As a patient of Steve Drew and Jill Drew Partnership (incorporating Steve Drew Orthopaedic surgeon and Jill Drew Physiotherapy and their employees) we are advising you how we as a partnership will be handling your data to comply with the new GDPR laws that came into effect on 25.5.18
We are registered with ICO and the data protection officer is: Mr Steve Drew
How we use your data
The personal data we collect about you will include data relating to your name, address, date of birth, telephone numbers, email address, who referred you to us and if applicable your private Medical Insurance (PMI) details. If you have been referred to us by your solicitor or their representative these details will also be included. We will process your data to allow us to provide you with our services. Your data will be used to manage future communications between us including information regarding your appointments, surgery, and other communication regarding your medical care e.g exercises or advice sheets, referral for a scan. We may also use your data to communicate with other clinicians e.g your GP, another consultant or therapist, hospitals or to request scans or other tests. If you have been referred to us by a solicitor or their representative we may also use your data in our communications with them. We will only use your data for the purpose for which it was collected.
We do not share your data with any third party without your permission. If your PMI company requests information this can only occur with your prior consent. You can opt out from receiving communications from us at any time by emailing email@example.com
How we store your data
All data is stored on a secure server as part of our clinical database. Your clinical notes (both paper and electronic record ) are stored securely for a period of up to 8 years as required by the law. All electronic data is password protected and is only accessible by authorised individuals.
Steve Drew Orthopaedic surgeon and Jill Drew Physiotherapist
Web site Browsing
Anonymous browsing history is collected using Google Analytics.We do not collect, store or record any personal information whilst you browse our web sites:
Contact us Forms (web based form)
We will only use the information you supply to reply to your messages. We do not store this information.
If you have given us permission we will add you to our Newsletter mailing list.
On or prior to your first appointment you will be asked to complete a registration form. This form will collect the following details:
Date of Birth
GP and / or referring clinicians details
Private medical Insurance (PMI) details (if applicable)
The purpose of this information is to allow us to manage your care. The PMI details are used to invoice your insurer as appropriate or to communicate directly with them if appropriate. None of your information is passed to a third party unless under your explicit consent to release details.
Your PMI may ask for reports of your sessions but this will only occur with your consent.
We may need to write a letter to your GP, a consultant or another person involved in your treatment. For this purpose we will use your name, DOB, address and relevant medical details on that letter. You can also request to receive a copy of the letter.
E-mail use Policy:
Your email address will be added to our database and may be used for contacting you in regards to your appointments, to send you information related to your care such as exercises and educational material, and information related to payments such as invoices, receipts and reminders. We also send out an informative Newsletter periodically from which you can unsubscribe. Emails are sent from Gmail or Microsoft Outlook or other email providers. If you do not wish to receive any of this information please advise your clinician or you can email us at firstname.lastname@example.org
We will disclose your Personal Information where required to do so by law or in accordance with an order of a court of competent jurisdiction. We will also disclose your information if we believe that lawful disclosure is necessary to comply with the law and the reasonable requests of law enforcement or to protect the security or integrity of our Service.
The protection of your personal information is vitally important to us. We will strive to protect your Personal Information in all means reasonably required by us to do so. However, as no form of data transmission is 100% reliable we cannot guarantee its absolute security. Therefore we make no warranties as to the level of security afforded to your data. We will however always act in accordance with the relevant UK and EU legislation.
This Policy shall be governed and construed in accordance with the laws of England and Wales, without regard to its conflict of law provisions.
Jill and Steve Drew May 2018. Updated April 2020.