Who are we?
Dr Sobia Medispa is the data controller. We are responsible for your personal data (“we”, “us” or “our” in this privacy notice). By providing us with your data, you warrant to us that you are over 16 years of age.
This privacy notice provides details of how we collect and process your personal data through your use of our website drsobiamedispa.co.uk, and at our clinics in Clitheroe and Burnley.
How we collect & process your information
To the extent permissible under applicable law, we collect information about you and any other party whose details you provide to us when you:
- register to use our websites, applications or services (including free trials); this may include your name (including business name), address, email address and telephone number. We may also ask you to provide additional information about your business and your preferences; place an order using our websites, applications or services; this may include your name (including business name), address, contact (including telephone number and email address) and payment details; complete online forms (including call back requests), take part in surveys, post any blogs, enter any competitions or prize draws, download information such as white papers or other publications or participate in any other interactive areas that appear on our website or within our application or service; interact with us using social media; provide your contact details to us when registering to use or accessing any websites, applications or services we make available or when you update those details; and contact us offline, for example by telephone, fax, SMS, email or post.
- We will also collect your information where you only partially complete and/or abandon any information inputted into our website and/or other online forms and may use this information to contact you to remind you to complete any outstanding information and/or for marketing purposes.
- We also collect information from your devices (including mobile devices) and applications you or your users use to access and use any of our websites, applications or services (for example, we may collect the device identification number and type, location information and connection information such as statistics on your page views, traffic to and from the sites, referral URL, ad data, your IP address, your browsing history and your web log information) and we will ask for your permission before we do so. We may do this using cookies or similar technologies.
We may enhance personal information we collect from you with information we obtain from third parties that are entitled to share that information; for example, information from credit agencies, search information providers or public sources (e.g. for customer due diligence purposes), but in each case as permitted by applicable laws.
If you intend giving us personal information about someone else, you are responsible for ensuring that you comply with any obligation and consent obligations under applicable data protections laws. In so far as required by applicable data protection laws, you must ensure that beforehand you have their explicit consent to do so and that you explain to them how we collect, use, disclose and retain their personal information or direct them to read our Privacy Notice.
Information which is processed
The following categories of personal data about you may be processed:
From time to time, we may use your information to contact you with details about our applications, products and services which we feel may be of interest to you. We may also share your information with our group companies and carefully selected third parties so that they (or we) may contact you with information about their products or services which we feel may be of interest to you. We or they may wish to contact you for this purpose by telephone, post, SMS or email. You have the right at any time to stop us from contacting you for marketing purposes. You may also request at any time that we do not share your information with third parties referred to in this paragraph. If you wish to exercise these rights you can do so by selecting your contact preferences at the point where you provide us with your information on our websites, applications or services, we give you access to or by sending us an email to firstname.lastname@example.org. You can also unsubscribe from any email marketing using the links provided in the emails we send to you.
Communication & correspondence data
We use various methods to communicate with you. This includes email, text messages, social media messaging, website booking form, phone and any other methods used by you. We may monitor and record our communications with you. Information which we collect may then be used for training purposes, quality assurance, to record details about our website, applications and services you order from us or ask us about, and in order to meet our legal and regulatory obligations in addition to record keeping.
Patient (client) & sensitive data
We process patient information to enable us to support the provision of services to patients, maintain our own accounts and records, promote our services, and to support and manage our employees. Patient data and sensitive data, makes up your medical record. We process this data to assess your suitability for treatment, and to deliver safe and appropriate treatment to you.
If personal or sensitive data required by law, or under the terms of the contract between us and you, is not provided, we may not be able to perform the contract (i.e. deliver treatments or products or services). We will only use your personal data for a purpose it was collected for or a reasonably compatible purpose if necessary. We may process your personal data without your knowledge or consent where this is required or permitted by law.
The types of patient information we use include:
• personal details such as names, addresses, telephone numbers
• family details for example next of kin details
• visual images, personal appearance
• details held in the patient’s record, where we hold or manage the patient’s record
• responses to surveys, where individuals have responded to surveys about our services issues
• Before / after photography for the purposes of treatments and outcomes.
We also process sensitive classes of information that may include:
• racial and ethnic origin
• religious or similar beliefs
• medical history
if you do not provide us with that data when requested or required, we may not be able to perform the contract or deliver treatment or products to you. Your personal and sensative data will be subject to confidentially requirements.
Data from website & social media platforms
We collect information from your devices (including mobile devices) in relation to our website and social media platforms. This data is used to perform analysis of website and social media usage and to help deliver appropriate marketing and advertising and relevant content to help us with our business strategy. We collect various data about your use of our website and social media platforms. This includes (but is not limited to) your IP address, browser details, page viewed and length of time on pages, navigation, and other statistics used across our website or any third party integrated tools or plugins on our website.
Who your information may be shared with
We may share your information with the following parties listed below. All third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law.
• Partners, including system implementers and IT system administrators, independent software vendors and developers that may help us to provide you with the systems, products, services and information you have requested or which we believe is of interest to you.
• Marketing agencies and partners to help advertise and market our products and services
• Third parties used to facilitate payment transactions, for example clearing houses, clearing systems, financial institutions and transaction beneficiaries
• Credit reference and fraud prevention agencies
• Regulatory bodies who inspect our activities, products and services, including government bodies
• Law enforcement agencies so that they may detect or prevent crime or prosecute offenders
• Professional agencies such as lawyers, bankers, auditors and insurers
• Your General Practitioner or Consultant and other healthcare providers
Security and storage of information
We will keep your information secure by taking appropriate technical and organisational measures against its unauthorised or unlawful processing and against its accidental loss, destruction or damage.
We allow access to your personal data only to those employees and partners who have a business need to know such data. We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. The law requires that all medical records are retained for 10 years post treatment.
We will do our best to protect your personal information but we cannot guarantee the security of your information which is transmitted to our website, applications or services or to other website, applications and services via an internet or similar connection.
Other websites & third parties
If you follow a link from our website, application or service to another site or service, this notice will no longer apply. We are not responsible for the information handling practices of third party sites or services and we encourage you to read the privacy notices appearing on those sites or services.
Our website contains third party plugins and links to our website. We do not control these third-party websites or plugins and cannot take responsible for their privacy statements.
Our cookies may be session cookies (temporary cookies that identify and track users within our websites, applications or services which are deleted when you close your browser or leave your session in the application or service) or persistent cookies (cookies which enable our websites, applications or services to “remember” who you are and to remember your preferences within our websites, applications or services and which will stay on your computer or device after you close your browser or leave your session in the application or service).
Your legal right
The information we hold must be accurate and up to date. For any changes to your personal information please contact us using the contact details at the end of this data privacy notice.
If you have any queries about how we treat your information, the contents of this notice, your rights under law, how to update your records or how to obtain a copy of the information that we hold about you, please use the contact details below to get in touch with us. Any requests will be responded to within one month.
You may want further details on your rights by visiting the link below:
Name: Dr Sobia Medispa (Registered in England No. 11261046)
Contact: Dr Sobia Syed
Email address: email@example.com
Postal address: The Old Post House, 46 King Street, Clitheroe, BB7 2EU
Telephone number: 01200 760525