Harpal Clinic do, and have always taken data protection extremely seriously. Our patients rely on us to keep their personal data secure and visible only to their allocated doctor.
Who even are we?
The websites we operate and this policy refer to are: www.harpalclinic.co.uk and www.skincity.co.uk
You can contact our Data Protection Officer at: firstname.lastname@example.org
Or write to:
What even is GDPR?
The aim of the GDPR is to protect all EU citizens from privacy and data breaches in an increasingly data-driven world that is vastly different from the time in which the 1995 directive was established.
When do we collect data?
- When you visit any of our websites (cookies)
- When you communicate with us by phone or email or instant messaging systems
- When you arrange appointments
- When you attend appointments and as part of the consultation process
- When you make payments to us or require a refund
- When you fill in any forms online or in our clinic
What data do we collect?
- Preferences of music and interest in other services we offer (via our registration form in the clinic)
- Your name, DOB, address, appointment details, medicinal history, allergies - should it be relevant to the type of appointment you are booked in for.
- Whilst using our website you may submit information to us via an enquiry form. This may include your name, email address, phone number and postcode. We require this information to contact you regarding your enquiry and to better understand demand for our services.
- Payment details on our website should you choose you create an account.
- Details of your visits to our websites, supplied by Google Analytics.
How & why would we do this?
We want to give you the best possible experience from your very first interaction with us. One way to achieve this is to better understand who you are by collecting data about you.
We use this to make improvements to our service and to communicate information that you are likely to be interested in.
There are many cases where we are required to collect and process data about you either to fulfil our contractual obligations to you or to comply with the law.
We use your personal data for the following purposes:
- To contact you regarding your enquiry – we have to collect and process your data in order to fulfil your request for further information or to book an appointment.
- To provide you with further information about the subject of your enquiry so you understand your options and can make an informed decision.
- To remind you by email to book subsequent appointments for a treatment you have previously had which requires ongoing review.
- With your consent, we will send you special offers and news via email – to keep you up to date with our promotions.
- To tailor the content of our communications – to make it more relevant to you.
- To contact you regarding your appointments and treatments – we want to make sure you don’t miss your appointments.
How do we protect your data?
We use a super secure cloud system for our medical data, this is ONLY accessible by our doctor, and is never shared with anyone else.
Non-doctor related data is kept secure by a 2-step verification system (by Google) as well being password protected of course.
Paper forms are either kept in a locked cupboard or shredded once entered on to our system.
Cookies & similar technologies
To help us give you the best possible experience, our websites and emails contain cookies, web beacons and similar technologies. Cookies are small, harmless text files that are downloaded to your computer/device when you visit websites. They serve a range of purposes such as helping us understand our website usage, activity and user behaviour. For more information, see our Cookies Policy.
Who do we share your personal data with?
We never sell your data to any third parties. We want to maintain your trust as a reputable company and believe this is essential to ensure this.
However, we do use third parties to support, manage or deliver some of our day to day business services.
As a result, we may share non-sensitive personal data (such as phone numbers, email address and IP address) with the following type of companies we work with:
- Online booking systems
We select these companies carefully and take precautions to keep your data safe and protect your privacy:
- We only provide the data they need to perform the services we require.
- They may only use your data for the purposes we specify and agree with them.
What are your rights?
You have many rights relating to your personal data including:
- The right to access the personal data we hold about you.
- The right to request the correction of inaccurate data about you. If we hold inaccurate or out of date information about you, you can request that we change or update it.
- The right to request that we delete your data or stop processing it – in some instances such as where we no longer need it, we can delete your personal data.
- The right to stop direct marketing – You have the absolute right to stop our use of your personal data for direct marketing purposes. In this instance we must always comply with your request.
- The right to withdraw your consent – Whenever you have given us your consent to use your personal data, you have the right to change your mind and tell us.
- Please note there may be instances where we refuse your request for any of the above (unless otherwise stated) where we have a strong overriding reason or are legally obliged to.
If you wish to exercise any of your rights, have a complaint or questions about this policy, please see the “Who are we?” section for contact details.
How to stop marketing messages from us
There are several ways you can stop receiving marketing messages from us:
Please note these actions will only stop emails that are not related to booking confirmation/ payment confirmation/ medical aftercare. You may still receive email correspondence from The Private Clinic staff; for example emails to confirm your appointments.
- Clicking the “unsubscribe” link at the top or bottom of any of our marketing emails
- Send a request to unsubscribe by replying directly to any of our emails
In most cases your request will be processed immediately but occasionally it may take a few days to take effect so you may still receive emails from us during this time.
If you have previously unsubscribed but change your mind and wish to be included in our emails again, please call us or let a member of staff know. We will email you a request which you need to open and accept to start receiving our emails again.
We do not knowingly collect personal data relating to children under the age of 18. If you are a parent or guardian of a child under the age of 18 and think that we may have information relating to that child, please contact us. We will ask you to prove your relationship to the child but if you do so you may (subject to applicable law) request access to and deletion of that child’s personal data.
Complaints about the info on this page
If you have concerns about aspects of the way your data has been handled or used by us and are not satisfied with our response, you can report your concerns to the UK Information Commissioner Office (ICO). Details of how to do this are on the ICO website (https://ico.org.uk).
This policy was last updated on the 12th May 2018