Privacy Policy

1. General Policy

The Data Protection Act 1998 (DPA) (the General Data Protection Regulation GDPR from May 2018) protects the rights of individuals by setting out certain rules as to what organisations can and cannot do with information about people.  A key element to this is the principle to process individuals’ data lawfully and fairly. In order to meet the fairness part of this we need to provide information on how we process personal data.  The College takes its obligations under the DPA 1998 very seriously and will always ensure personal data is collected, handled, stored and shared in a secure manner.

We invite you to read this privacy policy which explains our privacy practices and how we treat your information.  It describes the type of information collected and created in connection with you, how and why we use such information, who we share it with and your legal rights.  Unless indicated otherwise, this privacy policy applies to all our teaching clinics, administration and digital sites (all our website and social media sites).  Nothing has changed with how your information is held or processed.  However, we have taken the opportunity to improve the way we describe our practices and how we explain the options you have to update, manage and delete your data.

For residents of the EU, please note that this Policy has been updated in accordance with the requirements of EU General Data Protection Regulation (GDPR).  For residents outside the EU, by visiting our digital sites you consent to and authorise our using your personal information as described in this policy.

Your data controller is The College of Osteopaths. The College’s Data Protection Officer is: Ms Pascale Fanning-Tichborne, Governor (Equality, Diversity & Governance)

2. General Data Protection Rights

You have the following main rights:

• To be informed about how and why we gather your personal information, how we keep it and what we do with it.
• To access the personal data we hold about you.
• To have the information rectified if it is inaccurate or incomplete.
• To have your information removed from our records if there is no longer any justification for us to keep it.
• To prevent direct marketing without your consent.
• To request that your data be copied or transferred to another organisation in certain circumstances.
• To complain to us and/or to the Information Commissioner’s Office if your information is being used unlawfully.

The following sections now specifically relate to Students (Section 3) and Patients (Section 4).

3. Data Protection Rights – Students

The College of Osteopaths gathers and uses personal data about you if you ask for information about the programme, apply to join us, while you are a current student and after you leave and become one of our alumni. It is necessary for us to do this to be able to provide you with teaching, research, administrative and personal support, and also so that we can discharge our legal obligations.

This Privacy Statement tells you what personal data we collect about you, how we use the data and who might see it.

Please note that we may have to amend this Statement from time to time to reflect changes in how we use personal data or to keep up with best practice, but we will only do this in line with the underlying principle on which this Statement is based – respect for your personal data.  Although this Statement is primarily intended for current and former students of The College of Osteopaths we also retain information relating to unsuccessful applications and open day enquiries.  We do this for audit and statistical and purposes and in case we receive a complaint or appeal.

3.1        The types of personal data we hold

The information we hold includes the details provided by you on application and enrolment, together with data which is collected during and after your studies. This can include sensitive personal data. The College is likely to hold the following information about you:

• Your name, address and contact details, including your telephone number and email address
• Your date and place of birth
• Your nationality and any other information about your ethnicity
• Your qualifications and other academic records
• Any disabilities or other medical information relating to your physical and mental health or condition which you disclose to the College
• Information relating to fees and any sponsorships relevant to your studies
• Your attendance record and the use you make of College facilities such as the virtual learning environment (including Blackboard) and the library.
• Details of any disciplinary action which is taken against you or in which you are involved
• The commission or alleged commission of any offence by you and any proceedings for an offence committed or alleged to have been committed by you (including the outcome or sentence in such proceedings).
• The College will also have a digital photograph of you.

3.2       Sharing your personal data

The College of Osteopaths is committed to respecting and protecting your personal data. Data is not normally shared with anyone outside the College. This includes your spouse, parents, or other family members, unless you give us your explicit permission to share it or because, in exceptional circumstances, we have reason to believe that your health or safety or the health and safety of a third party is at risk.

The purposes for which the College may process your personal data (including sensitive personal data) include:

• the administration of your enrolment on and participation on a Programme, including the administration of examinations, the issue of results and certificates in connection with the Programme and (where applicable) the provision to your employer or other sponsor/corporate sponsor information about your attendance and performance on a Programme;
• in relation to patient complaints during or after you have left the programme;
• the provision of College services and facilities to you and the protection of your health, safety and welfare whilst at the College (which in either case may involve the College disclosing your personal data to the university’s student support or occupational health service and other third parties);
• the issue and operation of the College’s “Identity Card” or the operation of other identity cards that the College accepts;
• the collection of tuition fees and other College fees;
• equal opportunities monitoring;
• the provision of alumni activities;
• the provision of references about you;
• the provision of information to any government body or agency; and
• For safety purposes (for example use of CCTV monitoring in areas of the College).

If data is to be shared with overseas organisations which are not subject to broadly similar rights to those you have in the United Kingdom, the College will first take all reasonable steps to establish that appropriate safeguards are in place at the recipient organisation.

We may be required to share data with partner universities in relation to your studies.

You should also be aware that there are some circumstances in which we are required by law to disclose the information we have about you to external organisations. These organisations include; the Higher Education Statistics Agency (HESA); the Students Loans (SLC) authorities; Local Authorities; the police and other bodies with enforcement powers where disclosure is necessary for the prevention or detection of crime; the Independent Safeguarding Authority; the UK Visas & Immigration (UKVI); and to professional bodies and regulators.

If you are receiving a sponsorship or scholarship or other type of funding, it may be necessary to disclose information about your progress to the person or body supporting you.

If your course requires you to spend time at another institution, or if you are with us as a visitor from another institution, we may need to share some information about you with the other institution to allow it to fulfil its duties.

3.3        Filming and Photography

Filming/ photos/ audio capture is prohibited in clinic but where filming or photography is carried out by or for the College, the College will take reasonable steps to ensure that students are aware that this is taking place so that they have the opportunity not to participate.  Your consent for participation will also be recorded separately during any filming or photography.  You can withdraw your consent at any time by writing to the data controller.

 3.4        After you leave the College

After you leave us, the College will continue to maintain information about you for historical and statistical purposes. This will include your academic record so that we can provide confirmation of your qualifications. Some information will be kept permanently, other information will eventually be destroyed in accordance with the College’s policy on document storage and timeframe for destruction of records.

The College would like to maintain contact with you as one of our Alumni. This means we will ask separately for your consent to allow us to send you communications about various activities and events which may interest you, and information about how you might be able to help us with our fundraising to support the College into the future.

3.5         How long does the College keep personal data?

The college takes its obligations under the DPA very seriously in terms of not holding onto personal data for any longer than is necessary. The college has a retention schedule in place for the different categories of data it holds. Once you have left the college / completed your studies your personal record is kept for 8 years.

In some cases, there are good reasons as to why the college needs to retain data about students and other individuals for a significant period of time. The most important reasons are outlined below:

• in order that student awards can be verified in the long-term;
• to produce transcripts and references;
• for alumni services and ongoing relations with the University;
• for careers and employability services;
• to deal with complaints, appeals and disciplinary cases;
• for statutory reporting purposes and in order to complete statutory surveys such as the HESA Graduate Outcome survey;
• to produce references.

4. Data Protection Rights – Patients

The College of Osteopaths gathers and uses personal data about you when you come to us for treatment.

This Privacy Statement tells you what personal data we collect about you, how we use the data and who might see it. Please note that we may have to amend this Statement from time to time to reflect changes in how we use personal data or to keep up with best practice, but we will only do this in line with the underlying principle on which this Statement is based – respect for your personal data.

Our legal bases for collecting, using, sharing and otherwise processing your information are outlined below.

4.1        The types of personal data we hold

The information we hold includes the details provided by you during your appointments with us.  This can include sensitive personal data. The College is likely to hold the following information about you:

• Your name, address and contact details, including your telephone number and email address
• Your date of birth
• Your nationality and any other information about your ethnicity
• Details relating to your medical history, treatment plans and outcomes.

The information we collect about you is used to:

• Create your treatment plan
• Create opportunities for learning (anonymised)
• Research projects by our students (anonymised)
• Create presentations by our students (anonymised)
• Contact you regarding your current treatment
• Contact you regarding future treatment
• Contact you regarding special offers and news if permission is given.

4.2        How long does the College keep personal data?

As a patient, we are legally obliged to keep all of your medical records for a minimum of eight years after the conclusion of treatment.  Children’s notes are kept for a minimum of 8 years or until their 25th birthday, whichever is the longest.

Medical records are kept securely in locked filing cabinets and only accessed by staff and students at The College of Osteopaths.

When you visit us you will be asked for 4 types of consent:

• Consent to treatment (written).
• Consent for specific techniques will be explained and requested during treatment. This ensures that you have understood risks and benefits of treatment being offered to you (this may be written and / or verbal).
• Consent to use data from treatment files in research (written). We are a teaching clinic and our students are completing a course which requires them to gather raw data.  That data is anonymised so that it cannot be traced back to an original patient but the key characteristics can be used to formulate, prove and disprove hypotheses or used as examples of interesting cases for the purpose of learning.
• Consent to contact you by email, text or post regarding future treatment, special offers and news (written).

4.3        Sharing your personal data

The College of Osteopaths is committed to respecting and protecting your personal data. Data is not normally shared with anyone outside the College. This includes your spouse, parents, other family members or medical professionals unless you give us your permission to share it or because, in exceptional circumstances, we have reason to believe that your health or safety or the health and safety of a third party is at risk.

The purposes for which the College may process your personal data (including sensitive personal data) include:

• the provision of treatment;
• data used in relation to research. We are a teaching clinic and our students are completing a course which requires them to gather raw data. That data is anonymised so that it cannot be traced back to an original patient but the key characteristics can be used to formulate, prove and disprove hypotheses or used as examples of interesting cases for the purpose of learning;
• referring your to other health professionals or services;
• to fulfill legal obligations;
• in the event of a complaint.

See also 3.2.

 Further information and contacts

If you:

• require further information about how the College manages personal data or have any questions relating to this Privacy Statement,
• wish to access the personal data held by the College about you
• wish to up-date your information, including your address and preferred contact details, or if you wish to change your preferences relating to any consents you have given

please contact:

Lottie Morris, Practice Manager  l.morris@collegeofosteopaths.ac.uk regarding patient data.

Rachel Gold, Senior Admin & Quality Manager r.gold@collegeofosteopaths.ac.uk re student data.

Further information about the College’s Freedom of Information Regulations can be found below

If you wish to complain about the College with regards to how your data is kept and handled you may contact the Information Commissioner at the following address:

Customer Contact

Information Commissioners Office

Wycliffe House

Water Lane

Wilmslow

Cheshire  SK9 5AF

Email: icocasework@ico.org.uk

Tel: 0303 123 1113

Or review their available documentation:

ico.org.uk-personal-information-complaints-form.pdf

ico.org.uk-make-a-complaint-online-form

 

College of Osteopaths Freedom of Information Regulations

Introduction

The College of Osteopaths, as a Public Authority, is committed to the principles underlying the

Freedom of Information Act 2002 (“FOIA”). This legislation provides a general ‘right of access’ to

much of the information held by the College, in order to ensure openness, transparency and

accountability. The College of Osteopaths fully recognises this ‘right to access’ and will not restrict access to information unless a statutory exemption applies.

The College therefore commits to:

• Make publicly available all Policies, Procedures and Minutes of meetings.
• Ensure all requests for information are dealt with in an efficient, timely and helpful manner, in accordance with the section 60 Code of Practice on the Discharge of Functions which accompanies FOIA.
• Apply due consideration as to whether information should be disclosed in those instances where a statutory exemption or exception applies.

2. Scope of Policy

This policy has been established to ensure that the College of Osteopaths complies with FOIA.

Information ‘held’ by the College includes information created or received, regardless of

format, as well as information held by third parties on the College’s behalf.

3. Responsibilities

3.1 The College of Osteopaths has a responsibility to implement the provisions of FOIA.

The College must therefore maintain a general ‘right of access’ to the information it holds, and maintain its records in accordance with the regulatory environment as set down in the section 61 Code of Practice: Records Management that accompanies FOIA.

3.2 The Board of Governors have overall institutional responsibility and acts as a central

point of contact for enquirers, it also has responsibility for:

1. a) The management of, and response to, those non-routine Information Requests

made to the College where the Act’s exemptions or exceptions, as appropriate,

are applicable

1. b) The development of guidance and training for staff on FOI issues
2. c) The provision of the administrative structure for all Requests for Review received by the College under the OIA College of Osteopaths Freedom of Information Regulations
3. d) The coordination of contact between the College and the Information

Commissioner.

3.3 The Principal is responsible for:

1. a) Ensuring compliance with this Policy.

3.4 Data stewards are responsible for:

a) Liaising with the Data Protection Officer to retrieve information and respond to non-routine requests for information

b) Collating and checking the accuracy of responses from the College

c) Providing advice and guidance to staff

The data stewards are  Bursar for staff; Clinic Operations Manager for patients and Registrar for student.

3.5 All members of College staff are responsible for:

a) Familiarising themselves with this Policy and associated guidelines

b) Providing general advice and assistance to those requesting information

c) Seek advice from, and liaising with, their local Data Steward as soon as possible after a request is received

d) Managing documents and records in accordance with College procedures written within the Employee Handbook and Policy on Storing Documents.

e) Responding to routine “business as usual” requests for information.

4. Breaches of this Code of practice

4.1 Compliance with this Policy is compulsory for all staff employed by the College of Osteopaths and any member of staff who fails to comply with this Policy may be subject to disciplinary action.