Privacy Policy

Please read the following carefully to understand how we process your personal data. By providing your personal data to us or by using our services, website or other online or digital platform(s) you are accepting or consenting to the practices as described or referred to in this Privacy Policy.

We respect your privacy and we promise to do the following:
• Use your personal information only to provide you with the information you have requested or have agreed to receive.
• Keep your data safe and secure and process it in a manner that follows your wishes.
• Use cookies (but only those which don’t personally identify you) to improve the quality of your online experience.
• Assist you to change your mind at any time about the communications you have signed up to receive.

Use of your information
The information that we collect and store relating to you is used to enable us to provide our services to you.

When we refer to personal data in this policy, we mean information that can or has the potential to identify you as an individual.
Accordingly, we may hold and use personal data about you as a patient or in any other capacity, for example, when you visit the website, access our services or speak to us.  This may include sensitive personal data such as information relating to your health.
Personal data we collect from you may include the following:
• information that you give us when you enquire or become a patient including name, address, contact details (including email address and phone number)
• details of referrals and other contact and correspondence we may have had with you
• details of services and/or treatment you have received from us
• notes and reports about your health and any treatment and care you have received and/or need, including about clinic and hospital visits and medicines administered

When do we collect personal data about you?
We may collect personal data about you if you:
• visit the website
• contact us, for example by email, telephone or social media to enquire about any services or treatments
• register to be a customer or patient with us or book to receive any of our services or treatments
• during medical consultations and/or treatment

How do we use your personal data?
Your personal data will be kept confidential and secure and will, unless you agree otherwise, only be used for the purpose(s) for which it was collected and in accordance with this Privacy Policy, applicable Data Protection Laws, clinical records retention periods and clinical confidentiality guidelines.
Sensitive personal data related to your health will only be disclosed to those involved with your treatment or care, or in accordance with UK laws and guidelines of professional bodies. Further details on how we use health related personal data are given below.
We may use your personal data to:
• enable us to carry out our obligations to you arising from any contract entered into between you and us including relating to the provision by us of services or treatments to you and related matters such as, billing, accounting and audit, credit or other payment card verification
• provide you with information, products or services that you request from us
• respond to requests where we have a legal or regulatory obligation to do so

Disclosure of your personal data
In the usual course of our business we may disclose your personal data (to the extent necessary) to certain third party organisations that we use to support the delivery of our services. This may include the following:

• organisations providing IT systems support and hosting in relation to the IT systems on which your information is stored,
• third party debt collectors for the purposes of debt collection,
• delivery companies for the purposes of transportation,
• third party service providers for the purposes of storage of information

Where a third party data processor is used, we ensure that they operate under contractual restrictions with regard to confidentiality and security, in addition to their obligations under Data Protection Laws.

External practitioners: If we refer you externally for treatment, we will share with the person or organisation that we refer you to, the clinical and administrative information we consider necessary for that referral.  It will always be clear when we do this.

Your GP:  If it is clinically advisable, we may also share information about your treatment with your GP.  You can ask us not to do this, in which case we will respect that request if we are legally permitted to do so, but you should be aware that it can be potentially very dangerous and/or detrimental to your health to deny your GP full information about your medical history, and we strongly advise against it.

Your insurer:  We share with your medical insurer information about your treatment, its clinical necessity and its cost, only if they are paying for all or part of your treatment with us.  We provide only the information to which they are entitled. If you raise a complaint or a claim we may be required to share personal data with your medical insurer for the purposes of investigating any complaint/claim.

The NHS:  If you are referred to us for treatment by the NHS, we will share the details of your treatment with the part of the NHS that referred you to us, as necessary to perform, process and report back on that treatment.

Your rights
You have the right to:
1 have access to the personal information we hold about you;
2 have rectified any incomplete, inaccurate out-of-date personal information that we hold about you;
3 have personal information we hold about you erased from our systems;
4 have the processing of your personal information restricted; and
5 receive the personal information we hold about you transmitted to another party.
Please note that these rights may only apply in certain circumstances. If you contact us to exercise any of these rights we may ask you to verify your identity and to provide other details to help us to respond to your request. We will only use this information in order to verify your identity.
You have the right to access the personal information we hold about you at any time. You also have the right to ask us to update or correct any incomplete, inaccurate or out-of-date personal information that we hold about you.
If you wish to exercise any of your rights please contact the secretary.

Storage and security of your personal information
Security
We comply with the standard procedures and requirements as laid down by applicable law to ensure that your personal information is kept secure.

Our electronic patient management system is provided by Rushcliff Ltd using the PPS software.
The security of the data is outlined here:
https://www.rushcliff.com/hosted.php

The transmission of information via the internet is not completely secure. Any emails we send or receive may not be protected in transit. If your preference is to receive correspondence via email we require confirmation of consent. Although we will do our best to protect your personal information, we cannot guarantee the security of your information transmitted to our website; any transmission is at your own risk.
Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.

Google Analytics
This website uses Google Analytics to track user interaction. We use this data to determine the number of people using our site, to better understand how they find and use our web pages and to see their journey through the website.
Google Analytics records data such as your geographical location, device, internet browser and operating system, none of this information personally identifies you. Google Analytics also records your computer’s IP address which could be used to personally identify you but Google do not grant us access to this.
Disabling cookies on your internet browser will stop Google Analytics from tracking any part of your visit to pages within this website.
Read Google’s overview of privacy and safeguarding data
. Read Google Analytics use of cookies – Google’s developer guides

Use of cookies
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website however.To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org

Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement.

Data Breaches
We will report any unlawful data breach of this website’s database or the database(s) of any of our third party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.

The Data Controller
The data controller is: Mr Ewan Wilson
Our registration number for the UK Data Protection Act 1998 is ZA189107
Data Protection Officer
Mr Ewan Wilson
Changes to this privacy notice
We keep our privacy notice under regular review. This privacy notice was last updated on 21st May 2018.

British Association of Plastic Reconstructive and Aesthetic Surgeons
Society of Surgical Oncology
General Medical Council
Royal College of Surgeons