How information about you will be used
What are the main principles of holding my data?
1. All data we process, is processed legally in accordance with the GDPR regulation
2. All data we collect is for a specific purpose i.e to ensure safety prior to treatment.
3. All data we collect is relevant and limited to the purpose we require it for
4. We will keep your data in a format which is easy to locate and will not be held longer than required
5. Your data will be stored securely on a password protected device so it cannot be accidentally lost, destroyed or damaged.
Why do we require your data?
We hold your data from a medical consent form you have signed prior to your treatment. We therefore hold some of your personal details. This is to then provide you with your chosen service.
The data we process is not usually publically available, however we may require information from third parties where you have consented for them to hold your data where there is interest to do so.
What data will you hold on me?
We will only hold data on you which you have provided. Usually this is information you have provided on our medical consent forms prior to treatment. This includes your Name, DOB, contact details and medical history.
We require the use of patient photographs/videos pre and post treatment and where permission is sought we may use these for social media and marketing purposes.
We will also hold necessary data in order to pursue our legitimate interests including keeping you up to date with our services.
How will you use my personal information?
Our use of your data will be to allow us to supply our services, ensure your contractual obligation is met and to protect your vital interests. This includes:
• providing your treatment
• ensuring your treatment is safe;
• making reasonable adjustments;
• providing healthcare professionals with information about treatment where this is vital to your health;
• providing credit;
• statistical analysis;
We will only use your personal data for marketing purposes where you have agreed with us we can do so in advance or where you have previously been a customer of ours. We will never pass your data onto a third party for marketing purposes.
The processing of your data is necessary for the performance of the contract you entered into with us.
Who will you share my data with?
All the personal data we hold about you will be processed within the EU or to any country that can guarantee adequate protection under the data protection legislation.
We process your data to the following organisations:
• Waiver Electronic - as this firm provides computer systems we use, they do not pass your data to any other third party.
• Microsoft as this firm provides computer systems we use, they do not pass your data to any other third party.
• DropBox to store data, they do not pass your data onto any other third party.
We may disclose information outside of these groups to help prevent fraud, or if required to do so by law.
Sensitive personal data
It would benefit you to notify us of any health condition, disability, treatment history and/or personal information relating to your treatment with us. This will allow us to take reasonable steps to accommodate your needs or requirements and to ensure safe treatment.
We will require your explicit consent to process this information, unless the processing of this data is deemed to be in your ‘vital interest’. This information will be used by us to assist you and will be kept as long as it is required for this purpose.
Where we have asked you for permission to keep you up to date with our services and you have agreed we will contact you at reasonable intervals to keep you up to date. Equally we may do so where you have previously been a customer. You have the right to withdraw consent at any point and can do so by emailing: firstname.lastname@example.org
How long is my data retained?
We will generally retain your data for six years after our services have finished, after which time it will be deleted or anonymised if it is no longer required for the lawful purpose for which it was obtained. However where the data is required to ensure your vital interests, an example of this is the treatment received, we will maintain this indefinitely.
What are my rights?
Under data protection legislation you have several rights regarding the use of your personal data, as follows:
• If at any point you wish to either confirm whether your personal data is being processed and/or you require access to the data we hold on you, you can request to see this information, and we will respond within a month.
• You also have the right for certain data you have provided us with to be provided to you in structured and commonly used electronic format (for example, a Microsoft Excel file), so that you can move, copy or transfer this data easily to another data controller.
• You are entitled to have data corrected if it is inaccurate or incomplete.
• Whilst you are entitled to have data deleted if it is no longer needed or there is no longer a legitimate reason for processing, or the data is question has otherwise unlawfully been processed, it is unlikely we will delete your data unless you have settled the account or it is closed
• You have the right to object to the processing of your personal data.
• You have the right to restrict the processing of your personal data under certain circumstances, including if you have contested its accuracy, or if we are reviewing an objection you have raised in relation to its processing.
How to complain about the use of your data
If you wish to raise a complaint about how we handle your personal data, including in relation to any of the rights outlined above, you can contact us at email@example.com or write to us at 10 Commercial Rd. LS5 3AQ.
If you are not satisfied with our response, or believe we are processing your data unfairly or unlawfully, you can complain to the Information Commissioner’s Office (ICO). You can find further information about the ICO and their complaints procedure here: https://ico.org.uk/concerns/