Your privacy matters
Privacy and confidentiality are hallmarks of the work that we do at Sleep Well Oxford. The consent for and security surrounding the information provided by the patients and the companies with whom we work is among our highest priorities - in short, we are committed to protecting your personal information.
Sleep Well Oxford is fully compliant with the current General Data Protection Regulation (GDPR) guidance and are registered with the Information Commissioner's Office (ICO).
This page provides further information about the data we collect, why we collect it and how we use it. It also provides guidance on what you can do if you would like to request a copy of your information, make a complaint or delete your personal information.
How we obtain personal data
Personal data may come to us in several ways. These include:
- Information provided to us through the "Get in touch" form on the website
- Information provided to us via email
- Information discussed either in person, over the internet (e.g. Skype or Zoom), or by telephone.
- Information provided to us by a referrer (e.g. insurance provided, GP, sleep clinic) by formal letter, in person, by email or by telephone.
What personal information we collect
This will vary according to both the nature of the interaction and relationship between you and Sleep Well Oxford. Generally speaking, we may collect:
- Your full name and title
- Your home address (for patients) and business address (for companies)
- Your date of birth
- Information about your healthcare insurance (if applicable)
- Psychometric data (scores for questionnaires used as part of the assessment process)
- Bank account details (for payments and refunds)
- Pertinent clinical information that pertains to your treatment and care
What we do with your personal information
Your personal information is used solely to provide you with the best possible care or service.
For patients, as part of your assessment, consultation and treatment, we will keep accurate and detailed treatment records. These may be both written notes or held electronically. Written notes are stored securely in a dedicated and secure locked filing cabinet and electronic records are securely stored and password protected. Sleep Well Oxford email accounts are protected using random sequence generated passwords that are changed on a regular basis and are only accessible to the individual to whom they are dedicated.
For companies, any information that you provide, either directly or through the process of the discussions and consultations that are had will be stored securely either in paper format or as a password protected electronic file (as above).
None of this information will be shared with any third party unless we have your express consent to do so.
The sole exceptions to this rule are:
a) if we are required to share information by law
b) if your safety or that of someone else is at serious risk
Even in these highly unlikely cases, however, we will discuss the process with you in full and walk you through anything that we have to do together.
Crucially, we will never sell or lease your personal information to any 'third parties' (such as other companies, or marketing agencies).
We also really value feedback, both in terms of helping us develop and provide better services but also to offer new patients and corporate clients the opportunity to hear a little more about what we do and how we do it. We're hugely grateful for the opportunity to use use feedback as part of an anonymised 'testimonial', but wherever we would like to do this we will ask for your explicit consent before doing so. Furthermore, you will always able to rescind this consent at a later stage, including removing the feedback from our records and website.
How we store your personal information
The personal information that we hold digitally is securely stored and password protected. Any written information is held securely in a dedicated and secure locked filing cabinet in a secure location.
We will generally keep personal patient information for a minimum of three years from the date of assessment/primary contact. This is so that if we need to use it again for your care, we have access to it (e.g. if you wanted a further treatment course/top-up). If you wish to have any of your information removed from our records at any time (i.e sooner), you can request to do this at any time.
The right to be FORGOTTEN
You have the express right to have any of your personal information that we hold deleted or removed from our records at any time. This is called the right to be forgotten. In order to do this, we will need to make sure that the request has been made by the person to whom the information pertains and so we may ask a couple of security questions to ensure that this is the case.
Requests can be made directly to firstname.lastname@example.org
Any further information can be requested at email@example.com
Please note, this privacy notice was last updated on 31st July 2018