GENERAL DATA PROTECTION REGULATION
Sheridan France/Hampstead Facial Aesthetics Ltd.
Under current data protection legislation the law has now defined how we collect, use, disclose, retain and dispose of your personal data as well as your personal data rights.
We are committed to ensuring that your privacy is protected at all times and therefore have defined within this privacy notice the key principles of how we handle both your Personal data and Sensitive personal data.
What personal data do we collect and what do we use it for?
We may collect and process both Personal Data and Sensitive Personal Data (special category data) and the forms are:-
Website: When making an online enquiry you may be asked to enter your name, telephone number and treatment enquiry.
Registration form: Upon registration you will be required to provide as with personal information such as name, date of birth, GP contact details, treatment history and medical history.
Medical notes and medical history: During your consultation we will collect medical information, past treatment, medical history, and consent. This information will only be processed by the designated member of staff who is appointed the processor and controller under the respective lawful basis for processing special category data.
Sheridan France/Hampstead Facial Aesthetics Ltd may process both personal data and special category data. The type of data that is needed to take an accurate medical record before being able to carry out a treatment may fall under both Personal data and special category data (sensitive personal data)
This is any information relating to an identifiable person who can be directly or indirectly identified. For example: Name, ID, online identification.
Sensitive Personal Data (Special category data)
Special category data is personal data which the GDPR says is more sensitive and therefore needs more protection.
In order to lawfully process ‘special category data’, and ‘sensitive data’ we have identified both a lawful basis under Article 6 Consent and Vital Interest and a separate condition for processing special category data under Article 9 (2) (h)of the GDPR.
(h) ‘processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3;’
Lawful basis for processing your data
We have reviewed our Lawful Basis and have identified Consent and Vital Interests as being the most appropriate Lawful basis for processing your data. (Article 6)
Lawful Basis requires that the processing of patient data must be ‘necessary’.
Consent: In order to carry out an aesthetic treatment at the clinic we will need to obtain clear consent to process your personal data for a specific purpose.
(NMC Code of conduct (4.0-4.2))
You may later withdraw your consent by informing us in writing at any time.
Vital interest: the processing of patients data is important to protect some ones life .
(The NMC Code of conduct (1.4, 4.3, 5.4,))
Under the guide for transparency, ‘right to be informed’, Sheridan France/Hampstead Facial Aesthetics will ensure that all person will be informed of the Lawful basis for processing and the intended purpose for processing your data.
To whom and when will we disclose or share your personal data?
We will not share, sell, distribute or lease your personal information to any third party unless we have your prior permission or are required to do so by law.
In the case of third party, where you have given your permission for us to share your information, such as specific health care professional or pharmacists, if we do, we will require that these third parties acting on our behalf protect the confidentiality and security of your data that you have agreed to share with them.
How long do we keep your data for?
The personal data we hold on will be stored for a period of 10 years.
What are your rights
You have the right to be informed, have access, rectify, erase, object or restrict processing of any data that we hold on you.
To exercise these rights please contact us either by phone or in writing.
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect.
Revising the Privacy Notice
From time to time we may need to make changes to our privacy notice to reflect changes in legal obligations or the ways in which we process your data. We will notify you of any changes that may become effective that will effect you.