1. Important notice>
You have the right to object to us processing your personal data for our legitimate business interests or for direct marketing purposes (including any related profiling). For more information about your rights and how you can exercise them, please see the section Your rights.
2. Personal Data we may collect and why
Personal data is any information which identifies you personally whether directly (for example, your name) or indirectly (for example, information about your use of our products and services).
We may collect the following data about you:
• Contact details: your name, email address, and telephone number so that we can contact you in response to an enquiry you make via our
Site or in relation to the products and services that we have from time to time agreed to provide to you;
• Correspondence: we collect any additional personal data you may provide to us from time to time if you contact us by email, letter or
telephone, through our Site, by submitting a comment on our Site, or by any other means;
• Transaction details: we or our third party providers will collect information relating to transactions you carry out through our Site and
for the purposes of fulfilling your orders;
• Details of visits to the Sites: details of your visits to our Site, including, but not limited to, traffic data, location data, weblogs and other
communication data, whether this is required for our own billing purposes or otherwise and the resources that you access.
3. How we use your personal data
We use your personal data for the following purposes:
To provide you with the service you have requested
For the purpose of providing treatment, we may require detailed medical information. We will only collect what is relevant and necessary for your treatment. When you visit our practice, we will make notes which may include details concerning your medication, treatment and other issues affecting your heath. This data is always held securely, is not shared with anyone not involved in your treatment.
Contact details provided by you such as telephone numbers, email addresses, postal addresses may be used to remind you of future appointments or provide you with other information concerning your treatment.
As part of our obligations as primary healthcare practitioner, there may be circumstances related to your treatment , on-going care or medical diagnosis that will require the sharing of your medical records with other healthcare practitioners e.g. GP’s, Consultants, surgeons and/or medical insurance companies. Where this is require, we will always inform you first unless we are under a legal obligation to comply.
If you have provided your consent or we otherwise have the right to do so, we may use your contact details to send you direct marketing and keep you informed of promotional offers by email, SMS, post or telephone relating to our products and services.
You can unsubscribe from our direct marketing at any time by contacting us by email at firstname.lastname@example.org
To track your usage of our website, communications, products and services
To provide and improve customer support
We use your personal data to be able to provide and improve the customer support we provide to you (for example, where you have questions about our products and services).
To maintain our records and improve data accuracy
Like any business, we process personal data in the course of maintaining and administering our internal records. This includes processing your personal data to ensure that the information we hold about you is kept up to date and accurate.
To respond to enquiries, complaints and disputes
We use the personal data we hold about you to help us respond to any enquiries or complaints you have made, or deal with any dispute which may arise in the course of us providing our products and services to you, in the most effective manner.
To investigate, detect and prevent fraud and comply with our legal obligations
In certain circumstances, we use your personal data only to the extent required in order to enable us to comply with our legal obligations, including for fraud detection, investigation and prevention purposes. This may require us to provide your personal data to law enforcement agencies if they request it.
4. Legal grounds for processing
Data protection law requires us to only process your personal data if we satisfy one or more legal grounds. These are set out in data protection law and we rely on a number of different grounds for the processing we carry out. These are as follows:
In certain circumstances, we process your personal data after obtaining your consent to do so for the purposes of:
• sending you marketing communications about our products and services;
• conducting marketing research;
Necessary for the performance of a contract and to comply with our legal obligations
It is necessary for us to process your basic contact details, payment details and information about the business you represent for the
performance of the Trading Terms or Terms of Trading between us. In particular, we rely on this legal ground to:
• provide you with the products and services;
• communicate with you about the products and services that we provide to you, including to let you know about major changes to those
products and services or to the Trading Terms or Terms of Trading between us or to any related information;
• provide and improve customer support; and
• notify you about changes to our service
If you choose not to give some or all of the aforementioned information to us, this may affect our ability to provide our products and
services to you.
In certain circumstances, we also use your personal data only to the extent required in order to enable us to comply with our legal
obligations, including to detect, investigate and prevent fraud.
Necessary for the purposes of our legitimate business interests or those of a third party
It is sometimes necessary to collect and use your personal data for the purposes of our legitimate interests as a business, which are to:
• provide you with products and services that are as useful and beneficial as possible, including by personalising our contact with you and
making sure we tell you about all the offers that are relevant to you;
• better understand our customer base so that we can improve our products and services and marketing activities (which could also
• comply with our contractual obligations to third parties;
• develop and improve our Site to enhance the customer experience;
• train our staff so that we can provide you with a better customer service;
• respond to any enquiries or complaints you have made, or deal with any dispute which may arise in the course of us providing our
products and services to you; and
• to ensure that content from our Site is presented in the most effective manner for you and for your computer;
• ensure effective operational management and internal administration of our business, document retention, compliance with regulatory
guidance and exercise or defence of legal claims.
Where we think there is a risk that one of your interests or fundamental rights and freedoms may be affected we will not process your
personal data unless there is another legal ground for us to do so (either that we have obtained your consent to the processing or it is
necessary for us to perform our contract with you or to comply with our legal obligations).
5. Who we share your personal data with
Your personal data will never be shared with a third party unless we are under a duty to disclose in order to comply with any legal obligation, or in order to protect the rights, property, or safety, of our business, our customers or others. This includes, in specific cases, exchanging information with other organisations for the purposes of fraud protection.
All data is held in the United Kingdom. No data will be stored outside the EEA (European Economic Area).
6. How long we keep your personal data for
Your data will be processed during the duration of any treatment and will continue to be stored for seven years after the end of the treatment to meet any legal obligations. After seven years, all personal data will be deleted, unless basic information needs to be retained by us to meet our future obligation to you. Records concerning minors who have received treatment will be retained until the child has reached the age of 25.
7. Your rights
You have the following rights regarding your personal data:
What does this mean?
1. Rights to be informed
2. Right of access
3. Right to rectification
You are entitled to have your personal data corrected if it is inaccurate or incomplete.
4. Right to erasure
This is also known as 'the right to be forgotten' and, in simple terms, enable you to request the deletion or removal of your personal data where there is no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions.
5. Right to restrict processing
You have the right to 'block' or supress further use of your personal data in certain circumstances. When processing is restricted, we can still store your personal data, but may not use it further.
6. Right of data portability
You have the right to obtain and reuse your personal data in a structured, commonly used and machine-readable format in certain circumstances. In addition, where certain conditions apply, you have the right to have such information transferred directly to a third party.
7. Right to object to processing
You have the right to object to us processing your personal data for our legitimate business interests or for direct marketing purposes (including in each case any related profiling).
8. Right to withdraw consent to processing
If you have given your consent to us to process your personal data for a particular purpose (for example, direct marketing), you have the right to withdraw your consent at any time (although if you do so, it does not mean that any processing of your personal data up to that point is unlawful).
9. Right to make a complaint to the data protection authorities
You have the right to make a complaint to the Information Commissioner's Office (ICO) if you are unhappy with how we have handled your personal data or believe our processing of your personal data does not comply with data protection law.
8. How to contact us
If you would like to exercise your data protection rights or if you are unhappy with how we have handled your personal data, please feel free to contact us by using the details set out on our Site.
If you're not satisfied with our response to any enquiries or complaint or believe our processing of your personal data does not comply with data protection law, you can make a complaint to the Information Commissioner's Office (ICO) by:
• writing to: Information Commissioner's Officer, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF;
• calling: 0303 123 1113; or
• submitting a message through the ICO's website at: ico.org.uk
9. Links to other websites