As we record and use sensitive data we take the protection of this data very seriously. We have therefore appointed a Data Protection manager, Gail johnston, who is your first point of contact for any matters regarding your personal data we process. She can be contacted on 01962 717817, her email address is and her postal address is Twyford Chiropractic clinic, hazeley road, Twyford, Winchester SO21 1FB

  1. Purpose of this privacy notice

This privacy notice aims to give you a summary on how Twyford Chiropractic Clinic collects and processes your personal data during and after your time as a patient.

The Twyford Chiropractic Clinic is the controller and responsible for your personal data (collectively referred to as Twyford Chiropractic Clinic, “we”, “us” or “our” in this privacy notice).

Name or title of Data Privacy Manager: Gail Johnston  Email address:

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (

  1. The data we collect about you

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together follows:

  • Identity Data includes
    [title, first name, last name, date of birth and gender].
  • Contact Data includes [email address, home address, billing address and telephone numbers].
  • Special Category Data includes information about your [health, genetics, sex life, sexual orientation, race, ethnic origin and religion].
  • Financial Data includes [bank account and payment card details].
  • Transaction Data includes [details about payments to and from you and other details of products and services you have purchased from us].
    1. How is your personal data collected?

    We use different methods to collect data from and about you including through:

    • Direct interactions. You may give us your Identity, Contact, Special Category and Financial Data when you become a patient.
    • Third parties. We may receive personal data about you from various third parties and public sources as set out below:
    • Referrers: who may provide us with Special Category data to facilitate your treatment with us.
    • Insurance Companies
    • Solicitors
    • Medical Doctors eg your GP
    1. Purposes for which we will use your personal data
    • Performance of our contract with you
    • To register you as a new patient or take steps to register you as a new patient.
    • To comply with our obligations under our contract, namely to provide you with the necessary treatment.
    • Legitimate interests
    • To collect and recover money owed to us.
    • Legal or regulatory obligation
    • We also rely on the legal or regulatory obligation ground to process your data in some circumstances.

    Condition under which we process your special category data

    To process your special category we rely on the contractual ground and also the special condition which allows health professionals to process the data for the purposes of preventative or occupational medicine, and the provisions of health care treatment.

    1. Disclosures of your personal data
    • We may have to share your personal data with the parties set out below:
    • Professional healthcare practitioners including [x-ray reporters to report on x-rays, MRI reporters to report on MRI’s,  radiologists and radiographers to facilitate a referral for imaging investigation, to keep your GP informed or other relevant medical doctor and any locum chiropractors working for us to facilitate your continued treatment]].
    • Service providers based in UK who provide IT and system administration services.
    • Service providers outside the UK who provide IT and system administration eg electronic diary
    • Professional advisers including lawyers, bankers, auditors and insurers based in the United Kingdom who provide consultancy, banking, legal, insurance and accounting services.
    • HM Revenue & Customs, regulators and other authorities based in the United Kingdom who require reporting of processing activities in certain circumstances.
    • Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets.
    1. Data security

    We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

    1. Data retention

    We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for.

    1. Your legal rights

    Under certain circumstances, you have rights under data protection laws in relation to your personal data.

    • Request access to your personal information (commonly known as a “data subject access request”).
    • Request correction of the personal information that we hold about you.
    • Request erasure of your personal information.
    • Object to processing of your personal information where we are relying on a legitimate interest.
    • Request the restriction of processing of your personal information. T
    • Request the transfer of your personal information to another party.
    • Withdraw consent at any time where we are relying on consent to process your personal data.

    If you would like to exercise any of the above rights, please contact Data Privacy Manager in writing.

    Please ask at reception or visit our website if you would like to read our full patient privacy policy