Policy date: July 2022
Date ratified: July 2022
Ratified by: Montasser Mahran
Next review date: July 2023
We use personal information in order to provide services to our clients, and to maintain records of previous clients. We have set out at the bottom of this policy more information on the categories of personal information that we collect, the specific ways in which that personal information is processed by us, the legal bases which permit us to do this and the types of organisations with whom we share your personal information. In some cases where we ask for your personal information, we do so in order for us to fulfil your request (e.g. sending you more information about our role of administering you as our client. If you do not provide that personal information, we will not be able to process you as a client.
Where your consent is required for us to process your personal information, we will ask for your consent at the point at which you provide your data. You have the right to withdraw that consent at any time. You can also update your personal information at any time. If you wish to do either, contact us at email@example.com
Note: We do not sell your personal information to third parties.
Your personal information will not normally be transferred outside of the UK. If we are required to do so, we will only transfer your personal information provided that we are satisfied that appropriate contractual and technical safeguards are in place. We will only keep records of your personal information for as long as is reasonably necessary for the purposes for which we have collected it, and in order to comply with any statutory or regulatory obligations in relation to retention of records. We respect requests to stop processing your personal data for marketing purposes. This includes keeping a record of your request indefinitely so that we can respect your request in future.
You have the right to request access to and rectification or erasure of personal information, the right to restrict processing of your personal information, and the right to object to processing of your personal information.
You have the right to object to your personal information being processed on the grounds of our legitimate interests. You have the right to object to us sending you direct marketing and profiling you for the purposes of direct marketing. You have the right to lodge a complaint regarding our processing of your personal information with a data protection supervisory authority in a country where you live, work, or where you believe a breach may have occurred.
The rights set out in this paragraph apply to any personal information we hold for your relatives or next of kin.
The data controller for our websites, products and services is Endometriosis Care:
BMI, The Manor Hospital
You can reach us at firstname.lastname@example.org for any questions regarding this policy or in relation to how we handle personal information in any way.
Endometriosis care are registered with the Information Commissioners Office as data controllers
We collect and process personal information about you when you request information from us and this information includes:
For all of the above, as appropriate: CCTV data recorded on the site’s premises, sensitive personal information such as ethnic origin, and relevant medical information (including details of physical or mental health). Sensitive personal information is processed only where necessary for the provision of providing our services to you. We may collect this information from you directly, from third parties, or indirectly, for example, through use of our CCTV systems.
We use your personal information as follows:
1) To fulfil a contract with you or take steps at your request before this:
2) As required, to conduct our business and pursue our legitimate interests, in particular:
3) Where you give us consent:
4) For purposes which are required by law:
We may share your personal information (including sensitive personal data where appropriate) with third parties, including local authorities and other public bodies (e.g. the DBS, UK Border Agency, HM Revenue and Customs, and Department for Work and Pensions), other health professionals, contractors appointed to process data on behalf of Endometriosis Care and our professional advisors.
Reasons for sharing your personal information may include:
We will also share your personal information if we think this is necessary to in order to protect the rights, property, or safety of Endometriosis Care, our employees, or our commercial partners.
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.