We are committed to safeguarding your data and taking necessary steps to ensure your data stays secure. The following policy applies where we are acting as a data controller with respect to the personal data we hold from our clients, including sensitive data in the form of medical records. We are required to collect sensitive personal data by law, and for medical insurance purposes. If you do not consent to providing us with that data, when requested, we may not be able to perform the services that you have asked for. We will only collect this data where necessary and take necessary steps to ensure this data is kept secure. We will only share your personal data with third parties where required and only with your written consent; for example, if we deemed it necessary for a second opinion from another medical expert. You have the right to receive information about the personal data we hold on you. You can obtain a copy of the information we hold about you by contacting us at email@example.com. If you are concerned that any of the information we hold on you is incorrect, please contact us.
How we collect your data
We collect your data upon initial contact when enquiring for a treatment, and via the contact form on our website. When you are undergoing a treatment, we are required by our insurance company to take photographs before and after treatments. This data is kept secure and is not shared with anyone. If someone had a complication, we will seek separate consent to share your image with the manufacturer or other healthcare professionals. Photographs taken for social media are completely separate and have a different consent form. No photographs will be shared without your consent, whether recognisable or anonymised.
What we do with your data
We archive your medical data, and refer back to it if you return for another appointment. It may also be referred to in correspondence with you. We run regular record-keeping audits by independent medical bodies. We are a proud member of the British College of Aesthetic Medicine, and are required to do an annual survey and audit of our records. These are selected at random and any information sent is anonymised. We share demographics, statistics and they ensure our notes are written correctly (such as checking our records are written with a black pen).
How we protect your data
We store your data onsite, in locked premises, within locked filing cabinets. Any online correspondence is encrypted and is kept secure by Google. Images taken for medical purposes are encrypted and kept on-site only. These images are not stored online.
How long we keep your data
We have a legal obligation to keep your medical information for 5 years. Any social media images which have been shared online, only with your consent, will be kept until we have been notified that the if you would like them removed.
Data Protection Officer
You can use our website contact form, or email firstname.lastname@example.org. Our Data Protection Officer is Dr Rachel Tallent. It is very important that the information we hold about you is accurate and up to date. Please let us know if your personal information changes by emailing: email@example.com
If you want to complain about how we have used your personal data please send an email to firstname.lastname@example.org.You also have the right to complain to the Information Commissioner’s Office, the UK’s Data Protection Regulator. Please visit their website for further information: www.ico.org.uk.