Patrick Murphy Northwich Vets, 469 Manchester Road, Lostock Gralam, Northwich, Cheshire, CW9 7XG
Data Controller Representative:
Beki Parratt Northwich Vets, 469 Manchester Road, Lostock Gralam, Northwich, Cheshire, CW9 7XG
General Data Protection Regulation 2017 (GDPR)
We are registered under the GDPR and comply with the Act in all our dealings with your personal data.
Northwich Vets is the data controller. This means we decide on how your personal data is processed and for what purposes.
Data Controller – A controller determines the purposes and meanings of processing personal data.
Data Processor – A possessor is responsible for processing personal data on behalf of a controller.
Data Subject – Natural Person
Processing – means any operations or set of operations which is performed on personal data or on sets of personal data whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise make available, alignment or combination, restriction, erasure or destruction.
Third Party – means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process data.
Categories of Data; Personal Data and Special Categories of Personal Data
Personal Data – The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular reference to an identifier (as explained in article 6 of GDPR). For example, name, home address, email address, passport number. Online identifiers include IP addresses and cookies.
Special Categories Personal Data – The GDPR refers to sensitive personal data as ‘special categories of personal date’ (as explained in article 9 of GDPR). The special categories specifically include genetic data, biometric data, where processed to uniquely identify an individual. Other examples include racial and ethnic origin, sexual orientation, health data, trade union membership, political opinions or religious beliefs. Northwich Vets does not hold any special category data on clients.
Use and collection of personal information-legal basis and purpose
We require your personal data as it is a necessary contractual requirement for us to care for your pet.
When you register your pet with us, it is a necessary contractual requirement in order to provide acceptable levels of veterinary care we will ask you for some personal details:- name, address, landline, mobile and email address, we will process your information for the following purposes:-
- Contacting you with Vaccination Booster reminders and Medication administration reminders.
- Communication from clinical staff in relation to your pet (test results, updates post operation, follow up calls post operation).
- Purposes in the running of the business e.g. accounts and management.
We will also process your data for the purposes of keeping you updated with the practice news, pet healthcare plan promotions, current practice promotions and events. Our legal basis for processing your data in this way is you providing us with your consent.
If you do not want us to use your data for marketing, please tick the relevant box situated on the Data Consent Form or tell our Reception Staff when they collect your data. This will not affect the quality of care we offer you and your pet.
We will also process your data for our own legitimate interests, for good governance, accounting, managing and auditing our business operations. We also analyse data such as how many clients use a certain flea product and develop statistics.
More information on lawful processing can be found on the ICO website.
There may be occasions where we will pass your personal data on to third parties who are involved in your pet’s healthcare or the daily running of Northwich Vets. We may disclose your personal information to the following third parties with your consent or as a contractual requirement in order to provide acceptable levels of veterinary care:
- Specialist Vet involved in your pets care.
- Specialist Labs when we refer your pet for further tests.
- You ask us to make a claim under your Pet Insurance Policy.
- Setting up a Direct Debit on our VIP Club Scheme via Lloyd & Whyte (contractual obligation).
- Transferring clinical records to another vets if you move practices.
- Small Claims Court/Debt Collection Agency
- If we are under a legal duty to disclose or share your personal data in order to comply with or meet any legal obligation.
We endeavour to take all reasonable steps to protect your personal information we hold on our computer system. We use Individual passwords, Firewalls, Antivirus software, email encryption and complete regular backups. We make sure all our security software is automatically updated. Any personal data we obtain on paper will be shredded where possible once scanned on to our client and pet computer software.
We will not give out personal information unless we can reasonably confirm your identity or interest. We may wish to call you back or follow up the conversation in writing. The only time we will disclose personal data is when we are to comply with or meet any legal obligation.
Retention of Personal Data
If our Records show you have not visited Northwich Vets for a period of 3 years, we will inactivate your details. If your pet sadly passes away we will inactivate your account after 1 year unless you have other pets or register a new pet with us. The reason for this length of retention is in case of any legal claims/complaints.
Under the Act you have a number of rights:
You have the right to restrict the data processing of your personal data for marketing purposes. You can exercise your right to prevent this happening by ticking certain boxes on the Data Consent Forms we use to collect your data or when asked by our Reception Staff.
You have the right of access to personal data (as defined under the Data Protection Act) that we keep about you upon receipt of a written request. Any request should be sent to: Patrick Murphy, Northwich Vets, 469 Manchester Road, Lostock Gralam, Northwich, Cheshire, CW9 7XG. We aim to provide the requested information within one month of receiving your written request in an electronic format or hard copy (data portability).
You have the right for your data to be rectified if you deem it to be inaccurate or incomplete.
You have the right to the deletion and removal of personal data in specific circumstances.
You have the right to have your data processing restricted where there is a dispute in relation to the accuracy or processing of your personal data.
You have the right to object at the point of first communication to the processing of personal data for direct marketing and the data processing based on the legal basis of legitimate interests.
Please write to Patrick Murphy at the above address if you wish to exercise your rights.
Transfer of Data Abroad
We do not transfer personal data outside the EEA.
The Direct Debit processors for our VIP Club process the direct debit forms within the EEA.
A processor we use for our practice newsletter use Mailgun to despatch the emails from CAPI and they are part of EU-US Privacy Shield compliant under articles 45-47 of the GDPR.
Automated Decision Making
We do not use any form of automated decision making at Northwich Vets.
If we wish to use your personal data for a new purpose, not covered by this Data Privacy Notice, then we will make a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions.
How to make a complaint
If you are not entirely satisfied with the way in which we handle your personal data you have the right to complain to the Information Commissioners Office 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.
1 ICO 2016 Data Protection Training checklist for small and medium sized organisations
2 RCVS Client Confidentiality 2017
3 Retention of Records -The Veterinary Defence Society Ltd 2017
4 ICO Nov 2017 Guide to GDPR