top of page

Privacy Policy

​

Last updated: 7.7.25

About This Policy

Evergreen Chiropractic is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, store, and protect your personal data when you visit our website, use our services, or interact with our practice.

We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Who We Are

Data Controller:

  • Practice Name: Evergreen Chiropractic

  • Address: Lankelly Fowey RFC, Lankelly Lane, Fowey

  • Contact: Charlotte Jack, admin@evergreenchiro.co.uk

  • Data Protection Officer: Dr. Timothy Jack & Dr. Charlotte Jack

What Personal Information We Collect

Patient Information

When you become a patient or enquire about our services, we may collect:

Health Data:

  • Medical history and health conditions

  • Details of symptoms and presenting complaints

  • Previous treatments and medications

  • Treatment notes and care plans

  • X-rays and diagnostic images

  • Outcome measurements and progress reports

Personal Details:

  • Name, date of birth, and gender

  • Contact information (address, phone number, email)

  • Emergency contact details

  • National Insurance number (where required)

  • Insurance details (if applicable)

Financial Information:

  • Payment method details

  • Billing address

  • Insurance claim information

Website Visitors

When you visit our website, we may collect:

  • IP address and device information

  • Browser type and version

  • Pages visited and time spent on site

  • Referring website information

  • Cookies and similar tracking technologies

Communication Records

  • Email correspondence

  • Phone call logs (where recorded)

  • Appointment booking details

  • Feedback and survey responses

How We Collect Your Information

We collect personal information through:

  • Direct provision: Information you provide when booking appointments, during consultations, or through forms

  • Website interaction: Data collected through cookies and analytics

  • Third parties: Referrals from GPs, other healthcare providers, or insurance companies

  • Automatic collection: Treatment notes and clinical observations during care

Legal Basis for Processing

We process your personal data under the following legal bases:

Health Data (Special Category Data)

  • Explicit consent: For direct marketing and non-essential communications

  • Healthcare provision: For the provision of health or social care (Article 9(2)(h) UK GDPR)

  • Vital interests: In emergency situations to protect your health

  • Legal obligation: To comply with professional and regulatory requirements

Other Personal Data

  • Contract performance: To provide chiropractic services and fulfill our obligations

  • Legitimate interests: For practice administration, quality improvement, and business operations

  • Legal obligation: To comply with professional standards, regulatory requirements, and legal obligations

  • Consent: For marketing communications and optional services

How We Use Your Information

Clinical Care

  • Providing chiropractic treatment and healthcare services

  • Maintaining clinical records and treatment plans

  • Monitoring treatment outcomes and progress

  • Referring to other healthcare professionals when necessary

  • Managing appointments and scheduling

Practice Administration

  • Processing payments and insurance claims

  • Managing patient records and databases

  • Communicating about appointments and treatments

  • Handling complaints and feedback

  • Ensuring quality of care and safety

Legal and Regulatory Compliance

  • Meeting professional standards set by the General Chiropractic Council (GCC)

  • Complying with clinical governance requirements

  • Maintaining records for regulatory inspections

  • Responding to legal proceedings or investigations

Marketing and Communications (with consent)

  • Sending newsletters and health education materials

  • Providing information about new services

  • Sending appointment reminders and follow-up communications

Sharing Your Information

We may share your personal information with:

Healthcare Providers

  • GPs and medical specialists (with your consent or clinical necessity)

  • Other chiropractors or healthcare professionals involved in your care (with your consent or clinical necessity)

  • Physiotherapists, osteopaths, and other allied health professionals (with your consent or clinical necessity)

  • Emergency services (in urgent situations)

Professional and Regulatory Bodies

  • General Chiropractic Council (GCC) for regulatory purposes

  • Professional indemnity insurers

  • Legal advisors (under legal professional privilege)

Service Providers

  • IT support and software providers (under strict data processing agreements)

  • Accounting and bookkeeping services

  • Secure document storage and destruction services

Insurance and Payment Processing

  • Private health insurance companies (with your consent)

  • Payment processing services

  • Credit reference agencies (where necessary)

Legal Obligations

  • Law enforcement agencies (where legally required)

  • Court proceedings or legal investigations

  • Child protection or adult safeguarding services (where necessary)

International Transfers

We do not routinely transfer personal data outside the UK. If international transfers are necessary (e.g., for specialist software or emergency consultations), we ensure:

  • Adequate protection through UK GDPR adequacy decisions

  • Appropriate safeguards such as Standard Contractual Clauses

  • Explicit consent for transfers where required

Data Retention

We retain your personal information for the following periods:

Clinical Records

  • Adults: 8 years from the date of last treatment

  • Children: Until age 25 or 8 years from last treatment (whichever is longer)

  • Mental health records: 20 years from last contact

  • X-rays and imaging: Minimum 8 years

Administrative Records

  • Financial records: 7 years from end of financial year

  • Appointment records: 3 years from last appointment

  • Insurance claims: 7 years from claim settlement

  • Marketing communications: Until consent is withdrawn

Website Data

  • Analytics data: 26 months

  • Contact form submissions: 3 years

  • Cookie data: As specified in our Cookie Policy

Records may be retained longer where required by law, professional standards, or ongoing legal proceedings.

Your Rights

Under UK GDPR, you have the following rights:

Access Rights

  • Right to access: Request copies of your personal data

  • Right to portability: Receive your data in a machine-readable format

Correction and Control

  • Right to rectification: Correct inaccurate or incomplete data

  • Right to erasure: Request deletion of your data (subject to legal and professional obligations)

  • Right to restrict processing: Limit how we use your data

Objection Rights

  • Right to object: Object to processing based on legitimate interests

  • Right to withdraw consent: Withdraw consent for marketing or optional processing

Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling.

Important Note: Some rights may be limited where we have overriding legitimate interests, legal obligations, or professional duties (particularly for clinical records).

How to Exercise Your Rights

To exercise your rights or make a request:

  1. Contact us in writing:

  2. Provide identification: We may request proof of identity for security

  3. Specify your request: Clearly state which right you wish to exercise

  4. Response time: We will respond within one month (may be extended for complex requests)

Data Security

We implement appropriate technical and organizational measures to protect your personal information:

Technical Measures

  • Encryption of data in transit and at rest

  • Secure IT systems with regular updates and patches

  • Multi-factor authentication for system access

  • Regular security monitoring and threat detection

  • Secure backup and disaster recovery procedures

Organizational Measures

  • Staff training on data protection and confidentiality

  • Access controls limiting data access to authorized personnel

  • Clear data handling policies and procedures

  • Regular security audits and assessments

  • Incident response and breach notification procedures

Physical Security

  • Secure premises with controlled access

  • Locked filing cabinets for paper records

  • Clean desk policy and secure disposal procedures

  • CCTV monitoring of practice areas

Cookies and Website Analytics

Our website uses cookies and similar technologies to:

  • Ensure website functionality and security

  • Analyze website usage and improve user experience

  • Remember your preferences and settings

For detailed information about our use of cookies, please see our separate Cookie Policy.

Data Breaches

In the unlikely event of a data breach, we will:

  • Assess the risk to individuals' rights and freedoms

  • Notify the ICO within 72 hours (where required)

  • Inform affected individuals without undue delay (where high risk)

  • Implement measures to minimize harm and prevent recurrence

Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of these external sites. Please review their privacy policies before providing any personal information.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect:

  • Changes in law or regulation

  • New technologies or treatment methods

  • Changes to our services or business practices

We will notify you of significant changes by:

  • Posting the updated policy on our website

  • Email notification (where we have your consent)

  • Notice in our practice

Contact and Complaints

Contact Us

For any questions about this Privacy Policy or our data protection practices:

Evergreen Chiropractic

  • Address: The Old Duchy Palace, Quay Street, Lostwithiel, Cornwall PL22 0BS

  • Phone: [Insert phone number]

  • Email: [Insert email address]

  • Data Protection Officer: Dr. Timothy Jack & Dr. Charlotte Jack

Making a Complaint

If you are unhappy with how we handle your personal data, you can:

  1. Contact us directly to resolve the matter

  2. Complain to the ICO:

    • Website: ico.org.uk

    • Phone: 0303 123 1113

    • Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

Professional Complaints

For complaints about clinical care, you may also contact:

  • General Chiropractic Council: Tel: 020 7713 5155 | Website: gcc-uk.org

Summary of Key Points

We collect: Health data, personal details, and website information necessary for providing chiropractic care and running our practice.

We use data for: Clinical treatment, practice administration, legal compliance, and communications (with consent).

We share with: Healthcare providers, professional bodies, and service providers (with appropriate safeguards).

We protect: Your data through technical, organizational, and physical security measures.

Your rights: Access, correction, deletion, objection, and withdrawal of consent (subject to professional obligations).

Contact: [Insert contact details] for any questions or to exercise your rights.

This Privacy Policy is compliant with UK GDPR and Data Protection Act 2018. It should be reviewed regularly and updated as necessary.

bottom of page