Privacy Notice
Overview
General Data Protection Regulation (GDPR) states that personal data must be processed lawfully, fairly and in a transparent manner. In line with the GDPR changes we have updated our Privacy Policy so you can better understand why and how we collect, process and destroy your data. We are committed to protecting and respecting your privacy. This policy, (together with the Terms and Conditions and any other documents referred to in it), sets out the legal basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
What types of Personal Data do we collect?
We collect information about you when you opt-in to our newsletters as well as while registering you as a patient. We may control, process and use your Personal Data, which may include:
- Names
- Postal addresses
- Email addresses
- Telephone numbers
We may also, in appropriate cases and to the extent permitted by law, control, process and use certain special categories of Personal Data which are more sensitive in nature.
Identity of the Company
The WellMan Clinic – 32 Weymouth Street, London W1G 7BU
Lawful basis for Processing
Where we act as Data Controller, we rely on the following legal basis for Processing your Personal Data:
- Consent: if you are a recipient of our online newsletter. If you have consented to receive marketing, you may opt out at a later date.
- Legitimate Interest: if you are our patient or potential new patient, business affiliate, employee or potential employee, or our website visitor, we may decide to send you materials of interest such as information about our services/products which we believe would be beneficial to you.
- Legal Obligation: if we process Personal Data according to requirements of domestic legislation.
Where we act as a Data Processor, we process Personal Data on behalf of Data Controller and we act on their written instructions.
Data protection officer
The GDPR sets out guidelines on when the appointment of a DPO shall be required as follows:
- where the scope or purpose of collecting data requires a regular systematic monitoring of the Data Subjects;
- where the Company processes special categories of data on a large scale;
- where Processing is carried out by a public authority.
The Company has instead agreed to name a responsible officer (the “Responsible Officer”) who may be reached on info@wellmanclinic.org
Purpose of data collected
The personal information we collect is for the following legitimate interest:
- Administration of your appointments and medical records
- Processing your data and medical history for the purpose of treatment and referral
- Keeping you informed and up-to-date with our products and services
- Maintenance of records of communications and management of your relationship with us
- Responding to your enquiries
- Compliance with any present or future law, rule, regulation, guidance, decision or directive (including those concerning anti-terrorism, fraud, AML and anticorruption);
Who we share our information with
We will not share personal information about you with third parties without your consent. We are required, for the purpose of treatments or referrals to sometimes pass on some of this Personal Data to:
- Other medical practitioners or specialists relating to your care
- Your regular GP (if appropriate)
Retention
We will keep your Personal Data for no longer than reasonably necessary. We will retain your personal information in accordance with legal and regulatory requirements as set out in our Data retention policy.
Your rights and your Personal Data
You have a right:
- to request a copy of your Personal Data which the Company or related data Controller holds about you;
- to request the Company or any related Data Controller to correct any Personal Data if it is found to be inaccurate or out of date;
- to request your Personal Data is erased where it is no longer necessary for the Company or related Data Controller to retain such data;
- to withdraw your consent to the Processing at any time if consent constitutes the lawful basis for processing;
- to object to Processing based on grounds relating to the Data Subject situation if the processing is necessary for the performance of a task carried out in the public interest or the processing is necessary for the purposes of the legitimate interest by us or a third party, unless such interest is overridden by your fundamental rights and interests;
- to request a restriction is placed on further Processing;
- to lodge a complaint with the Information Commissioners Office (the UK Supervisory Authority); you can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF;
- not to be subject to a decision based on automated Processing; the Company does not practice such decision making.
Further Processing
Where we may seek to further process your data other than for the original purpose for which it was collected, the Company shall only further process such data where the new Processing is compatible with the original purpose.
Safeguarding measures
We take your privacy seriously and take every reasonable measure and precaution to protect and secure your Personal Data. We work hard to protect you and your information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures in place, including, without limitation, encryptions.
Marketing
When sending marketing materials to patients, we may have the option to rely on your consent or legitimate interest.
We only use legitimate interests for marketing if we have assessed that the information being sent is beneficial to the patient, and have weighed our interests against your own and there is little to no risk posed, the method and content is non-intrusive, and the material being sent is something you would usually expect to receive.
Cookies, analytics and traffic data
Cookies are small text files which are transferred from our website, applications or services and stored on your device. We may sometimes use cookies to help us provide you with a personalised service, and to help make our website, applications and services better for you.
Changes to our Privacy Policy
Any changes we may make to our Privacy Policy in the future will be posted on this page and, where appropriate, notified to you by email.