016 (GDPR) and country-specific data protection legislation.
Any information that we hold on you will only be used in accordance with this privacy policy and any consent that you have provided to us on our website; sign-up forms; on registration as a patient; or during any clinical appointments.
We may change this policy from time to time and the latest copy will always be available on this website page, at our premises and on request. You should check this policy from time to time to ensure that you are aware of the latest version and are happy with any changes. This policy version is effective from 17.05.2024.
Who are we?
Amber Osteopathy Ltd and Amber Health are both trading names of Amber Osteopathy Ltd, registered in England. Company no. 06545179. 19 High Street, Baldock, Herts, United Kingdom, SG7 6AZ. Email info@amberhealth.co.uk. During this document we may refer to this Company as ‘Amber Health’, ‘we’ or ‘our’ and we are a Data Controller in terms of data protection classification. Amber Health work with several well-known, accredited and trust-worthy Data Processors including Atlas Health Group Ltd, our parent company, and Microsoft, who are also bound by Data Protection and GDPR legislation.
Our Information Security Commitment
Amber Health are committed to ensuring that your information is confidential and secure. In order to prevent unauthorised access or disclosure, we have implemented suitable physical, electronic and managerial procedures to safeguard and secure the information we collect and securely store online, within the clinical environment and within our vital data processing and storage systems. Amber Health are registered with the Information Controllers Office (ICO), are registered for PCI-DSS compliance as part of our card data security measures and are currently applying for non-compulsory Cyber Essentials IT Security accreditation as part of our commitment to data security.
Defining Personal Data.
Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Amber Health, in the course of its business, is required to process data. Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
What Information may Amber Health collect about me?
We may collect the following information about you as a web-user, social media contact or if you sign-up to our marketing database via a contact form:
- Name, Email address, Birthday, IP Address, contact preferences.
- Other information relevant to customer surveys and/or offers such as hobbies.
In addition, as a prospective or registered patient we may also collect (and legally may be obliged to collect) the following data:
- Additional personal information such as date of birth, title.
- Contact information including address, email address, contact phone numbers.
- Next of kin or family members already registered with Amber Health
- Demographic information such as address, postcode, preferences and interests.
- Medical contact information such as GPs, consultants or other allied professionals.
- Health insurance details such as policy number, authorisation code, excess.
- Clinical information including current injury or episode of care, past medical history, family structure and medical history, current or past medications, allergies, social status and history including job title, work status, hobbies, exercise frequency.
- Referral letters, investigation reports or copies, solicitor and health insurance correspondence.
We do not store credit card details and all card transactions are undertaken in accordance with PCI-DSS requirements to ensure that your card data is protected at all times.
How will Amber Health use the information it collects about me?
Amber Health may use your information for several purposes including:
- To provide and improve our services, activities, marketing and online content.
- To provide you with relevant and useful information.
- To contact you regarding a comment or submission you have made on our social media or website.
- To enable us to contact you to deal with your requests or enquiries and provide excellent customer service.
- For service administration such as appointment reminders, invoicing, account updates, clinical follow-up and correspondence.
- For clinical assessment, treatment, management and liaison including (with your permission) correspondence with third parties such as referrers; medical insurers; your GP; consultant; allied or related professionals such as a therapist, personal trainer, Pilates teacher; your employer and any other relevant party.
- We may also use your information to contact you for market research or service improvement purposes. We may contact you by email, phone or mail.
- We may use the information to customise our(s) website according to your interests.
- We may also show you relevant advertising on third party sites.
- For analysis and research purposes to improve our services. This may include analysis of non-identifiable information such as postcode area, age, gender, referral source, appointment type, outcome however organisational measures are taken to ensure that this data is not combined to an extent that it becomes uniquely identifiable. Analysis can include using geodemographic information from external sources such as IP address location; Email open and click rates.
When will Amber Health Contact Me?
Amber Health may contact you:
- In relation to any service, activity or online content you or your child (under 16) have made enquiries about or registered for, in order to ensure that Amber Health can deliver these services, e.g. to verify your email when you sign up for a Amber Health Appointment booking Log-in; to verify a ‘bounced’ Email address; to help you reset your password; to ensure that you have received an appointment reminder, invoice reminder or other ‘service’ communication.
- In response to a referral from a 3rdparty such as a medical professional, medical insurer, care organisation or solicitor.
- In relation to any correspondence we receive from you or any contact, comment or complaint you make to or about Amber Health, it’s products, services or content.
- In relation to any clinical services you are using.
- To invite you to participate in surveys about Amber Health, it’s products or services.
- To update you regarding changes to Amber Health’s terms and conditions, pricing or financial obligations, policies and practices.
- For marketing purposes, as set out in section 6.
We will never contact you to ask for your Amber Health online password, or other login information. Please be cautious if you receive any emails or calls from people asking for this information and claiming to be from Amber Health.
Will I be contacted for marketing Purposes?
Amber Health will only send you marketing emails, mailshots or personalised advertisements on our website or 3rd party sites (such as Facebook, Google, Instagram and Twitter) where you have agreed to this.
We offer periodic Email newsletters and news Emails, to let you know about Amber Health‘s products and services as well as relevant news content such as medical research findings. We may personalise the message content based upon any information you have provided to us.
If you don’t want to be shown targeted advertising messages from Amber Health, some third party sites allow you to request not to see messages from specific advertisers on that site.
If you change your mind and wish to update your preferences or stop all personalised services from Amber Health, including targeted advertising messages on third party sites you can do so via the footer of any marketing Emails; by Emailing info@amberhealth.co.uk or by writing to us at our registered address.
Will Amber Health share my personal information with anyone else?
We will keep your information within Amber Health except where you have requested or consented for it to be shared or disclosure is required or permitted by law:
- To government bodies and law enforcement agencies, including for child or adult protection, safe-guarding or where we believe that any breach of applicable laws has taken place.
- We may share your personal information internally. For example, to enable invoicing, internal clinical referral or with another clinician in the absence of your clinician due to holiday or sickness.
- For clinical management and liaison including (only with your permission) correspondence with third parties such as referrers; medical insurers; your GP; consultant; allied or related professionals such as a therapist, personal trainer, Pilates teacher; your employer and any other relevant party.
Third parties such as health insurers and GP practices may also store your personal data, will have their own data security policies and are similarly bound by the Data Protection Act 1998, and the General Data Protection Regulation (GDPR) (EU) 2016/679. Amber Health has no control over these and you should contact these third parties directly should you wish to view their privacy policies.
Sometimes Amber Health uses third parties to process or store your information on our behalf, for example to provide card payment services; secure electronic data storage or data analysis. Amber Health requires that these third parties comply strictly with our instructions and that they do not use your personal information for their own business purposes, unless you have explicitly consented to the use of your personal information in this way. Some of the Companies that own software that we use to process data, such as Microsoft (Office 365), and Xero are based outside of the EU however each company has either opted to comply with Data Protection Act 1998, and the General Data Protection Regulation (GDPR) (EU) 2016/679 legislation or have been formally accredited.
Amber Health would only share information in circumstances where such disclosure is permitted under applicable laws, including data protection law.
How long will the Amber Health keep my personal information?
We will hold your personal information on our systems for as long as is necessary for the relevant activity, or as long as is set out in any relevant contract that we may hold with you.
The Records Management Code of Practice for Health and Social Care (2016) specifies different time frames and retention strategies for different types of medical records. For example, it specifies the need to keep adult medical records for at least 8 years and those of children and pregnant women, until the child is 25. All patient information processed by Amber Health after 2012 is stored securely in a cloud-based, practice management portal, TM3. BlueZinc IT Ltd own and operate this system, and they have their own extremely stringent internet safeguards, and security policies as a registered data processor.
Can I find out what personal information Amber Health holds about me?
You have the right to request details of the personal information which we hold about you under the Data Protection Act 1998, and the General Data Protection Regulation (GDPR) (EU) 2016/679. Requests should be made in writing to Amber Osteopathy Ltd, 19 High Street, Baldock, Herts, United Kingdom, SG7 6AZ stating what information you require or alternatively you may complete our Subject Access Request Form via Email. We also require additional identification (copies of two forms of ID) prior to releasing any information.
If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible at the above address. We will use all reasonable efforts consistent with our legal duty to provide or correct the personal information about you on our records.
Right to withdraw data protection consent.
You have the right to withdraw your consent to processing of your personal data at any time by writing to Amber Osteopathy Ltd, 19 High Street, Baldock, Herts, United Kingdom, SG7 6AZ.
Right to be forgotten
You have the right to request the erasure of all personal data that we hold about you if:
- The personal data is no longer necessary for the purpose which it was originally collected or processed.
- Consent is the lawful basis for holding the data, and you withdraw your consent.
- There is no legitimate interest to continue processing this information.
- The personal data is being processed for direct marketing purposes and you object to that processing.
- You are required to comply with a legal obligation to request that your data is erased.
You can delete your online access to our appointment booking system however this does not delete the clinical data that we hold for you.
Please note that there is not an absolute right for data to be erased and certain categories of information relating to healthcare are exempt from this right. Legal and ethical requirements to store or maintain certain documents may mean that we are unable to fully comply with a request to delete personal information that we hold about you however any decision and justification will be communicated to you.
How we use website cookies
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
We sometimes embed content from social media and other third party websites. These may include YouTube, Twitter, Facebook and Instagram. When you visit a page containing such content, you may be presented with cookies from these websites and these third party cookies may track your use of the BBC website, including the use of Google Analytics. Amber Health do not control the dissemination of these cookies and you should check the relevant third party’s website for more information. If you continue without changing your settings, we’ll assume that you are happy to receive all cookies on our website.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
Links to other websites
Our website may contain links to other websites of interest. Once you have used these links to leave our site, you should note that we do not have any control over that other website. We cannot therefore be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. These third party websites have their own privacy policies, and are also likely to use cookies, and we therefore urge you to review them.
Subscription to our Email and Direct Mail Database.
Website users, legitimate contacts and our registered patients are provided the opportunity to subscribe to our newsletter and other marketing Emails via a sign-up form hosted by Brevo.
Brevo is a well-known and highly-regarded third party which is also bound by the Data Protection Act 1998, and the General Data Protection Regulation (GDPR) (EU) 2016/679. Brevo has its own privacy policy which is available on it’s website.
The Newsletter informs our customers and business partners about our services, new team members, local charitable events, physiotherapy related information, and clinic news. You will only receive our newsletter if you have opted-in to receiving Email marketing from us. During sign-up the third party software may record the IP address of the computer used as this data is necessary in order to understand the (possible) misuse of the e-mail address of a data subject at a later date. Further information is available from Brevo.
If you change your mind and wish to update your preferences or unsubscribe, you can do so via the footer of any marketing Emails; by Emailing info@amberhealth.co.uk or by writing to us at our registered address.
Comments functionality on our Blog or website.
Amber Osteopathy Ltd offers users the possibility to leave individual comments on our blog and on some parts of our website. A blog is a web-based, publicly-accessible portal, through which one or more people called bloggers may post articles or write down thoughts in so-called blogposts. Blogposts may usually be commented on by third parties.
If you leave a comment on the blog, the comments are stored and published, as well as information relating to the date of the commentary and your pseudonym. Your IP address may be visible to, or stored by Amber Health.
If you any questions or comments about this Privacy Policy or the Data Protection Act 1998, and the General Data Protection Regulation (GDPR) (EU) 2016/679 please contact:
The Data Protection Officer
Amber Osteopathy Ltd
19 High Street,
Baldock,
Herts,
United Kingdom,
SG7 6AZ
info@amberhealth.co.uk