Patient Data Protection and Privacy Policy

At Dr Skin Surgery, we are committed to protecting your privacy and will ensure that any information you provide to us will be collected and used in accordance with the General Data Protection Regulation and the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations 2003. We will not share your data with any third party except for administrative purposes relating to the services we provide and where we may be required to do so by law.

 

INTRODUCTION

This patient data protection and privacy policy (also referred to as ‘Policy’ throughout this document) details how Dr Skin Surgery utilises your personal data when we are providing a service to you or you are visiting our website, along with outlining your legal rights regarding our use of your data. This Policy applies to our current clients as well as our prospective clients and applies to all personal data we process regardless of the media upon which it is stored. 

It is important that you read and understand this document for the purpose of applicable data protection legislation (including but not limited to the UK General Data Protection Regulation (the “GDPR”), the Data Protection Act 2018 and the Privacy and Electronic Communications Regulation 2003 so that you are fully aware of how and why we use your personal data.

This Policy will explain the following:

  • Who We Are and Our Details
  • Complaints
  • The Data We Collect
  • How Your Personal Data is Collected
  • How We Use Your Personal Data
  • Your Data Protection Rights
  • Cookies and Webtracking
  • Disclosures of Your Personal Data
  • Data Security
  • Data Retention

WHO WE ARE AND OUR DETAILS

Dr Skin Surgery is the data controller and responsible for your personal data (also referred to as “we”, “us” or “our” in this Policy).

If you have any questions about Dr Skin Surgery’s privacy policy, the data we hold on you, or you would like to exercise one of your data protection rights, please do not hesitate to contact us.


Email: info@drskinsurgery.com
Phone: 07552 555 869; 01494 580 942

COMPLAINTS

Should you wish to report a complaint or if you feel that Dr Skin Surgery has not addressed your concern regarding your data protection rights in a satisfactory manner, please get in touch as soon as you can for us to investigate. We would appreciate you approaching us first so that we have the chance to deal with your issue. However, if you are still dissatisfied, you have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).

THE DATA WE COLLECT

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

This website may include links to third-party websites, applications, and plugins. Dr Skin Surgery does not control these third-party websites and is not responsible for their privacy statements. We encourage you to read the privacy notice of every website you visit whenever you leave our website.

Personal data refers to any information about an individual whereby that person can be identified. It does not include data where the identity has been removed (anonymous data). Dr Skin Surgery may collect, utilise and retain various categories of personal data about you, grouped as follows:

  • Identity Data: includes first name, last name, title, date of birth and gender.
  • Contact Data: includes home address, email address and telephone numbers. We may also ask you for an emergency contact number.
  • Treatment Data: includes treatment information. This could involve ‘health data’ (outlined further later in this document), and depending on your treatment we may collect photographs for your treatment record.
  • Marketing and Communications Data: includes your preferences in receiving marketing from us and our third parties along with your communication preferences.
  • Transaction Data: includes details about payments and other details of services you have purchased from us.
  • Technical Data: includes IP address, your login data, browser and system information, time zone, browser plug-in types and version
  • Usage Data: includes information about how you use our website, products and services.
  • Financial Data: includes bank account and payment card details
  • Profile Details: includes usernames, passwords, purchases, or orders made by you, your interests, preferences, feedback, and survey responses

 

We may also collect and use anonymous data such as statistical or demographic data for any purpose. This is not considered personal data in law as this data does not directly or indirectly reveal your identity in any way. For example, we may use anonymous data to calculate the usage of a particular feature of our website. With the exception of treatment data, we do not collect any other special categories of personal data about you.

Where we need to collect personal data by law or under our terms and you fail to provide that data when requested, we may not be able to provide you with the requested service. In this case, we may have to cancel a service you have booked with us, which we will notify you about if this occurs.

HOW YOUR PERSONAL DATA IS COLLECTED

We use multiple different channels to collect your personal data. These include various direct interactions, automated technologies, interactions, or third parties or publicly accessible sources or via email, phone, post, or any other means.

This includes any personal details you provide when you:

  • Make an enquiry about any of our services, either online, over the phone or in one of our clinics
  • From your healthcare practitioner if you are referred to us by them 
  • Request marketing to be sent to you
  • Enter a competition, promotion or complete a survey
  • Provide feedback or comment on our social media accounts
  • Contact, financial and transaction data from providers of technical and payment services such as Stripe

How We Use Your Health Data

Due to the services that Dr Skin Surgery provides, it will be necessary for us to use information about your health. Where we use information about your health for the purpose of providing our services to you, the additional lawful basis is that doing so is necessary in order to provide you with the health care service required.

Please contact us if you require further details about the specific legal basis we are relying on to process your personal and health data.

YOUR DATA PROTECTION RIGHTS

Dr Skin Surgery would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following: 

The right to access – You have the right to request copies of your personal data. We may charge you a small fee for this service. 

The right to rectification – You have the right to request that Dr Skin Surgery correct any information you believe is inaccurate. You also have the right to request that Dr Skin Surgery complete information you believe is incomplete. 

The right to erasure – You have the right to request that Dr Skin Surgery erase your personal data, under certain conditions. 

The right to restrict processing – You have the right to request that Dr Skin Surgery restrict the processing of your personal data, under certain conditions. 

The right to object to processing – You have the right to object to Dr Skin Surgery’s processing of your personal data, under certain conditions. 

The right to data portability – You have the right to request that Dr Skin Surgery transfer the data that we have collected to another organisation, or directly to you, under certain conditions. 

You will not have to pay a fee to access your personal data or to exercise any of the other rights. However, we may charge a fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise your other rights). This is a security measure to ensure that personal data is not discussed with any person who has no right to receive it. We may also contact you to ask for further information in relation to your request to speed up our response.

If you would like to exercise any of these rights, please contact us. We aim to respond to all legitimate requests within one month. Occasionally, it may take us longer if your request is particularly complex or you have made a number of requests. In this case, we will notify you.

COOKIES AND WEBTRACKING

What are Cookies?
Our website uses cookies to track its progress and provide users with a tailored experience. Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. When you visit our website, we may collect information from you automatically through cookies or similar technology.

What Types of Cookies do We Use?

There are a number of different types of cookies. Our website uses:

  • Functionality – Dr Skin Surgery uses these cookies so that we recognise you on our website and remember your previously selected preferences. These could include what language you prefer and the location you are in. A mix of first-party and third-party cookies is used.
  • Advertising – Dr Skin Surgery uses these cookies to collect information about your visit to our website and information about your browser, device, and IP address. We sometimes share some aspects of this data with third parties for advertising purposes. Dr Skin Surgery may also share online data collected through cookies with our advertising partners. This means that when you visit another website, you may be shown advertising based on your browsing patterns on our website. 

 

How to Manage Cookies

You can set your browser not to accept cookies. However, in a few cases, some of our website features may not function as a result. 

DISCLOSURES OF YOUR PERSONAL DATA

On occasion, we may have to share your personal data with certain third parties highlighted below: 

  • IT – Service providers who offer IT and system administration services
  • Advisors – Professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services
  • Authorities – HM Revenue & Customs, regulators and other authorities who may require reporting of processing activities

 

All third parties are required by Dr Skin Surgery to respect the security of your personal data. 

DATA SECURITY

At Dr Skin Surgery, we are dedicated to preventing any accidental loss of personal data, along with unauthorised access or use. We limit any access to your personal data to only those who need it, both internally and externally. Dr Skin Surgery ensures strict data confidentiality at all times. In the unlikely event of a data breach occurring, we will notify you.

 

DATA RETENTION

Dr Skin Surgery only retains your personal data for as long as necessary to fulfil the purposes we collected it for. To establish the length of time that we hold your personal data for, we consider the type of data it is along with its sensitivity and potential risk if used incorrectly.

Book an appointment