This Privacy Notice provides you with details of how we collect and process your personal data. By providing us with your data, or the data of a child for whom you have responsibility you warrant to us that you are over 13 years of age. We are committed to protecting your privacy and legal rights when dealing with your personal information. If you have any queries about this Privacy Notice or the information that we hold, please contact us at firstname.lastname@example.org. We are registered with the information Commissioner’s Office.
Who we are
Medical Dermatology London, Dr Amanda Saracino Ltd
Email address: email@example.com
Postal address: Medical Dermatology London, 25 Harley Street, London W1G9QW
It is very important that the information we hold about you is accurate and up to date. Please let us know if at any time your personal information changes by emailing us at Info@meddermlondon.co.uk
Definitions of Terms
‘We’, ‘our’, ‘us’, ‘Company’ is a direct reference to Medical Dermatology London (Dr Amanda Saracino Ltd), ‘services’ means health care related services provided by us, as defined in ‘Scope of Health Care services’.
GDPR means EU General Data Protection Regulations that come into force on May 25th 2018. ICO means the Information Commissioner’s Office and will also refer to any successor to it as the UK data protection authority.
Scope of Healthcare Services
Medical Dermatology London, Dr Amanda Saracino Ltd provides the following health care services: Dermatology
How we collect personal information
- Your parent or guardian, if you are under the age of 18 years
- A family member, or someone acting on your behalf
- Your interpreter, when acting on your behalf
- From yourself, either in face to face consultations, or via electronic communications such as email, telephone, or postal communications
- Manually, when you fill in referral, registration and online contact forms
- Clinicians involved in your care, and their administrators
- When given directly by social services, carers, relatives and friends – over the phone or in person
- From providers of medical imaging and diagnostic testing involved in your care
- From your private medical insurance provider or referring Embassy
- In emergency situations by the social services, police or ambulance service staff
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
Types of personal information that we collect
Standard personal information, which includes but is not limited to:
- Email address(es)
- Telephone number(s)
- Date of birth
- Next of kin, or similar
- Details of any complaints or grievances raised that related to the provision of our services
- financial details that relate to payments for our services (we do not store card details)
- Account details relating to your private medical insurance provider
Special Category personal information, which is personal information specifically relating to your:
- Ethnic origin
- Health, both physical and mental
- Sex life
- Sexual orientation
Special Category personal information relating to health includes clinical notes, examination findings, medical imaging data related to your care, diagnostic test results, correspondence and communications from other clinical professionals which relates to your current or past clinical care.
What we use your personal information for
By law, we need to have a lawful basis for processing your personal information.
For ‘Special Category’ personal information, because we are a provider of health care services, we have several reasons for processing this information. We would not be able to provide health care services to you without this information. We undertake to process this information in line with Data Protection Laws.
We process Standard personal information to fulfil our Legal Obligation, which requires us to maintain complete records relating to the health care services we supply to you. The records that we maintain require that we process a subset of your Standard personal information, including your:
- Full name;
- date of birth;
- contact details (such as an email address or telephone number);
- your parent(s) or legal guardian details if you are a minor;
If you book into our clinic as a potential patient and we hold no previous clinical records that relate to your direct care, and then you cancel the booking, we will no longer have a legitimate interest in processing your data. In most instances, we would delete any personal information that was used to make the booking.
Please note, that if you are a patient currently undergoing treatment or have appointments booked, we will use your email address to inform you of any changes that relate to our clinic. Examples include changes to fees and change of clinic address.
Data protection laws require us to take appropriate technical and organisational measures to prevent unlawful access or processing of personal information.
The following indicates some of the measures we have in place to ensure the safety and integrity of your data.
- Our clinicians and administrative staff are trained in the appropriate handing of personal information and how to respond to a data breach
- We practice common sense cybersecurity requirements, such as locking screens when away from them, ensuring software updates are installed on release
- We ensure passwords are changed regularly on our systems
- We don’t use systems aimed purely at consumers, such as Gmail personal, or Hotmail
- We encrypt all our hardware that will store personal information, using industry standard encryption methods
- We use Proton Mail encrypted email to communicate with you and other clinicians directly involved in your health care
Who we share your data with
We may need to share your personal data with the parties set out below:
- Doctors, surgeons, clinicians and other health-care professionals, hospitals, clinics and other health-care providers;
- Their administrative staff such as secretaries;
- People or organisations that we are required by law or our regulatory body to share your personal information with;
- The police or other law enforcement agencies, where we are either required by law or a court order;
- A parent or legal guardian if you are a minor;
- Any person that you have authorised us to share information with
We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions.
How long we retain your data
As we are processing your personal data for provision of health care services, we have a legal obligation to process this data. Normally we will process or store your personal information for eight years for adults and until their 25th or 26th birthday if a child. We will also store information to ensure we can deal with any legal claims that arise from you using our services, and the data will be stored for as long as is required and advised in those circumstances.
What rights you have over your data
Under data protection laws you have rights in relation to your personal data that include the right to request access, correction, erasure, restriction, transfer, to object to processing, to portability of data and (where the lawful ground of processing is consent) to withdraw consent.
You can see more about these rights at https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
If you wish to exercise any of the rights set out above, please email us at firstname.lastname@example.org.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive or refuse to comply with your request in these circumstances. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. If you are not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We should be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you.