Who is responsible for your data?
Sayer Clinics Ltd is responsible for your data. Our address is: 8 Sunningdale Gardens, London W8 6PX. We are the data controller of the data which we collect from you, and as such we control the ways your personal data is collected and the purposes for which your personal data are used.
Personal data we collect about you:
- Contact Details
- Date of Birth
- Where you work
- Payment details
- Appointment history
- Diagnoses and treatments
How we use your personal data
We collect your personal data in order for us to:
- Fulfil our contract with you (to provide our service to our patients)
- Book your appointments
- To enable you to purchase appointments with us
- Maintain your records on our systems
- Communicate with you in order to send you information about your appointment
- To run our business in an efficient and proper way
- To fulfil our administrative purposes including accounting and billing
Marketing: How to manage the messages we send to you
If you receive our newsletter, you can control if you want to opt out by either clicking the unsubscribe link in the bottom of the most recent newsletter email that you’ve been sent, or you may log in to your account online, click the “account details” button and deselect the newsletter option.
You can opt in to marketing emails by logging in to your account, click the “account details” button and selecting the newsletter option.
If you’re unsure, email us on firstname.lastname@example.org and we’ll adjust your preference according to your wishes.
How long we keep your data
We keep your account active with your full treatment history for as long as you are a patient with us. This allows us (our staff, practitioners and the website) to provide a personalised service to you.
Once your account has reached 2 years of inactivity (no login or no appointments booked within a 2 year period), we will send you an email to let you know that we are going to remove your account. If you have had no appointments, we will give you 24 hours and remove all your details from our systems. If you have had appointments with us, then we will send you 2 emails, one giving 7 days notice and another giving 24 hours notice. If you don’t reply to the email, then your account will be removed.
How we protect your data
We protect your personal data against unauthorised access, unlawful use, accidental loss, corruption or destruction.
We have technical measures in place to protect your information and so that your account remains secure. We limit who can access our systems and keep our security and policies under review.
Who we share your data with
- Our clinic booking and management systems
- Your insurance company (should it be BUPA or AXA, this is routine and part of our agreements with them)
- At your request we may share your details with your insurance company that is not BUPA or AXA
- Payment systems: We use PayPal and Sage Pay to process online payments
- Google (which powers our email system and internal file sharing)
- Emailing systems for marketing and transactional emails
- Should it be required of us, we will share data with law enforcement/Government/Health bodies in case of having to comply with the law
Transfers of data outside of Europe
Our system for sending emails to you from the website does operate outside the EAA, but it is Privacy Shield Certified as can be seen in this article.
The system that sends our marketing emails operates outside the EAA and is Privacy Shield Certified as can be seen in this article.
Under the GDPR, you have several rights that you can exercise.
- The right of access (often called an SAR)
- The right to rectification
- The right to erasure (often called ‘right to be forgotten’)
- The right to restrict processing
- The right to object
Should you wish to exercise any of these rights, please contact us on email@example.com or call the clinic on 020 7937 8978 and we’ll help you. There’s no charge for these requests (unless repetitive) and we aim to fulfil your request as soon as we can and within 30 days.
We do not use profiling or automated decision making, so that is not something that our patients need to opt out or opt in to.
Currently, there’s no process by which we can automatically share your patient history with another provider that you specify (data portability), so your right to data portability cannot practically be fulfilled. However, should you wish to exercise this right, please contact us at firstname.lastname@example.org and we’ll liaise with our technical team in order to discuss your request.
If you have any complaints on how we use your data, please email us at email@example.com or call the clinic on 020 7937 8978 during opening hours and we’ll do our best to help.
Alternatively, you can contact the Information Commissioner’s Office by telephone on 0303 123 1113 or view their website at www.ico.org.uk/concerns/.
You can write to us at Sayer Clinics, 8 Sunningdale Gardens, London W8 6PX. You can email us at firstname.lastname@example.org or call the clinic on 020 7937 8978 during clinic opening hours.