Your privacy is important to us and we are committed to protecting it. We will make sure that any personal information you provide us with is collected and used in accordance with the General Data Protection Regulations (GDPR). We will not share your data with any third party, except for administrative purposes regarding our services, or where we are required to do so by law.
WHEN DO WE COLLECT YOUR PERSONAL INFORMATION?
We collect your personal information when you give it to us, via our website, email, at your clinic appointment, or over the phone.
WHAT PERSONAL INFORMATION DO WE STORE?
We store the personal details you give us, such as your name, address, email address, contact phone number(s) and sometimes your date of birth. We also store relevant medical information, your appointments and treatments, treatments you’ve expressed an interest in and photographic documentation of you before and after your treatments.
WHY DO WE STORE YOUR PERSONAL INFORMATION?
We store the information you give us so that we can provide the safe, effective, treatment you’ve asked for, and check that it’s going to plan. We also use it to contact you by telephone, text message, email or post regarding information you’ve requested about products or treatments. We use it to send you marketing information about other treatments that we think you may find beneficial or interesting. You can opt out of marketing communication at any time using our unsubscribe options on email or text message, or verbally with our customer care team or in clinic.
IS YOUR PERSONAL INFORMATION SAFE?
All of your information is kept on our secure, encrypted servers in Basildon, Essex and London. We have policies and procedures in place to make sure that only authorised personnel, with defined roles and responsibilities, can access this information, which is stored and handled in a secure and sensible manner. We hold regular security audits. All systems that can access your information have proportionate and reasonable security measures in place.
Three of our trusted suppliers have access to your personal information:
- E-clinic (support and maintenance of our booking system)
- Oversea Labs & TJR System Specialists (security audits, development & maintenance of our computer systems)
- MailChimp (we use this to send emails to you)
WHAT INFORMATION DOES OUR WEBSITE GATHER/TRACK?
You can browse our website without entering any personal information. However, our website anonymously logs your IP address (which identifies your computer) and browser type (the computer programme you use to access the internet), to provide you with the best possible user experience. Every so often we analyse our IP address logs so that we can more effectively market our products and services to our website visitors.
WEBSITES WE LINK TO
WHAT ARE COOKIES?
HOW TO REMOVE YOUR PERSONAL INFORMATION FROM OUR DATABASE
You can have your information removed from our database at any time – and stop receiving special offers and information from us – by unsubscribing from our emails. You can do this by emailing [email protected], or by writing to us at Courthouse Clinics Customer Care Team, The Pavilion, Josselin Road, Basildon, Essex, SS13 1QB. You can also email [email protected] if you would like to correct or update any information we hold about you. This applies both to personal information and information for Marketing purposes.
Please be aware that the Department of Health recommends that personal medical information is stored for 10 years. However, if you wish, you can have your medical records removed from our database by writing to the address above.
INFORMATION COMPROMISE OR DATA BREACH
We have appointed a Data Protection Officer who is responsible for overseeing our data protection strategy and implementation, to ensure compliance with the new GDPR rules. In the unlikely event that any information under our control is compromised as a result of a breach of security, Courthouse Clinics will take all reasonable steps to investigate and resolve the situation. We will report any breach promptly to the relevant authorities, and we will contact the people whose data has been affected.