At the Norup Clinic, we are committed to ensuring the privacy of our patients and website visitors.
This policy explains what personal data we may collect about you when you interact with us and how we use it.
- Service: We will only use your data to improve your experience of our services
- Patient Safety: We will only use your sensitive personal data to ensure your care and safety
- Keep in touch: We will only contact you about things you have shown an interest in
- Who are we?
- Your personal and sensitive personal data
- What personal data do we collect?
- When do we collect your personal data?
- How and why do we use your personal data?
- The legal bases we rely on
- How we protect your data
- How long do we keep your personal data?
- Cookies and similar technologies
- Who do we share your personal data with?
- What are your rights?
- How to stop marketing messages from us
- Third-party links
- Any questions?
WHO ARE WE?
- The websites we operate and this policy refer to are: www.thenorupclinic.co.uk
- For simplicity, “we” and “us” means The Norup Clinic, as the case may be.
- The Norup Clinic are data controllers in relation to the processing of personal information that you provide us when using our services.
- You can contact our Data Protection Officer at: firstname.lastname@example.org or write to:
Data Protection Officer at
The Norup Clinic
Esher KT10 9DA
YOUR PERSONAL AND SENSITIVE DATA
Under data protection legislation, the data we hold about you can be categorised as follows:
Personal data: This is data related to an identified or identifiable person. Examples of personal data we collect and process include names, email addresses, location, telephone numbers, ID numbers and online identifiers. Where this policy states “your data/your personal data” we are referring to Personal Data unless otherwise stated.
Sensitive personal data: Sometimes referred to as “Special Category Data”, this is data that is deemed to be more sensitive than the above personal data. For example, medical records, genetics, biometric data, details of ethnicity, sexual orientation or other health data. We only use this data for the purposes of your treatment and to ensure you care and safety as a patient. We never use your sensitive personal data for marketing purposes.
WHAT PERSONAL DATA DO WE COLLECT?
- Details gathered as part of the provision of healthcare or other goods or services to you
- Whilst using our website you may submit information to us via an enquiry form. This may include your name, email address, phone number and postcode. We require this information to contact you regarding your enquiry and to better understand demand for our services
- Details of your interactions with us through our call centre, in clinics or online. For example, we may record calls or make note of conversations and maintain phone call logs
- Details of services and/or treatment you have received from us or which have been received from a third party and referred on to us
- Copies of documents you provide to prove your age or ID where the law or company policy requires
- Payment details
- Details of your visits to our websites, including how you arrived, which pages you visited, time spent, links clicked and technical information about your device and internet connection
- Personal details which help us make suggestions. For example, you may indicate that you have a particular skin condition or concern, which we will use to recommend treatments
- Your reviews, survey responses and comments
- The name and contact details (including phone number) of your next of kin
- Patient feedback and treatment outcome information you provide
- Information about complaints and incidents
WHEN DO WE COLLECT YOUR PERSONAL DATA?
- When you visit our website
- When you communicate with us by phone or email or instant messaging systems
- When you engage with us on social media
- When you interact (open/click) with our emails
- When you request further information from us
- When you arrange appointments with clinic staff
- When you attend appointments and as part of the consultation process and as part of the provision of goods and services to you
- When you make payments to us or require a refund
- When you fill in any forms online or in clinic
- When you’ve given a third party permission to share with us the information they hold about you (eg. Facebook/Instagram)
- When you complete any surveys we send you
- When you review our services
- When you refer a friend
- When you visit our clinics we may operate CCTV systems for security purposes
HOW AND WHY DO WE USE YOUR PERSONAL DATA?
We want to give you the best possible experience from your very first interaction with us. One way to achieve this is to better understand who you are by collecting data about you.
We use this to provide goods and services to you and to make improvements to our service and to communicate information that you are likely to be interested in. There are many cases where we are required to collect and process data about you either to fulfil our contractual obligations to you or to comply with the law.
We use your personal data for the following purposes:
- To provide healthcare or other goods or services to you
- To contact you regarding your enquiry – we have to collect and process your data in order to fulfil your request for further information or to book an appointment
- To provide you with further information about the subject of your enquiry so you understand your options and can make an informed decision
- To remind you by email to book subsequent appointments for a treatment you have previously had which requires ongoing review
- To contact you regarding your appointments and treatments – we want to make sure you don’t miss your appointments
- With your consent, we will send you special offers and news via email – to keep you up to date with our promotions
- To tailor the content of our communications – to make it more relevant to
- For business performance analysis – to ensure we continue to provide the best service
- To make sure we’re speaking to the right person – to help prevent and detect
- To take payment and process refunds
- To provide customer service and support
THE LEGAL BASES WE RELY ON
Under data protection legislation, we must have one of a number of reasons for processing your personal data. Below we outline the bases we use and an example of the purpose for which it is used:
Consent: In some situations, we ask for your consent to process your data for the purpose we have identified.
- If we ask you to tick a box on our enquiry form to receive our special offer and discount Generally, we will only ask for your consent in In these circumstances, we will always aim to be clear and transparent about why we need your consent and what we are asking it for. Where we are relying on consent to process personal data, you have the right to withdraw your consent at any time by contacting us using the details below and we will stop the processing for which consent was obtained.
Contractual obligations: Sometimes we may need your data to fulfil our obligations.
- If you wish to book an appointment we may need your payment details, address and contact details to process payment and secure your booking
Legal compliance: There may be some situations where we are required by law or regulatory bodies to process your data. For example:
- we may require you provide proof of ID and age where the law requires
- gathering information as part of investigations by regulatory bodies or in connection with legal proceedings or requests
Legitimate Interests: In some situations we require your data to pursue our interests in a way which might reasonably be expected as part of running our business and which does not significantly impact your rights or freedom. For example:
- we will use the contact details you provide, to call/SMS/email you regarding your enquiry and provide you with targeted relevant information
- we may combine and anonymise your data with that of other customers to identify trends and help make improvements to our service and business
To process sensitive personal data we rely on additional legal grounds and generally, they are as follows:
- Your consent
- Where it is necessary to provide health or social care treatment, or to manage health or social care systems and services. This may also include monitoring whether the quality of our services or treatment is meeting expectations
- It is necessary for a public interest purpose in line with any laws that are applicable. This should assist in protecting the public against dishonesty, malpractice or other seriously improper behaviour for example, investigating complaints, clinical concerns, regulatory breaches or investigations
HOW WE PROTECT YOUR DATA
We take the security of your data seriously and take all appropriate steps to protect it from unauthorised access, loss and misuse. We never sell any of your personal data for any purpose. Any sensitive personal data we may collect (such as medical records) is never used for marketing purposes and access to such data is further restricted.
INTERNATIONAL DATA TRANSFER
Your personal data may be transferred outside the UK and the European Economic Area for the purposes set out above. While some countries have adequate protections for personal data under applicable laws, in other countries steps will be necessary to ensure appropriate safeguards apply to it. These include imposing contractual obligations or other safeguards to provide adequate levels of protection.
We take steps to ensure that, when we transfer your personal data outside the EEA, we have adequate safeguards in place in line with applicable data protection laws. For more information about this protection, please contact us at email@example.com
HOW LONG DO WE KEEP YOUR DATA?
We retain your records for certain periods (depending on the particular type of record) under our retention of records policy or as required by law or guidance. This is to ensure that information is properly managed and is available whenever and wherever there is a justified need for that information, including to support patient care and continuity of care; to support evidence-based clinical practice and to assist clinical and other audits; to support our legitimate interests, and to meet legal requirements.
COOKIES & SIMILAR TECHNOLOGIES
To help us give you the best possible experience, our websites and emails contain cookies, web beacons and similar technologies. Cookies are small, harmless text files that are downloaded to your computer/device when you visit websites. They serve a range of purposes such as helping us understand our website usage, activity and user behaviour. For more information, see our Cookies Policy.
WHO DO WE SHARE YOUR DATA WITH?
We never sell your data to any third parties. We want to maintain your trust as a reputable company and believe this is essential to ensure this.
However, we may have to share your data for the purposes outlined above. As such, we may share your data with:
- those involved in your treatment, such as: doctors, clinicians and other health-care professionals
- service providers that help us deliver our emails and electronic communications to you support our website, phone handling and other IT/business systems; and provide analytics services
- people or organisations we have to, or are allowed to, share your personal data with by law for example, for fraud-prevention or safeguarding purposes, or for regulatory investigations, including medical or professional regulators such as the General Medical Council
- a third party if we restructure or transfer our business or its assets or have a merger or re-organisation (in which case personal data we hold about our patients or visitors to the website may be one of the assets the third party takes over)
- any member of our group
- where necessary to comply with our obligations or as permitted by law and with our legal and other professional obligations
We require all third parties who process data on our behalf to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
WHAT ARE YOUR RIGHTS?
You have many rights relating to your personal data including:
- The right to access the personal data we hold about you
- The right to request the correction of inaccurate data about you. If we hold inaccurate or out of date information about you, you can request that we change or update it
- The right to request that we delete your data or stop processing it – in some instances such as where we no longer need it, we can delete your personal data
- The right to stop direct marketing – You have the absolute right to stop our use of your personal data for direct marketing purposes. In this instance we must always comply with your request
- The right to withdraw your consent – Whenever you have given us your consent to use your personal data, you have the right to change your mind and tell us
Please note there may be instances where we refuse your request for any of the above (unless otherwise stated) where we have a strong overriding reason or are legally obliged to. We may also be required to continue to hold healthcare records for you in order to comply with law or to provide care to you.
If you wish to exercise any of your rights, have a complaint or questions about this policy, please see the “Who are we?” section for contact details.
HOW TO STOP MARKETING MESSAGES FROM US
There are several ways you can stop receiving marketing messages from us:
- Clicking the “unsubscribe” link at the top or bottom of any of our marketing emails
- Send a request to unsubscribe by replying directly to any of our marketing emails
Please note these actions will only stop emails that are not related to booking confirmation/ payment confirmation/ medical aftercare. You may still receive email correspondence from The Norup Clinicstaff; for example emails to confirm your appointments.
In most cases your request will be processed immediately but occasionally it may take a few days to take effect so you may still receive emails from us during this time.
If you have previously unsubscribed but change your mind and wish to be included in our emails again, please call us or let a member of staff know. We will email you a request which you need to open and accept to start receiving our emails again.
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share information about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
We do not knowingly collect personal data relating to children under the age of 18. If you are a parent or guardian of a child under the age of 18 and think that we may have information relating to that child, please contact us. We will ask you to prove your relationship to the child but if you do so you may (subject to applicable law) request access to and deletion of that child’s personal data.
If you have concerns about aspects of the way your data has been handled or used by us and are not satisfied with our response, you can report your concerns to the UK Information Commissioner Office (ICO). Details of how to do this are on the ICO website (https://ico.org.uk).
Or write to: Data Protection Officer
The Norup Clinic
Esher KT10 9DA
This policy was last updated on the 8th October 2020.