FASIC Patient Privacy Notice
University of Edinburgh FASIC Sport & Exercise Medicine Clinic Privacy Statement
For information about your privacy for events and courses please refer to the University of Edinburgh Sport & Exercise's Privacy Statement
Section 1: Where does FASIC Sport & Exercise Medicine Clinic get your personal data from?
- You provide us with your: Name, Address, Date of Birth, Contact telephone number(s) and email, and your GP name and practice address. If you are accessing one of our discount rates for services, you provide your matriculation number (student), staff number or a business contact from the sports / school organisation you are affiliated with.
- We also document information in your medical record relating to your assessment, treatment and health management plan. The telephone and email information you provide us will be used to manage your bookings, and share information about your health issue with you.
Section 2: Purposes for processing
- The University processes your data in order to manage your health record, as we have a contract with you to provide services. This forms the legal basis for why the University stores and processes your data.
Section 3: Information about you: how we use it and with whom we share it
- The University uses an external practice management company and its servers to store your information on the University’s behalf, currently Bluezinc. The information you have provided is still considered to be used by the University for the University’s purposes and will be as secure as though stored within the University. View their privacy notice at https://www.tm3practicemanagement.com/information/policy/
- The University also uses a company called Physiotec to email you a copy of your home exercise programme, and to process this on the University’s behalf, they store a copy of your email address on their UK servers (Amazon)
- Sharing information with other health and sport professionals
- Your data will be shared with your GP or other Consultant / Health professional, in the form of a referral and / or discharge letter, in order to access services for you and to maintain your central NHS health record
- Where you have funding from sportScotland, your medical record will be maintained by the University using password protected access to their online record keeping system PDMS. The University may share health information with sports, health and coaching staff from sportScotland and other sports governing bodies, with your expressed consent
Sharing information with other health and sport professionals
- Your data will be shared with your GP or other Consultant / Health professional, in the form of a referral and / or discharge letter, in order to access services for you and to maintain your central NHS health record.
- Where you have funding from sportScotland, your medical record will be maintained by the University using password protected access to their online record keeping system smartabase. The University may share health information with sports, health and coaching staff from sportScotland and other sports governing bodies, with your expressed consent.
Sharing information with insurers
- We may be asked to share information about you with your insurer for the following purposes:
- to provide clinical quality information;
- to allow them to make a funding decision on behalf of a patient;
- to invoice them for services the University provides to insured patients;
- to notify them of any serious incidents, or
- to assist them when investigating an insured patient’s complaint.
- We will not share your data with any third party.
Section 4: Further Information
- We do not use profiling or automated decision-making processes. Some processes are semi-automated (such as anti-fraud data matching) but a human decision maker will always be involved before any decision is reached in relation to you.
Retention of data and your rights
- For information about how long your data is held, please consult full retention schedules at https://digital.nhs.uk/codes-of-practice-handling-information. In most cases, retention of medical records for an adult is 8 years and for a child this is until their 25th birthday.
- You have the right to request access to, copies of and rectification or erasure of personal data held by the University and can request that we restrict processing or object to processing, as well as the right to data portability (i.e. the right to ask us to put your data into a format that means it can be transferred easily to a different organisation). If you wish to make use of one of these rights, please email your local contact email@example.com.
- The University have asked for your consent in order to assess and manage your health issue according to best practice and to process your personal data. You can withdraw this consent in whole or part at any time. To withdraw consent, please email your local contact firstname.lastname@example.org who will explain the consequences of doing so in any particular case and initiate proceedings for withdrawing consent.
Data controller and contact details
- For data collected under this privacy notice, the University of Edinburgh (the “University”) is the Data Controller (as that term is defined in the EU General Data Protection Regulation (Regulation (EU) 2016/679), registered with the Information Commissioner’s Office, Registration Number Z6426984
- You can contact our Data Protection Officer at email@example.com. Our data protection policy is on our website at http://www.ed.ac.uk/records-management/data-protection/data-protection-policy
Transfers outside the EEA
- The University will only transfer data to countries outside the EEA when satisfied that both the party which handles the data and the country it is processing it in provide adequate safeguards for personal privacy. Details of such transfers and safeguards are on our website.
- If you are unhappy with the way we have processed your personal data you have the right to complain to the Information Commissioner’s Office at firstname.lastname@example.org but we ask that you raise the issue with our Data Protection Officer first. If you have any questions, please contact Heather Binnington, Sport & Exercise Medicine Manager, email@example.com or 0131 650 2578.