Harpal Clinic GDPR Policy
Harpal Clinic do, and have always taken data protection extremely seriously. Our patients rely on us to keep their personal data secure and visible only to their allocated doctor.
Who are we?
Harpal Clinic specialises in aesthetics, beauty, and medical treatments. The websites that we operate are as follows: www.harpalclinic.co.uk / www.skincity.co.uk. You can contact our Data Protection Officer at: firstname.lastname@example.org or write to: Manager, Harpal Clinic, 4 Moorfields, London, EC2Y 9AA
What is GDPR?
The aim of the GDPR is to protect all EU citizens from privacy and data breaches in an increasingly data-driven world that is vastly different from the time in which the 1995 directive was established.
When do we collect data?
When you visit any of our websites (cookies), when you communicate with us by phone or email or instant messaging systems, when you arrange appointments, when you attend appointments as part of the consultation process, when you make payments to us (or require a refund) and when you fill in any forms online or in our clinic.
What data do we collect?
Your name, DOB, address, appointment type, music preference for certain appointments, interest in other services that we offer (should you consent), previous aesthetic treatment (for insurance/medical purposes). More complex information includes medicinal history, reactions and allergies - should they be relevant to your type of appointment. Finally, details of visits to our websites, supplied by Google Analytics.
How & why would we do this?
We want to give you the best possible experience from your very first interaction with us. One way to achieve this is to better understand who you are by collecting data about you. We use this to make improvements to our service and to communicate information that you are likely to be interested in (with your consent).
There are many cases where we are required to collect and process data about you either to fulfil our contractual obligations to you or to comply with the law. We use your personal data for the following purposes:
To contact you regarding your enquiry. To provide you with further information about the subject of your enquiry so you understand your options and can make an informed decision. To remind you by email to book subsequent appointments for a treatment you have previously had which requires ongoing review. With your consent, we will send you special offers and news via email – to keep you up to date with our promotions. To tailor the content of our communications – to make it more relevant to you. To contact you regarding your appointments and treatments, we want to make sure you don’t miss your appointments!
How do we protect your data?
We use a super secure cloud system for our medical data, this is ONLY accessible by our doctor, and is never shared with anyone else. Non-doctor related data is kept secure by a 2-step verification system (by Google) as well being password protected of course. Paper forms are either kept in a locked cupboard or securely shredded once entered on to our system.
Cookies & similar technologies
To help us give you the best possible experience, our websites and emails contain cookies, web beacons and similar technologies. Cookies are small, harmless text files that are downloaded to your computer/device when you visit websites. They serve a range of purposes such as helping us understand our website usage, activity and user behaviour. For more information, see our Cookies Policy.
Who do we share your personal data with?
We never sell your data to any third parties. We want to maintain your trust as a reputable company and believe this is essential to ensure this. However, we do use third parties to support, manage or deliver some of our day to day business services. As a result, we may share non-sensitive personal data (such as name and DOB) with the following type of companies we work with: Chemists, Pharmacies, Online booking systems.
We select these companies carefully and take precautions to keep your data safe and protect your privacy. We only provide the data they need to perform the services we require. They may only use your data for the purposes we specify and agree with them.
What are your rights?
You have many rights relating to your personal data including: The right to access the personal data we hold about you. The right to request the correction of inaccurate data about you. If we hold inaccurate or out of date information about you, you can request that we change or update it. The right to request that we delete your data or stop processing it, in some instances such as where we no longer need it, we can delete your personal data. The right to stop direct marketing - you have the absolute right to stop our use of your personal data for direct marketing purposes. In this instance we must always comply with your request. The right to withdraw your consent - whenever you have given us your consent to use your personal data, you have the right to change your mind and tell us. Please note there may be instances where we refuse your request for any of the above (unless otherwise stated) where we have a strong overriding reason or are legally obliged to.
If you wish to exercise any of your rights, have a complaint or questions about this policy, please see the “Who are we?” section for contact details.
How to stop marketing messages from us
There are several ways you can stop receiving marketing messages from us (please note these actions will only stop emails that are not related to booking confirmation, payment confirmation, medical aftercare). You can click the ‘unsubscribe’ link at the top or bottom of any of our marketing emails. Or send a request to unsubscribe by replying directly to any of our emails.
In most cases your request will be processed immediately but occasionally it may take a few days to take effect so you may still receive emails from us during this time. If you have previously unsubscribed but change your mind and wish to be included in our emails again, please call us or let a member of staff know. We will email you a request which you need to open and accept to start receiving our emails again.
We do not knowingly collect personal data relating to children under the age of 18. If you are a parent or guardian of a child under the age of 18 and think that we may have information relating to that child, please contact us. We will ask you to prove your relationship to the child but if you do so you may (subject to applicable law) request access to and deletion of that child’s personal data.
Complaints about the info on this page
If you have concerns about aspects of the way your data has been handled or used by us and are not satisfied with our response, you can report your concerns to the UK Information Commissioner Office (ICO). Details of how to do this are on the ICO website (https://ico.org.uk).
This policy was last updated on the 1st October 2018