Who are we?
We are Dr K’s Clinic, Kinross, Rosemary Lane, Burton, Rossett, Wrexham. LL120LA. firstname.lastname@example.org +447711190079
We provide aesthetic treatments to patients.
We use your information as further explained in this Privacy Notice. We’ll be the "controllers" of the information you provide to us.
Our website links to other websites, which will have their own privacy notices and terms.
What does this Privacy Notice cover?
We at Dr K’s Clinic take your personal data seriously. This policy:
- sets out the types of personal data that we collect about you;
- explains how and why we collect and use your personal data;
- explains how long we keep your personal data for;
- explains when, why and with who we will share your personal data;
- sets out the legal basis we have for using your personal data;
- explains the effect of refusing to provide the personal data requested;
- explains where we store your personal data and whether we transfer your data outside of the European Economic Area;
- explains the different rights and choices you have when it comes to your personal data; and explains how you can contact us.
What personal data do we collect about you?
We will collect certain personal information about you in the course of your relationship with us.
This information includes your name, contact details (email, tel, address, company details), photographs.
Where do we collect personal data about you from?
We may collect personal data about you from the following sources:
- Directly from you. This is information you provide to us via our website, or during consultations
- From an agent/third party acting on your behalf. e.g. your doctor or other health care professional
- Through publicly available sources. We use the following public sources:
How and why do we use your personal data?
We use your personal data for the following purposes:
To contact you to discuss the services or products you receive from us (and any changes to them); to respond to any questions or concerns you have raised; to record medical details; to satisfy medicolegal insurance; to deal with administrative matters such as invoicing and renewal; to otherwise carry out our obligations arising under our contract with you and to enforce the same; to carry out anti-money laundering checks; to verify your identity.
We will not use your information for any other purposes unless we are required to do so by law.
How long do we keep your personal data?
How long we keep your information will depend on the purpose for which we use it.
We only keep your information for as long as is reasonably necessary for the purposes set out in this Privacy Notice and to fulfil our medico-legal obligations. We have internal rules that set out how long we retain information.
In summary, however, we will keep your information for the following periods:
Name: 10 years
Contact details: 10 years
Who do we share your personal data with?
We share your personal information with third parties who perform functions on our behalf and who also provide services to us, such as professional advisors, pharmacies, medical equipment suppliers, IT consultants carrying out testing and development work on our business technology systems, research and mailing houses and function co-ordinators.
We share your personal information with our other companies for internal reasons, primarily for business and operational purposes e.g pharmacies to acquire prescriptions on your behalf for treatments.
As we continue to develop our business, we may sell or purchase assets. If another entity acquires us or merges with us your personal information will be disclosed to such entity, within the ethical guidelines set out by the GMC.
If any bankruptcy or reorganization proceeding is brought by or against us, all such information will be considered an asset of ours and as such it is possible they will be sold or transferred to third parties with specific treatment data removed.
Where required we share your personal information with third parties to comply with a medico-legal obligation; when we believe in good faith that an applicable law requires it; at the request of governmental authorities conducting an investigation; to detect and protect against fraud, or any technical or security vulnerabilities; to respond to an emergency; or otherwise to protect the rights, property, safety, or security of third parties, visitors to the our website, our business or the public.
These third parties comply with similar and equally stringent undertakings of privacy and confidentiality.
What legal basis do we have for using your personal data?
We process your information:
- to be able to provide you with products AND/OR services in line with our Terms & Conditions via the Company website
- as this is necessary for the performance of the contract with you or to take steps at your request prior to entering into this contract
as this is necessary in pursuit of our legitimate interests in serving you and making a living.
Do we make automated decisions concerning you?
No, we do not carry out automated decision making or automated profiling.
This website and its content is copyright of "DrKsClinic" - © "DrKsClinic" 2020. All rights reserved.
Any redistribution or reproduction of part or all of the contents in any form is prohibited other than the following:
- you may print or download to a local hard disk extracts for your personal and non-commercial use only
- you may copy the content to individual third parties for their personal use, but only if you acknowledge the website as the source of the material
You may not, except with our express written permission, distribute or commercially exploit the content. Nor may you transmit it or store it in any other website or other form of electronic retrieval system.
Where do we store your personal data? Do we transfer your personal data outside the EEA?
All information you provide to us is stored on our secure servers and on icloud, Dropbox for Business, Sumup or other accounting systems.
How do we keep your personal data secure?
We ensure the security of your personal data by technical security measures in place to protect data e.g. use of encryption, firewalls, password protection, fingerprint technology.
We also take steps to ensure all our subsidiaries, agents, affiliates and suppliers employ adequate levels of security.
What rights do you have in relation to the personal data we hold on you?
By law, you have a number of rights when it comes to your personal data. Further information and advice about your rights can be obtained from the data protection regulator in your country.
|Rights||What does this mean?|
|The right to be informed||You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we’re providing you with the information in this Privacy Notice.|
|The right of access||You have the right to obtain access to your information (if we’re processing it), and certain other information (similar to that provided in this Privacy Notice). This is so you’re aware and can check that we’re using your information in accordance with data protection law.|
|The right to rectification||You are entitled to have your information corrected if it’s inaccurate or incomplete.|
|The right to erasure||This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there’s no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions such as medico-legal caveats.|
|The right to restrict processing||You have rights to ‘block’ or suppress further use of your information. When processing is restricted, we can still store your information, but may not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in future.|
|The right to data portability||You have rights to obtain and reuse your personal data for your own purposes across different services.|
|The right to object to processing||You have the right to object to certain types of processing, including processing based on our legitimate interests and processing for direct marketing (i.e. if you no longer want to be contacted with potential opportunities).|
|The right to lodge a complaint||You have the right to lodge a complaint about the way we handle or process your personal data with your national data protection regulator.|
|The right to withdraw consent||If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful). This includes your right to withdraw consent to us using your personal data for marketing purposes.|
How can you make a request to exercise your rights?
To exercise any of the rights above, or to ask a question, contact us using the details set out at the end of this Privacy Notice.
How will we handle a request to exercise your rights?
We’ll respond as soon as we can. Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we’ll come back to you and let you know.
We usually act on requests and provide information free of charge, but may charge a reasonable fee to cover our administrative costs of providing the information for:
- baseless or excessive/repeated requests, or
- further copies of the same information.
Alternatively, the law may allow us to refuse to act on the request.
How can you contact us?
If you have questions on the processing of your personal data, would like to exercise any of your rights, or are unhappy with how we’ve handled your information, please contact us here: email@example.com
If you’re not satisfied with our response to any complaint or believe our processing of your information does not comply with data protection law, you can make a complaint to the data protection regulator in your country.