Privacy Notice

Privacy Notice – Nottingham Chiropractor
This privacy notice explains what to expect when you visit our website or when you provide us with your personal information. It describes how we, Nottingham Chiropractor Limited (trading as Nottingham Chiropractor), collect and use your personal data.

We are committed to protecting your personal information and being transparent about what we do with it. We are registered with the Information Commissioner’s Office (ICO) and comply with the UK General Data Protection Regulation (UK GDPR).

Data Controller and Data Protection Lead
The data controller is Nottingham Chiropractor Limited. If you have any questions about this privacy notice or how we use your personal information, please contact our Data Protection Lead:

• Marc Sanders, 178 Loughborough Road, Ruddington, Nottingham, NG11 6LF
• Email: marc@nottingham-chiropractor.co.uk

What type of personal data do we hold about you?
We hold personal data about you in order to provide our services, including, for example: name, contact details, age or date of birth, your requirements for our services, related biographical and background information relevant to our services, records of the services we have provided, and associated payments.

This includes special category data relevant to our services, including: background medical information and health details from you, information about our assessments and treatments for you, and other information about your health which is collected or recorded by us in providing our services.

It may also include special category data used for equal opportunities monitoring, such as information about your race or ethnicity.

Why we collect and process your data
We collect and process your personal data for the following purposes:

• To provide you with safe and effective chiropractic care and services.
• To maintain accurate and up-to-date clinical records in accordance with our legal and professional obligations.
• To use secure systems to assist in the creation of accurate clinical notes, allowing your practitioner to focus fully on your care and treatment.
• To communicate with you about your appointments and clinical updates.
• To process payments for your treatment.
• To respond to any queries or complaints you may have.

Our legal basis for processing your personal data is our legitimate interest in running an effective practice and our contract with you. Our legal basis for processing your special category (health) data is for the provision of health or social care (Article 9(2)(h) of UK GDPR).

Use of AI-assisted clinical note-taking
To help our practitioners create accurate clinical notes and focus fully on your care, we use a secure system called Heidi during consultations.

This process may involve a temporary audio recording of your consultation using a secure clinic-controlled device. The recording is used solely to support accurate clinical documentation.

Recordings are securely stored and deleted as soon as reasonably practicable after your consultation, and no later than the end of the next working day.

The consultation is transcribed into text notes, which are reviewed and confirmed by your practitioner before being added to your clinical record. No decisions about your care are made solely by automated systems.

If you would prefer not to use this method, please let your practitioner know and we will take notes manually instead.

How it works and how your data is protected:

• Temporary recordings are securely handled using encrypted systems and restricted access.
• Recordings are used only to support the creation and verification of clinical notes and are not used for any other purpose.
• Recordings are deleted as soon as reasonably practicable and no later than the end of the next working day.
• Clinical notes are securely stored within your patient record system in accordance with UK GDPR and professional standards.

Who we share your data with
We only share your data with trusted third-party service providers when it is necessary for the delivery of our services. All our providers are UK GDPR compliant and process your data only according to our instructions. These providers include:

• Practice Management Software: PracticeHub
• Administrative & Virtual Assistance: BalanceVA
• Payment Processors: GoCardless, Stripe
• Clinical Documentation and Assessment Tools: Heidi, Vald
• Digital & Marketing Support: HMDG, Apple, Facebook, Instagram, Google
• Financial & Accountancy Services: UHY accountants, Xero
• Secure Communications or Automation: Clover
• Security & CCTV: Yale

Data Retention
Your clinical records are stored for a minimum of 8 years after your last visit (or until age 25 for children), in line with our legal and professional obligations.

Temporary recordings used for clinical note-taking are retained only for the purpose of completing and verifying clinical notes. These recordings are deleted as soon as reasonably practicable and no later than the end of the next working day.

Your Rights
You have the right to:

• Access a copy of the data we hold about you.
• Request corrections if data is inaccurate.
• Ask for certain data to be erased or restricted (within legal limits).
• Withdraw your consent to receive marketing communications at any time.

You also have the right to object to the use of temporary recordings during your consultation, and we will use manual note-taking instead.

To exercise these rights, please contact our Data Protection Lead.

Security
We have appropriate security measures in place to prevent your personal data from being lost, accessed, or used in an unauthorised way. This includes secure handling of any temporary recordings used for clinical documentation.

Cookies
Our website uses cookies to understand how visitors use it and to improve the experience. For full details, please see our separate Cookies Policy.

Changes to this privacy notice
We may update this notice from time to time. The most recent version will always be posted on our website.