Cheshire Lasers values your privacy and want to be clear about the data we collect, how we use it and your rights to control that information. This policy reflects the high standards established by the General Data Protection Regulation (GDPR), a set of laws passed in the European Union. It applies to information collected by us, or provided by you, during your appointment, via email, our website, or in any other way including over the phone.
All your personal data will be held and used in accordance with GDPR and national laws implementing GDPR and any legislation that replaces it in whole or in part relating to the protection of personal data.
We do not collect personally identifiable information about you, except when you provide it to us directly or through a third party. For example, if you subscribe to our mail chimp newsletter, complete a surveymonkey online survey, leave a review on reviews.co.uk, book a treatment with us, or consent to have a treatment with us or make a purchase.
The Information we Record via our Website
When you visit our websites (via a computer, mobile or hand-held device) you may provide us with personal information including your name, address, contact details and financial data (via Pay Pal).
This information is gathered when you register or book an appointment online using appointment plus, email the Clinic, make a purchase from the on-line shop or sign up for our newsletter (via Mail Chimp), complete a surveymonkey online survey or leave a review on reviews.co.uk.
Our websites use the Google Analytics cookie. The Google Analytics cookie allows us to see information on user website activity including, but not limited to page views, referral and average time spent on the website. The information is depersonalised and is displayed as numbers, meaning it will not be tracked back to individuals, which helps to protect your privacy. Using Google Analytics we can see what content is popular on our website, and strive to ensure you have the best user experience possible.
The information we Record via Emails
When you correspond with the Cheshire Lasers by email, we may need to retain the content of your email and any photographs supplied together with our replies, as they form part of your medical records.
The Information We Record During Your Consultations & Treatment Appointments
When you visit the Cheshire Lasers Clinic you provide personal information including your name, address, date of birth, contact details and medical history.
During your consultation medical notes are taken, which may include any allergies, operations and medication. We also record treatment data which may include details of treatments or procedures you have had done
Depending on the treatment sometimes photography and prescriptions may be required. This will form part of your treatment/medical records.
During your visit you may be asked to read and sign consent and after care forms which form part of your treatment/medical records. During your treatment we will record treatment settings, outcomes and may take photographs which form part of your treatment / medical records.
How We Use Your Information
Your personal details and medical records are for legitimate purposes and ensure we are able to :
- Provide the best possible care
- Provide Beauty, Medical and Aesthetic treatments safety
- Identify any contraindications you may have for specific treatments
- Diagnose medical concerns, provide treatment plans and write prescriptions
- Maintain an accurate appointment diary for all our specialist
- Confirm your appointment by text, email or phone
- To answer your questions by email or phone
- Keep you up to date on news and treatments offered by the Clinic
- To contact you for post-treatment follow up and care, including survey requests in order to improve our service
You have a responsibility to inform us if any of your details such as name, address, contact numbers change, so our records are accurate and up to date for you. Generally, we do not rely on consent as a legal ground for processing your personal data, other than in relation to sending marketing communications to you via email.
We take card payments using World Pay in the clinic and Pay Pal for online payments these third parties have access to your Transaction Data and have their own GDPR compliant policies.
We use Appointment Plus for our appointment diary, this enables you to book appointments online with most of our specialists, it also sends automatic appointment confirmations and reminders. We store your contact details such as Name address, email and phone numbers on here in order to identify you and send you confirmations and reminders and in case we need to inform you of anything related to your appointment. Please view here for more information on Appointment Plus and its data policy.
Treatments requiring prescriptions
At Cheshire Lasers some treatments require a prescription by a doctor or prescribing health practitioner. These prescription will need to be sent to a pharmacy in order to provide your agreed treatment. Opting out of sharing your information with these providers may affect our ability to treat you. All our suppliers have entered into appropriate confidentiality obligations and/or contractual data processing clauses with us.
How We Maintain Confidentiality of your Records
Every member of staff has a legal obligation to keep information about you confidential.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know such data. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Depending on the service you use your records are locked away or stored electronically in a GDPR compliant software system. All digital data is secure and is highly protected from unauthorised persons and is also protected from deletion or malicious hacking.
How We Share Your Information
We will only share your information if you have given us written permission to make/cancel appointments with a family member/employee.
We do not sell our database to third parties.
We never share any information with third parties unless there is a genuine need for it, or we receive their request in writing and we have your written consent.
Disclosure of Personally Identifiable Information
- Fraud Protection and Compliance with Law
We may need to disclose your personal information or share your personal information in order to comply with any legal or regulatory requirement, obligation or request. This includes the police for the prevention or investigation of a crime, HMRC, or our Insurers, legal advisors or other third parties who need access to it in the context of managing, investigating or defending claims or complaints.
- Service Providers
How long do we hold your information
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes.
As a medical clinic we are required to hold medical records for ten years from your last treatment.
Job applications and unsuccessful interview candidates – 6 months
Employee Records – Indefinitely
Marketing Enquiries and Emails – 6 months
You have the right to withdraw your consent at any time by contacting us via email or letter. We will no longer contact you although medical records must be retained for ten years. Where we are required to collect personal data by law, or under the terms of the contract between us and you do not provide us with that data when requested, we may not be able to perform the contract (for example, to deliver goods or services to you). If you don’t provide us with the requested data, we may have to cancel a product or service you have ordered but if we do, we will notify you at the time.
You have the right to request a copy of your medical records and this request must be put in writing and signed by the patient. We are required to respond to you within 30 days.
You have the right to have information updated or corrected if you feel it is inaccurate, incomplete or out of date. This request must put in writing and signed by the patient.
The revised policy will be displayed on our website and a notification displayed in our waiting room. Where necessary, you may be asked to sign the consent form again.
Objections & Complaints
Our Data Protection Officer is responsible for ensuring the Clinic keeps your information secure and confidential.
If you have concerns about the way your information is managed please contact the clinic on 01606 841255 or email email@example.com
If you are still unhappy you can then complain to the Information Commissioners Office (ICO) at www.ico.gov.uk or telephone 0303 123 1113.
Cheshire Lasers Clinic has a data breach policy and, in the unlikely event of a breach occurring, a further investigation will be held. Lessons learnt will be added to the policy and the relevant supervising bodies notified if required.