Privacy & Personal Data Policy
We have made these updates to reflect the high standards established by the General Data Protection Regulation (GDPR), a set of laws passed in the European Union, which explains how an organisation will handle personal data.
Privacy and Your Personal Data
This policy applies to information collected by us, or provided by you, during your appointment, via email, our website, or in any other way including over the phone.
All your personal data will be held and used in accordance with the EU General Data Protection Regulation 2016/679 (“GDPR”) and national laws implementing GDPR and any legislation that replaces it in whole or in part, and any other legislation relating to the protection of personal data.
The Information We Record During Your Consultations & Treatment Appointments
When you visit the Cranley Clinic you provide personal information including your name, address, date of birth, contact details and medical history.
During your consultation, medical notes are taken. Photography and prescriptions may be required, and a letter sent to your doctor or another specialist. This will form part of your medical records.
During your visit you are asked to read and sign consent and billing forms which form part of your medical records. During your treatment we will record treatment settings, outcomes and may take photographs which form part of your medical records.
The information We Record via our Website
When you visit our website (via a computer, mobile or hand-held device) you may provide us with personal information including your name, address, contact details and financial data (via a third party).
This information is gathered when you request an appointment, email the Clinic, make a purchase from the on-line shop or sign up for our newsletter.
The information We Record via our Emails
When you correspond with the Cranley Clinic by email, we may retain the content of your email and any photographs supplied together with our replies, as they form part of your medical records.
How We Receive Information From Third Parties
All blood and pathology results are sent to the Cranley Clinic encrypted via secure websites. These form part of your medical records.
How We Use Your Information
Your personal details and medical records are for legitimate purposes and ensure we are able to :
• Provide the best possible care
• Diagnose medical concerns, provide treatment plans and write prescriptions
• Provide surgical and cosmetic treatments
• Write letters to third parties
• Confirm your appointment by text, email or phone
• To answer your questions by email or phone
• Keep you up to date on news and treatments offered by the Cranley Clinic
You have a responsibility to inform us if any of your details such as name, address, contact numbers change, so our records are accurate and up to date for you.
From time-to-time, some of the information we hold, may be used for statistical or research purposes. Strict controls will ensure that individual patients cannot be identified.
How We Maintain Confidentiality of your Records
We are committed to protect your privacy and will only use information lawfully in accordance with the Data Protection Act 1998.
Every member of staff has a legal obligation to keep information about you confidential.
We work with an IT Specialist to maintain and protect our data.
Emails containing personal data are encrypted.
How We Share Your Information
We will only share your information if you have given us written permission to make/cancel appointments with a family member/employee.
We never share any information with third parties such as Insurance Companies unless there is a genuine need for it, we receive their request in writing and we have your written consent.
We do not sell our database to third parties.
How Long Do We Hold Your Information
As a medical clinic we are required to hold medical records for ten years.
You have the right to withdraw your consent at any time by contacting us via email or letter. We will no longer contact you although medical records must be retained for ten years.
You have the right to request a copy of your medical records and this request must be put in writing and signed by the patient. We are required to respond to you within 30 days.
You have the right to have information updated or corrected if you feel it is inaccurate, incomplete or out of date. This request must put in writing and signed by the patient.
The revised policy will be displayed on our website and a notification displayed in our waiting room. Where necessary, you may be asked to sign the consent form again.
Objections & Complaints
Our Data Protection Officer is responsible for ensuring the Clinic keeps your information secure and confidential.
If you have concerns about the way your information is managed please contact the Practice Manager or the Data Protection Officer at Cranley Clinic, 106 Harley Street, London W1G 7JE. (email firstname.lastname@example.org)
If you are still unhappy you can then complain to the Information Commissioners Office (ICO) at www.ico.gov.uk or telephone 0303 123 1113.
The Cranley Clinic has a data breach policy and, in the unlikely event of a breach occurring, a further investigation will be held. Lessons learnt will be added to the policy and the relevant supervising bodies notified if required.