This notice explains our commitment meet the requirements of the General Data Protection Regulation effective 25th May 2018.
The categories of personal information we process are:
- Special category data including health information for healthcare delivery.
- Client information for direct marketing by mail/email/text messaging.
- Staff records for contracted/self-contracted personnel management.
- Special category data including health records and CRB checks for contracted/self-contracted personnel management.
- The law requires us to have a legal basis for processing personal data.
- ‘Processing’ entails collection, creation, storage, amendment, erasure and disposal of information including contact details and ‘special category data’ relating to health information.
- Any information we obtain is considered the minimum necessary for us to provide the treatments requested and also for insurance purposes.
- Our lawful basis for processing ‘special category data’ is ‘contract’ and this means that we have a legal reason to ask for the data because we need it for contractual reasons.
- If personal data is not shared with us, we cannot offer a treatment. Patients/Clients must fulfil their side of the contract (share their personal information) in order for us to fulfil ours (carry out treatment).
- Our lawful basis for processing personal information for marketing purposes is ‘consent’.
- Information is never passed on to a third party unless we have been given permission to do so.
- There are no mandatory periods for retaining personal data but retention should be no longer than necessary.
- Consensus and/or regulation indicates that the minimum retention period for special data (medical, CRB information) is 7 years……the minimum retention period for staff/client data is 6 years…… payroll data should be retained for a minimum of 3 years.
- Generally all Clients/patients/personnel have the following rights and they can usually be exercised free of charge. Reasons will be given if we are unable to comply with a request concerning personal data.
The right to be informed – in a concise, transparent, intelligible and easily accessible way.
The right of access – to have information held on file supplied within a month of request.
The right of rectification – correcting inaccurate information or updating incomplete data.
The right to erasure – but there may be an overriding contractual/legal requirement.
The right to restrict processing – to place limits on how the information is used.
The right to data portability – information provided may be forwarded to a third party.
The right to object – particularly with respect to direct marketing.
The right to complain – preferably to us in the first instance.
- We don’t collect personal data from individuals browsing our website. However, general information about visitor behaviour patterns is obtained using cookies.
- No attempt is made to discover the identities of those browsing our website.
- Our Data protection policy may be subject to change from time to time and updates will be posted on this website.
- If you contact us using the contact form on our website, or via an email link on one of our website pages, none of the data you provide will be stored in our website's database. Email enquiries we receive via the website are stored on a UK based server. Our office staff retrieve these emails and may store them on (or delete them from) the server, or their office computers in order to carry out their normal day-to-day activities efficiently. When contacting us via email, we recommend that you only provide us with information that you consider necessary for us to give you an accurate response. In other words, please avoid sending us confidential or otherwise sensitive information in your email.
More about cookies
You can choose to accept or decline cookies by altering the setting in your web browser e.g Chrome, Firefox etc. Although most web browsers automatically accept cookies, you can usually modify your browser setting to decline cookies to suit your preferences. However, this may affect your browsing experience. If you wish to prevent cookies from this website being stored on your computer, please disable them in your browser or navigate away and clear any cookies that have been set.
In general, cookies on this website are used for:
- Analytical/performance purposes which allow us to recognise and calculate the number of visitors and to see how visitors navigate around the website when they are using it.
- Sharing purposes – this allows you to share pages with social networks such as Facebook and Twitter.
This website is maintained by Smart Digital Solutions who use 34SP to provide a managed VPS (Virtual Private Server) hosting environment. The server is based in Manchester, UK. All traffic (transferral of files) between this website and your browser is encrypted and delivered over HTTPS.
We take data breaches seriously. In accordance with the ICO's guidelines on this, we will report any unlawful personal data breach stored in an identifiable manner to the relevant individuals within 72 hours of becoming aware of it. This is dependent on whether or not it is deemed to be a 'high risk to the rights and freedoms of individuals'.
This page may change from time to time to take into account an errors, omissions or changes of legislation. As it's not practical to notify all clients or website users of these changes, we recommend that you check this page occasionally for any changes.
- At this clinic, the vast majority of information retained is in hard copy format and held under lock and key. Authorised personnel have access only to the aspect of our service that they are personally involved in.
- Appointments are stored on a computer and contact details are obtained to enable us to notify patients/clients in the event of a change of circumstance that prevents us from honouring the appointment.
- In all cases a request is made prior to storing any personal information.
- Computers are put into password protected mode if left unattended for any period of time.
- Currently, address details are retained on computer only for those who have attended for treatments at this clinic, not for the slimming clinic.
- Access to ‘special category data’ is available only to those who have undergone a Criminal Records Bureau check.
- Awareness at all times is required to ensure others cannot overhear discussion about confidential information.
- All person identifiable or confidential information is stored in locked storage places when access is not directly controlled or supervised.
- Advice from the Data Controller should be obtained if there is a request to share patient/client/personnel identifiable information with any third party without the consent of the individual concerned.
- We participate in training and awareness sessions on confidentiality issues.
- Disposal of hard copy data is carried out by shredding or incineration as soon as the information is no longer required.
In the first instance complaints about the way in which your data is processed should be directed to:
The Data Protection Officer
Essex, SS8 9XD or calling 01268 694065
If a satisfactory solution is not found the supervisory authority can be contacted at: https://ico.org.uk
Or by post to:
The Commissioner’s Office
Cheshire, SK9 5AF or by calling: 0303 123 1113
Last reviewed 21/05/18