With many years of experience, Bolton Osteopathic Clinic are experts in maximising health. Call now for an appointment: 01204361463

Privacy Policy

Clinic Data Protection & Privacy Policy & Procedure

Appointed person with responsibility for data protection Alex Green
Registered with the Information Commissioners Office
Clinic Data Protection Policy
Information Held
The following information is collected: Patient name, address, date of birth, email address, phone numbers, GP details, past medical history, family medical history and case history for treatment carried out at clinic.  All information is given by the patient or their carer, parent or legal guardian.
Data Collection
Information collected is sufficient for the purpose of making informed clinical decisions.

Data is collected verbally on the phone by reception staff or practitioners to book appointments and take contact details.  Medical information is collected by osteopaths verbally at a face to face appointment.

Patient contact details and appointments are stored on the ‘cliniko’ practice management software.  Patient clinical records are a mixture of manual (paper) and electronic.

Data Storage
Information is stored on ‘cliniko’ – A  cloud-based software package who’s data storage servers are either in the EEA or countries that have PNR bilateral agreements with adequate protection for the personal data in question.

Paper notes are stored in a locked filing cabinet when not in use, archived notes are stored in a locked filing cabinet in a locked room until they are due to be securely disposed of.

In the event of the death of the holder of the patient records, access to paper notes is maintained by the owner of the premises: Instructions for obtaining access to electronic records will be stored written down in a safe at the business premises of Bolton Osteopathic Clinic, 50 St George’s Road, Bolton, BL1 2DD.

Data disposal (minimum 8 years, 25 years of age for children)
Records cannot be deleted before statutory requirements for data retention – 8 years or up to 25 years of age for children

Notes are archived after 1 year. They are then securely stored at the business premises.

Notes are destroyed by shredding/incineration after 8 years or 25 years of age for children.

Electronic records are deleted from the system after 8 years or 25 years of age for children

Patient data is also used for appointment reminder text messages, a newsletter and marketing which patients opt in to with a tick box on their first visit.  We check patients still want to receive communications on a regular basis and all communication carries an option to unsubscribe.

We process your data using the lawful basis of consent for marketing, and fulfilment of contract and legitimate interest for processing your medical record and sending you health information and exercises relating to your condition. Your medical record is processed as Special Category Data under Article 9 2(h) of the GDPR.

Parents must give consent for communication with children under 16 years.

Data Sharing
Information is only shared with other persons with patient’s express permission.  This would usually be with other health professionals.  Patient information is never passed on to other practitioners, persons or companies.

Data would extremely rarely be shared without consent if there was a legal order or in cases of serious safety risks.

Data Checks
Every year we perform checks on 25% of our patient’s data records to make sure they are accurate.

And  Every year we check all active patient data is correct.

Access to paper records is restricted to only practitioners and admin staff who have signed a confidentiality agreement.

All electronic data is password protected and access to information is restricted.  Systems are kept updated and antivirus security systems are in place and updated.

We recommend to users that their passwords are changed yearly.

Data breaches will be detected by observing signs of unauthorised entry to storage areas, monitoring communications or becoming aware of a security breach (e.g. a virus or unauthorised log on or change to permissions) on the computer system.  Data breaches will be investigated and reported to the Information Commissioner’s Office within 72 hours by the appointed person.

Patients will be informed if we believe a data breach has occurred.

Patients may contact the Information Commissioner’s Office if they believe a data breach has occurred.  Information Commissioner’s Office: 0303 123 1113

Subject Access Requests
All staff know that subject access requests must be responded to within a month and no charge can be made.

Data is only released on receipt of a signed request from patients or in exceptional circumstances.  Any data sharing is detailed in the patient record.

Patient Rights
Patient’s and anyone we hold data about have some rights under GDPR: You can request to: see your data at any time, move your data to another practice, correct any inaccuracies, prevent marketing. You may request for details to be deleted but due to our legal obligation we cannot delete your health record but we can remove you from our contact list.
Patients or staff may raise any complaints about data processing with our Data Controller who may be contacted at: alex@boltonosteo.com

You may also contact the Information Commissioner’s Office Directly on: 0303 123 1113


Alex Green


Alex sig 300x241 - Privacy Policy


Principal Osteopath & Owner


Bolton Osteopathic Clinic



Review Date:


You can download a copy our Privacy & Data Protection Policy for your own records.

Do NOT follow this link or you will be banned from the site! css.php
Subscribe to our Newsletter
Subscribe to hear the latest news and receive exclusive offers only available to subscribers.