We are committed to protecting your privacy and meeting the requirements of data protection legislation.
This privacy notice explains the following:
- What personal data we collect about you.
- Why we collect that personal data and who we share your personal data with;
- How long we retain your personal data;
- How we keep your personal data secure;
- Why we might contact you and how you can change that; and
- What rights you have regarding your personal data.
When we talk about “personal data” in this notice, we mean any information which could be used to identify you and any other information we may hold about you.
In this privacy notice, when we refer to “we”, “us” or “our”, we mean Dermatology Clinic London Ltd, 151 West Green Road, London, England, N15 5EA. We are the data controller under the Information Commissioner’s Office registration number [●].
If you would like to contact us about this privacy notice or further details on how we use your personal data, please contact the Group Data Protection Officer by post at our address above or by emailing email@example.com.
Personal data collected by us
Hasan Benar, Elif Burcu Benar and our assistants or administrative support staff keep records about your health and any treatment you receive from us. These records help to ensure that you receive the best possible care, and to make sure that we can contact you, if needed, regarding your treatment – for example, in relation to post treatment care and products.
Your personal data may be written down in paper records or held on computer or mobile phone (in the case of your photographs). These records may include:
- basic details about you such as name and surname, address, date of birth, etc.
- contact details including billing address, email address and telephone number,
- treatments and sessions that we have had with you such as appointments or clinic visits,
- notes and records about your health, previous treatments, care and images as well as recommendations,
- results of any tests and effects of treatments you have received; and
- information on medicines, side effects and allergies.
It is essential that your details which we hold are accurate and up to date. Please make sure that your details are correct when you visit us and please inform us of any changes as soon as possible.
Why do we collect personal data?
Your details are used to direct, manage and deliver the treatment and care you receive to ensure that:
- we have accurate and up to date personal data to assess your health and determine the most appropriate treatment and care for you;
- we have the relevant information to be able to assess and improve the quality and type of treatment and care you receive;
- your concerns and complaints can be properly investigated and resolved should they raise; and
- appropriate information is available if you visit us again to ensure you receive continuity of treatment.
Your information will also be used to help us:
- review the services we provide to ensure it is of the highest standard and quality;
- investigate client queries, claims and complaints;
- ensure our clinic receives payment for the treatment you receive;
- prepare statistics on our performance and ensure our services always improve;
- audit our accounts and services as and when required; and
- contact you for your health and safety.
Lawful bases for using your personal data under data protection legislation include the following:
- In some cases, it is necessary for us to use information to fulfil our contract with you to provide you with best treatment, such as using your health data for the purposes of determining whether you are suitable for a particular treatment.
- In some exceptional circumstances, we may be required to use your information to protect your interests or those of another person for example, in the case of an epidemic or an unexpected extreme event.
- We might be asked by a court order to provide information about people.
- We may also need to use your information for the purposes of establishing, exercising or defending our legal rights, for example in the event of a complaint.
- Where we do not have a contractual or legal obligation to handle your data in a particular way or your explicit consent to use your information for a specific purpose, we have a legitimate interest to conduct general business processes and improve our services. When relying on our legitimate interests we always assess whether this use of your data is fair, proportionate and in no way detrimental.
Please do not give more personal information than we need to process your treatment and request.
Please do not ask us to send you treatment details that you would not want seen by other people.
Who we share your personal data with?
We will keep your personal data confidential and anyone who receives information from us (if required under exceptional circumstances) will have a legal duty to keep it confidential.
We will not disclose your personal data to any other third parties without your permission unless there are exceptional circumstances, such as if the health and safety of others is at risk or if the law requires us to pass on information
You have the right to restrict how and with whom we share personal data that identifies you. This must be noted explicitly within your records in order that all staff treating you are aware of your decision. By choosing this option, you should be mindful that it may make the provision of treatment more difficult or unavailable.
You can change your mind at any time about a disclosure decision.
Receiving communications from us and updating your preferences
When attending our clinic for an appointment you may be asked to confirm that we have an accurate email address and contact number for you. These can be used to:
- provide appointment details,
- aftercare information and follow up of treatment;
- Settlement of any accounts that may be due
- collecting your feedback about your visit and care; and
- complaints and concerns regarding your treatment.
We may also contact you about goods and services which we think may be of interest to you if you have consented to us using your information in this way.
You can update your communications preferences at any time by informing a member of staff or by contacting Hasan Benar (firstname.lastname@example.org).
Retention of personal data
We retain personal data for no longer than required. This is based on legal obligations, as well as our business requirements.
Security of your personal data
We take our duty to protect your personal information and confidentiality very seriously and we are committed to taking all reasonable measures to ensure the confidentiality and security of personal data for which we are responsible, whether computerised or on paper. Where we need to transfer data, we do so with appropriate safeguards in place in accordance with the Data Protection Act 1998.
If your permanent address is outside the European Union, or your treatment will continue outside the European Union, we may need to send details of your treatment to individuals based outside the European Union specifically to promote your ongoing care. If you wish, we can deliver you the relevant documents so that you have physical control over this information.
Your legal rights
According to data protection legislation you have the right to:
- know what information we hold about you on our record, what we use it for and if the information is to be shared, who it will be shared with,
- request personal data we hold about you (other people authorised by you could also do this on your behalf),
- correct any data we hold about you which is not correct,
- request that we delete and destroy your personal data,
- block the further processing of your personal data in certain circumstances,
- in some circumstances, receive the personal data which you have provided to us, in a structured and machine-readable format and have this transmitted to another data controller,
- withdraw your consent where this is the legal basis for us processing your information,
- object to processing where we are relying on our legitimate interests as the legal ground for processing, and
- request not to be subject to automatic decisions (i.e. decisions that are made about you by computer) that have a significant effect on you.
Please contact us in writing using the details below if you wish to exercise any of your rights in relation to personal data. Our policy is to verify the authenticity of all requests made, and
your request may be refused if we are unable to verify the identity of the requester. You should provide enough information to enable us to correctly identify your records, for example include your full name, address and date of birth. We will take every reasonable step to respond to you within 30 days of receiving your request. You may be required to provide a form of ID before any information is released to you.
Once you receive your records, if you believe any information is inaccurate or incorrect, please do let us know.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, if your request is clearly unfounded, repetitive or excessive we may charge a reasonable fee or we may refuse to comply with your request in these circumstances.
If you have concerns about how we have handled your personal data, please contact Hasan Benar in the first instance by emailing email@example.com. If you remain unsatisfied you can contact the Information Commissioner’s Office (ICO) on 0303 123 1113, by emailing firstname.lastname@example.org or by post at Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.
If you have an urgent question or feel unwell after treatment contact the clinic on 07900 293024 (Monday-Saturday 9.00 AM to 7PM) or 111 NHS emergency service or 999 for life threatening conditions by telephone, instead of sending email.