GDPR (General Data Protection Regulation) Compliance Policy, for data held by the Aspen Veterinary Practice in Abbey Wood and Sidcup
Why we collect your personal data and what we do with it
When you register your pet or pets with Aspen Vets at Abbey Wood or Sidcup, they are stored and processed for the following reasons;
We need to collect your personal information in order to provide you with the veterinary services you have requested we undertake on your behalf to keep your pets happy and healthy.
This request and our agreement to provide veterinary services constitutes a contract and we will therefore require the ability to process your data in order to fulfil this contract and provide the services to the standards expected by The Royal College of Veterinary Surgeons.
Please note that GDPR legislation ONLY pertains to data on people and not animals.
We collect, store and process this information based upon a 'Legitimate & Medical Interest' because without it we would be unable to provide you with the veterinary services, such as
- Annual Vaccinations/Health Checks/Blood tests etc, reminders, although the responsibility to keep them up to date remains with you
- Emergency treatments
- Progress reports on your pets' recovery
We may also occasionally send you a newsletter, or information that we feel would benefit the health and wellbeing of your pets and could be of interest to you, as the owner. You may withdraw this consent at any time, by clicking the unsubscribe option which can be found at the top and bottom of each email, or by emailing firstname.lastname@example.org
Personal data may be provided to Aspen Vets in a number of ways including directly from you (email, post, in person, website), recommendations or forwarding of relevant information from associated parties (such as other veterinary agencies).
The record keeping requirements for Veterinary Medicinal Products (VMPs) are set out in the Veterinary Medicines Regulations (VMRs). Records of the retail supply (which includes administration) of POM-V and POM-VPS medicines must be kept for 5 years.
It is Aspen's policy to to retain your records, including vacination records for 5 years post completion of the last veterinary procedure. After which time you can ask that we delete your records if you so wish. You may do this by contacting any member of our team by phone, email [email protected] Should we not be requested to delete your records, these will be retained indefinitely in order for us to provide a better service at a later date without having to collect personal data again.
Your records are stored electronically on our office computers and hardcopies are stored in a locked facility. Electronic records are backed up daily and stored securely in the cloud.
Third-Parties / Outsourced Providers:
We will never share your data with any third party without your prior written or verbal consent. Only the following people/agencies will/could have access to your data;
• Members of the Aspen Vets team, to provide you with services
• IT service company who manage our IT and servers
• Website Development company who manage our website
• Government agencies should this be required for fulfilment of contract
Data Access Requests:
Under professional guidelines set by the RCVS, clinical and client records including diagnostic images and similar records, are the property of, and are retained by Aspen Vets in the interests of animal welfare and for our own protection. Although you do not own your pets' clinical records, you have the right to access information and you can do this by contacting any member of the team or emailing email@example.com and submitting a “Subject Access Request”. We will respond to this request within one calendar month.
Access if you change vet to or from Aspen
Under RCVS guidelines, at your request we must provide copies of any relevant clinical and client records. This includes relevant records which have come from other practices, if they relate to the same animal and the same client, but does not include records which relate to the same animal but a different client.
In addition to this, you also have the right to request that we update any information that you believe to be incorrect. It is likely that this request will be dealt with immediately, however we will respond to this request within one calendar month. This can be done by contacting any member of our team by email, phone or website contact form or emailing firstname.lastname@example.org
If you decide that you don’t want us to contact you anymore, you are welcome to email us at email@example.com to ask us to stop. This request will be reviewed and we will respond to you within one calendar month. If you are asking us to stop sending marketing information, we will do so immediately. You are also able to click on the unsubscribe link at the bottom of any communications. If you would like us to erase all of the data we store and process for you, or you would like us to update or amend data held, please email us at firstname.lastname@example.org. We will respond to your request within one calendar month but hopefully sooner.
If you feel that we have mishandled or breached our responsibilities in handling your personal data, please contact our Data Controller at email@example.com. We are strongly committed to protecting your personal data. Should you be unsatisfied with our response, you have the right to raise your concern directly with the Information Commissioner’s Office, the UK Data Protection Supervisory Authority.