Data Protection Controller and Contact Details
Mediskin Clinic is a “Data Controller” and we are therefore required to notify you about how your information is held and used pursuant to the Data Protection legislation.
As a visitor, you do not have to submit any personal information in order to use the website. The site collects and stores personally identifiable information that is specifically and voluntarily provided by visitors. Such information may consist of, but is not limited to, your name, job title, company address, email address, telephone and fax numbers and any financial information that you choose to disclose, and we do not collect such personal information without your knowledge. This information is broadly termed as “personal data” or “personal information”.
In the event that you choose to supply personal information either through the website, email or by telephone, we will collect, use, share and store this personal data. We collect this information when we speak to you on the telephone, from an online application made via our website and from documents, email or other correspondence that you send to us.
Where personal and financial information relating to another person or your partner is supplied by you, you confirm that you have their consent or are otherwise entitled to provide this information to us and for us to use it.
We will collect further information if you contact us with comments or specific requests which may include requests to be contacted for marketing purposes or by social media. In these cases, in addition to the data set out above, we may also hold, use, share and store marketing preferences, payment details, event attendances, usernames, engagement details, likes, retweets, shares, reactions, comments.
We do not usually seek sensitive information (e.g., data relating to race or ethnic origin, religious beliefs, criminal record, physical or mental health, or sexual orientation) from you. We will, where necessary, obtain your explicit consent to collect and use such information.
For training purposes, we do have the facility for employees of Mediskin Clinic to elect to record a telephone call. Where calls are recorded you will be advised of this at the outset of the call. Details of any call will be monitored and recorded. Such details will include (but not be limited to) the caller identification telephone number, the number called, the time, date and duration of the call and the disposition of the call (please note that call monitoring excludes the actual call recording).
Cookies do not collect personal information such as your name or email address. Cookies can be rejected. However, under specific circumstances, visitors may be denied access to some parts of our site if their browsers reject cookies.
We will only use any personal information which you supply to us through this website, via email or on the telephone when the legislation allows us to do so. The legislation states that we must identify the purpose and basis upon which we use your personal data. We rely on a number of lawful basis for processing your personal data:-
1. Where you have given your informed, unambiguous and specific consent
2. Where we need to comply with a lawful obligation
3. Where we need to perform a contract that we have entered into with you
4. Where it is necessary for us to use your personal information to pursue our legitimate interests (or those of a third party)
We never sell your personal information to any third party.
How we use your personal data
• We will use your information to comply with our lawful obligations to prevent and detect fraud, money laundering and other crimes
• Carry out regulatory checks and meet our obligations to any relevant regulatory authority
• To assist us in providing our services to you, and to improve and develop our services to you and other customers
• To market to you – we may periodically send out promotional emails about new services or other information which we think you may find of interest. We will use only the information you have provided and we will ensure that any such marketing activities comply with applicable law
To Unsubscribe From Our Communications
You may unsubscribe from our marketing communications by emailing us at firstname.lastname@example.org.
Disclosure of Information to Third Parties
Although we may provide visitors’ information to service providers that handle information on our behalf, we will usually not share the information with third parties unless otherwise disclosed at the point of collection.
Examples of where your personal information will be supplied to third parties are circumstances where we would need to engage those third parties to provide public relations and marketing, IT support, document management systems, case management systems, printing, reprographic support, event hosting, email marketing management systems and market insight services. In these scenarios all third parties will be required to take appropriate security measures to protect your personal information in line with our engagement with them and in accordance with the law. We do not allow third parties to use your personal data for their own purposes.
Where appropriate, personal information may be disclosed to law enforcement, regulatory or other government agencies or third parties where necessary or desirable to comply with legal or regulatory obligations or requests or for the purposes identified above.
In cases where legislation requires us to carry out an identification check, we will validate your name, address and other personal information supplied by you against an appropriate third party database. You should advise us if you do not consent to such a check being made. In performing these checks, personal information provided by you may be disclosed to a registered Credit Reference Agency which may keep a record of that information. The checks are only to confirm your identity. A credit check is not performed and your credit rating will be unaffected.
Retention of Personal Data
We will only retain your personal information for as long as necessary to fulfill the purpose for which we collected it in line with statutory and regulatory rules of retention. In the majority of instances, the period for retaining your personal data shall be 6 years from the date of closure of contact which you may have with us. In the event that the basis on which we are holding your personal information requires this information to be kept for a reduced period of time then it shall be retained in accordance with our retention policies in place from time to time. Examples of this are:-
1. Marketing information – the retention period shall be the period of our relationship with you and for a period of 6 years afterwards.
2. Social media information – for a period during which we are connected with you on any given social media platform.
3. Client matters (including where you are taken on as a client and have an engagement for services with us) – 6 years from the date on which the matter has been closed or has ended.
4. Information required by law when commencing a client engagement – period of 6 years from the date on which the relevant matter has ended.
Access to Information
You have the following data protection rights: you can request access, correction, updates or deletion of your personal information. You can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information. If we have collected and processed your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
To exercise any of these rights, please email email@example.com. We will respond to your request to change, correct or delete your information within a reasonable timeframe and notify you of the action we have taken.
We have in place reasonable commercial standards of technology and operational security to protect all information provided by visitors from loss, misuse, alteration or destruction.
If you have any concerns over how we have used or are using your data then please email firstname.lastname@example.org in the first instance.
If you are still not satisfied that we have addressed your concerns adequately you have a right to lodge your complaint with the Information Commissioners Office, the details of which are available at www.ico.org.uk.