Practice policy: Broughton Veterinary Group (the practice) has a policy of keeping client and patient information confidential, in keeping with the Code of Conduct as set down by the Royal College of Veterinary Surgeons, and in accordance with the General Data Protection Regulations (GDPR). However, veterinary practice is a regulated profession and we may be exempt from some aspects of the GDPR if it would cause a breach in ethics. All employees, locums, and visitors with access beyond the waiting and consulting rooms must sign a confidentiality notice.
Lawful basis for processing your data: The following criteria provides the practice with a lawful basis for processing your personal data (in each criteria listed below, irrespective of how your data may be processed under each criteria, your name and address are used in conjunction with your pet’s name as a vital aid in identifying your pet):
An individual has the right to erase any personal data which has been processed unlawfully.
Registering: “The Owner”; joint ownership; and your agents: when registering as a client, please realise that the name given to us will be “The Owner”, and will be the person we contact to discuss patients, go to for consent, and who is responsible for making payment of our fees (owners must be 18 years of age or over). Therefore in the case of joint ownership, both names should be given. If at a later date, one owner requests the removal of their name from our records, then we will require consent from both owners before we can do so. There may be occasions when you send a friend or relative along with your pet to consult a vet, in which case they will be regarded as your agent, and we will discuss freely any matters relating to that particular visit and any treatment required.
Security: Our computers have anti-virus protection. Computerised client data is stored securely on our password-protected practice management system: RxWorks. We keep minimal paper records, but we retain consent forms etc in files, which are archived on the premises. The data we acquire is legally held for the purpose of providing core veterinary services to our clients. We do not sell any information to third parties. Data breaches must be reported by us to the Information Commissioners Office (ICO).
Acquiring information & personal data held: The vast majority of data held in the practice are in relation to our patients, and GDPR does not cover animals. We only collect sufficient personal data from our clients in order to contact them in relation to their pets’ healthcare, and as a vital aid to identify their pets. The personal data we acquire comes mainly direct from our clients themselves (or sometimes via other veterinary professionals) and is used by the practice in order to provide our clients with core veterinary services. This information consists of: client (owners) names / addresses / telephone numbers / email addresses / tweet addresses / patient details and medical histories / invoices raised / payments received / card payment receipts (merchant copy) /credit control & communications history.
Sharing information: We would share some or all of an individual’s information only with other veterinary professionals, where the owner has given consent to refer a case, for example, to either: another veterinary practice (referrals); veterinary institute (post mortems); laboratory (blood or tissue (etc) sampling & testing); drug manufacturer (adverse drug reactions); microchip companies (registering pets or identifying lost pets); insurance companies (pet insurance claims). Consent to share information is acquired either in writing, or verbally during individual discussions between veterinary staff and owners in regards to their pet’s health and medical treatment; or when a pet insurance claim form is submitted to us by a client for completion.
When a client brings an animal to us for initial or booster vaccination, the client pays us for a service which includes us sending a reminder for the following booster vaccination. This is a service we provide to our clients, and is not marketing. We will provide reminders either by post / text / email or tweet. Clients can change their mind at any time – we must implement that change within 30 days. Vaccination reminders are either produced in-house, or externally by the manufacturer of the relevant vaccination. In these cases the relevant owner’s name and address and their patient’s name are shared with the relevant manufacturer, with whom we hold a contract purely for the production of vaccination reminders, with a guarantee that information provided is not shared or sold elsewhere, and that their processes comply with GDPR.
Retention of client records: Please note GDPR does not apply to animals, and patient medical history is retained indefinitely. It can be deactivated at any time (for example, when they have died) or upon request of the owner. Client records on RxWorks are retained indefinitely, but can be deactivated at any time (for example, if a client stops using our services).
Disposal of client records: Archived paper records are kept for 7 years, and then destroyed by a Confidential Waste Destruction company.
Your Rights: The GDPR aims to provide the individual with more control over what happens with their personal data, and you have statutory rights as listed below. To make a request relating to any of the following rights, please do so either in writing or verbally to us at the practice – see ‘Contact the Practice’ further down the page for details. Our response to your request will be provided free of charge, (but we have the right to charge an administration fee for unfounded, excessive or repetitive requests).
We aim to address your objections without delay, (but the GDPR gives a timescale of within one month of receipt of the request)
Contact the Practice: In relation to any matters in this Privacy Notice, our contact details are as follows:
To lodge a complaint with a supervisory authority: please contact the ICO or RCVS as follows:
Broughton Veterinary Group is the trading name of Broughton Vet Group Ltd Company number 9243007 registered in England and Wales Registered Office: 12 Swannington Road, Broughton Astley, Leicester, LE9 6TU