PRIVACY POLICY
Privacy Policy Notice
Key principles of GDPR:
Our privacy policy embodies the following key principles;
(a) Lawfulness, fairness and transparency,
(b) Purpose limitation,
(c) Data minimisation,
(d) Accuracy,
(e) Storage limitation,
(f) Integrity and confidence,
(g) Accountability.
The policy: This privacy policy notice is served by Declan Collins Plastic Surgery under the website; [www.domain.co.uk]. The purpose of this policy is to explain to you how we control, process, handle and protect your personal information through the business and while you browse or use this website. If you do not agree to the following policy you may wish to cease viewing / using this website, and or refrain from submitting your personal data to us.
Policy key definitions:
"I", "our", "us", or "we" refer to the business, Declan Collins Plastic Surgery
"you", "the user" refer to the person(s) using this website.
GDPR means General Data Protection Act.
PECR means Privacy & Electronic Communications Regulation.
ICO means Information Commissioner's Office.
Cookies mean small files stored on a users computer or device.
What data do we collect?
Personal data: This is data related to an identified or identifiable person. Examples of personal data we collect and process include names, email addresses, location, telephone numbers, online identifiers, payment information and medical information provided by you or referring clinicians. Medical information may include for example, medical records, genetics, biometric data, details of ethnicity, or other health data. We only use this data for the purposes of your treatment and to ensure your care and safety as a patient.
Further information gathered may include
- The name and contact details (including phone number) of your next of kin. Where you have named someone as your next of kin and provided us with personal data about that individual, it is your responsibility to ensure that that individual is aware of and accepts the terms of this privacy policy.
- Details of your visits to our website, including data traffic, pages visited, time spent, links clicked and communication data about your device and internet connection
- Information gathered by the use of cookies.
- Patient feedback and treatment outcome information you provide
- Information received from other sources, including information from, analytics providers, or information provided by other companies who have obtained your permission to share information about you
When do we collect your personal data?
We receive information about you when you visit our website or communicate with us via phone, email, messaging systems or engage with us on social media.
Other times we collect data are
-When you attend appointments and as part of the consultation process and as part of the provision of goods and services to you
-When you make payments to us or require a refund
-When you fill in any forms online or in clinic
-When you review our services
If you provide us with personal data about a third party (for example when registering for an appointment on their behalf, or when registering a minor), you agree that you have obtained the express consent from the third party for the disclosure and use of their personal data or are legally responsible for that person.
How do we use your personal data?
We use your personal data to provide goods and services to you and to make improvements to our service. There are cases where we are required to collect and process data about you either to fulfil our contractual obligations to you or to comply with the law.
We use your personal data for the following purposes:
-To provide healthcare or other services to you
-To process orders you have submitted to us
-To contact you regarding your enquiry – we have to collect and process your data in order to fulfil your request and provide information and services
-To contact you regarding your appointments and treatments
-To enable us to review, develop and improve our website and services
-To carry out marketing and statistical analysis;
-For business performance analysis – to ensure we continue to provide the best service
-To administer accounts, process payments and refunds
-To ensure we are communicating with the correct person- to help prevent and detect fraud
-To ensure we’re speaking to the right person – to help prevent and detect fraud
-To notify you about changes to our website and services
Processing of your personal data
Under the GDPR (General Data Protection Regulation) we control and / or process any personal information about you electronically using the following lawful bases.
We are registered with the ICO under the Data Protection Register, our registration number is: ZA255089
Lawful basis: Consent.
For example, if you tick a box on our enquiry form for us to contact you: it enables us to process your data in order to fulfil your request and provide information and services. Also where it is necessary to provide health or social care treatment, or to manage health or social care systems and services. Also when it is necessary for a public interest purpose in line with any laws that are applicable. For instance investigating complaints, clinical concerns, regulatory breaches or investigations e.g. the Care Quality Commission (CQC), GMC or ICO
Data retention period: We will continue to process your information under this basis until you withdraw consent or it is determined your consent no longer exists.
Lawful basis: Contract obligations
For example where we need your information to fulfil contractual obligations. This may be necessary when we need your contact details, payment details and address to secure an appointment or operation date.
Data retention period: We will continue to process your information under this basis until you withdraw consent or it is determined your consent no longer exists.
Lawful basis: Legal obligation
This is necessary were we may be obliged by law or regulatory bodies to process your data.
This may be necessary when you may be required to provide prove of identity or age where the law requires. Regulatory bodies may require information as part of an investigation or in cases where there are legal requests or proceedings.
Data retention period: We will continue to process your information under this basis until you withdraw consent or it is determined your consent no longer exists.
Lawful basis: Legitimate interests
This is when it is necessary to use your data to enable the business to function
For example we may use your data to contact you regarding your enquiry and provide you information regarding your consultation or treatment.
We process your information in the following ways: We may audit your data to identify patient demographics and treatments to enable us to improve our service.
Data retention period: We will continue to process your information under this basis until you withdraw consent or it is determined your consent no longer exists.
If, as determined by us, the lawful basis upon which we process your personal information changes, we will notify you about the change and any new lawful basis to be used if required. We shall stop processing your personal information if the lawful basis used is no longer relevant.
Who do we share your data with?
We will never sell your data to any third parties for marketing or advertising purposes.
There are occasions where we may share your data as outlined above; examples are given below.
-People involved in your treatment, such as: other doctors, clinicians and health-care professionals
-Service providers that help us deliver our emails and electronic communications to you support our website, phone handling and other IT/business systems; and provide analytics services
-Social media i.e. Instagram to show you some of our services that might interest you whilst you’re browsing the internet or on social media platforms. This is based on your acceptance of cookies on our websites.
-People or organisations we have to, or are allowed to, share your personal data with by law. For example, for regulatory investigations, including with the Care Quality Commission or medical or professional regulators such as the General Medical Council and for fraud-prevention or safeguarding purposes
-Where necessary to comply with our obligations permitted by law and as required with our legal and other professional obligations
We require all third parties who process data on our behalf to respect the security of your personal data and to treat it in accordance with the law.
We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
Internet cookies
We use cookies on this website to provide you with a better user experience. We do this by placing a small text file on your device / computer hard drive to track how you use the website, to record or log whether you have seen particular messages that we display, to keep you logged into the website where applicable, to display relevant adverts or content, referred you to a third party website.
Some cookies are required to enjoy and use the full functionality of this website.
We use a cookie control system which allows you to accept the use of cookies, and control which cookies are saved to your device / computer. Some cookies will be saved for specific time periods, where others may last indefinitely. Your web browser should provide you with the controls to manage and delete cookies from your device, please see your web browser options.
Data security and protection-how we protect your data
We ensure the security of any personal information we hold by using secure data storage technologies and precise procedures in how we store, access and manage that information. Our methods meet the GDPR compliance requirement.
How long do we keep your data?
We retain your records for different periods (depending on the particular type of record) as required by law. This is to ensure that information is properly managed and is available whenever and wherever there is a justified need for that information, including to support patient care and continuity of care; to support evidence-based clinical practice and to assist clinical and other audits; to support our legitimate interests, and to meet legal requirements.
Your individual rights
Under the GDPR your rights are as follows. You can read more about your rights in detail here https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/;
the right to be informed;
the right of access;
the right to rectification;
the right to erasure;
the right to restrict processing;
the right to data portability;
the right to object; and
the right not to be subject to automated decision-making including profiling.
You also have the right to complain to the ICO [www.ico.org.uk] if you feel there is a problem with the way we are handling your data.
We handle subject access requests in accordance with the GDPR.
Changes to our internet policy
We may update this privacy policy from time to time to reflect how we use your personal data. We will notify you by e-mail (if we hold your email details) or as appropriate (through suitable means through our website or otherwise) of any material changes.
