1) The type of personal information we collect
I collect and process the following information:
Personal data such as name, date of birth, address, email address, telephone number, registered GP, and emergency contact information
Sensitive data such as medical history, medications and aesthetic history
Protected characteristics (race, religion, sexual orientation, gender, age, disability, pregnancy and maternity status)
2) How I obtain the personal information and why I have it
The personal information processed by myself is provided directly by you the client, for one of the following purposes;
To open and maintain channels of communication between yourself and I (such as to respond to any requests for call back or enquiry)
To assess suitability for the requested treatment
To form a record of care ensuring continuity, and to monitor effectiveness of any treatment
To ensure all legal and regulating body requirements are met
For internal auditing, to ensure high standards of care are met and maintained and,
To provide an accurate record of care for informing any future investigations following adverse incident or complaint
I may share this information only with your permission, unless required to do so by law.
3) Under the UK General Data Protection Regulation (UK GDPR), the lawful bases I rely on for processing this information are;
Your consent; you may withdraw consent at any time. You can do this by contacting myself directly on the contact details above
Contractual basis; I provide your requested service in exchange for a fee. The requested service requires processing and storage of your personal information for the purposes listed in section 2).
Legal and professional obligation; as found here
4) How I store your personal information
All personal information is securely stored within your electronic client record.
I keep your client record containing all of the collected personal information for a period of 6 years.
5) Your data protection rights
Under data protection law, you have rights including:
Right of access; you may ask for copies of your personal information.
Right to rectification; should you suspect that information held in your record may be inaccurate or incomplete, you may ask myself to rectify this information.
Right to erasure; you may ask to erase your personal information in certain circumstances.
Right to restriction of processing ; you may request I restrict the processing of your personal information in certain circumstances.
Right to object to processing: you have the the right to object to the processing of your personal information in certain circumstances.
Right to data portability; you may request that I transfer the personal information you gave to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, I have one month to respond to you.
Please make contact if you wish to make a request.
6) How to complain
If you have any concerns about the use of your personal information, you can make a complaint directly.
You can also complain to the ICO if you are unhappy with how I have used your data.
The ICO’s address is:
Information Commissioner’s Office
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk