About this privacy policy
This privacy policy has been written to provide you with information about how the HarveyRhys Clinic Limited (“we”, “us”, “our”) handles or intends to handle personal information in accordance with the UK General Data Protection Regulation (“UK GDPR”). This policy relates specifically to our collection and use of personal information of members, patients and website users for the purposes of running our clinic.
About us
We are the HarveyRhys Clinic. We are a private limited company (company number 10876475). Our registered office address is Heritage House, 9b Hoghton Street, Southport, England, PR9 0TE. We are registered as a data controller with the Information Commissioner’s Office and our registration number is ZA589398.
We aim to process information about you fairly, lawfully, and in a transparent manner. The aim of this document is to provide you with sufficient information for you to be able to understand what we are doing with your data. If you are unsure how we are handling information about you or you think we could improve our privacy information, please let us know.
Information we collect
We collect and hold a range of information about you during the course of our relationship with our members, patients and website users. This includes:
- We collect your contact details including name, email address, postal address and telephone numbers.
- We collect your personal details such as your date of birth and your gender.
- We collect your profile details including your username and password.
- We collect details of your membership which includes details about payments you have made to us, appointments you have attended and details of any services or prescriptions you have purchased from us.
- We collect technical data including your IP address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website.
- We collect and record any information that you provide to us whilst a member of our clinic or that you input into our website.
- We collect a record of your correspondence with us, either through our website, telephone, email or post.
- We collect marketing and communications information including your communication and marketing preferences.
- We keep financial records about the amount of money you have paid us; any amount(s) outstanding and associated recovery action. Depending on your chosen method of payment, we may hold your bank account details
- We may carry out insight and satisfaction surveys to help us to monitor our performance and to improve our services to our members.
- We collect CCTV images where CCTV is in operation in our clinic.
Sensitive personal information we collect
We may also collect, store and use the following more sensitive types of personal information (known as “special category data”):
- Information about your health and medical history (including any information about the medical or health conditions of your family) that you provide to use whilst using our services.
- Information about your prescriptions and any medication you have been prescribed.
- Information relating to dietary requirements, allergies or accessibility requirements.
- Assessments made about your health as a result of using our services (e.g. GP appointments or annual health checks).
- Details of any referrals for treatment made as a result of the information you provide when using our services.
- Equal opportunity monitoring information such as information about your ethnic origin, sexual orientation, health and religion or belief, genetic data.
This list is not exhaustive, as we hold records of most contacts we have with you, or about you, and we process this information, so we can deliver our services and membership to you.
How information is collected
Generally, the information we hold will have been provided by you (e.g. during our membership application process or when we communicate with you), but we may also hold information provided by third parties where this is relevant to your own circumstances. This may include information being provided by your GP, the NHS, referral agencies or your insurance provider.
As you interact with our website, we will automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies.
We will only ask for personal information that is appropriate to enable us to administer our services to you. In some cases, you can refuse to provide your details if you deem a request to be inappropriate. However, you should note that this may impact our ability to provide our membership or services to you if you refuse to provide information that stops us from doing so.
Purposes for processing
We have set out below a description of all the ways we plan to use your information, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate. We may process your information for more than one lawful ground depending on the specific purpose for which we are using your information.
Purpose/Activity | Type of Information | Lawful Basis for Processing Information |
---|
To register you as a new member | Contact details Personal details Profile details Membership details Health and medical information | Performance of a contract with you |
To administer your membership benefits and determine your eligibility for these benefits | Contact details Personal details Profile details Membership details Health and medical information | Performance of a contract with you |
To book you appointments, or to process any of our services you request | Contact details Personal details Profile details Membership details Health and medical information | Performance of a contract with you |
To process and operate our clinic including managing payments, membership fees, charges and collecting any money owed to us | Contact details Personal details Membership details Health and medical information | Performance of a contract with you Necessary for our legitimate interests to recover any debts due to us |
To manage our relationship with you which will include notifying you about changes to our terms or privacy policy and asking you to leave a review or take a survey | Contact details Personal details Membership details Marketing and communications information | Performance of a contract with you Necessary to comply with our legal obligations Necessary for our legitimate interests to understand how our members use our services to develop them and grow our clinic |
To administer and protect our clinic and our website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) | Contact details Profile details Technical data | Necessary to comply with our legal obligations Necessary for our legitimate interests to run our business, provision of IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise |
To use data analytics to improve our website, services, marketing, member relationships and experiences | Technical information | Necessary for our legitimate interests to better understand our members and their use of our services, to keep our website up to date, to develop our business and to inform our marketing strategy |
To make suggestions and recommendations to you about our services and our clinic that may be of interest to you | Contact details Technical information Profile data Marketing and communications information | Necessary for our legitimate interests to develop our products and services and to grow our clinic |
To send you our newsletter because you have requested us to do so or because it forms part of our contract with you | Contact details Profile data Marketing and communications information | Consent Performance of a contract Necessary for our legitimate interests to develop our products and services and to grow our clinic |
Purposes for processing – Sensitive personal information
We have set out below a description of all the ways we plan to use your information, and which of the legal bases we rely on to do so
Purpose/Activity | Type of Information | Lawful Basis for Processing Information |
---|
To book you appointments, or to process and provide any of our services you request | Health and medical information | Necessary for the provision of health care |
To ensure your dietary needs are catered for and to ensure accessibility at our clinics | Health and medical information | Vital interests Necessary for the purposes of carrying out obligations under the Equality Act 2010 Data Protection Act 2018 Schedule 1 Part 1 Para 1 – necessary for the purposes of carrying out obligations under the Equality Act 2010 |
For statistical analysis of our members | Race and ethnicity information | Necessary for the purposes of ensuring equality of opportunities or treatment |
Our marketing communications
We may use your personal information to contact you to inform you about services we believe might be of interest to you via email or text message (we call this marketing communications). Our members may receive marketing communications from us unless you have opted out or unsubscribed to receiving that marketing.
You can ask us to stop sending you marketing communications at any by following the unsubscribe links on any marketing communications sent to you or by contacting us at any time.
Where you opt out of receiving these marketing communications, this will not apply to personal information provided to us as a result of the provision of our services and we will still be required to contact you in relation to the services we provide.
Sharing personal information
Normally, only our employees will be able to see and process your personal information. However, there may be times when we will share relevant information with third parties for the purposes as outlined above, or where we are legally required to do so. When sharing personal information, we will comply with all aspects of data protection law.
Where necessary or required, we may share your personal information as follows:
- With third party service providers, in connection with services performed on our behalf. For example, our email provider, our payment card provider, our platform provider and analytics and search engine providers that assist us in the improvement and optimisation of our website.
- With other health care providers or those who help us provide care to you (e.g. your GP, specialist consultants/doctors, the NHS).
- With our regulators (e.g. the Care Quality Commission, the General Medical Council and other professional bodies);
- With our insurers and legal advisers.
- With the police and other relevant authorities (e.g. Department of Work and Pensions, HM Revenues and Customs) in relation to the prevention or detection of crime and fraud; the apprehension or prosecution of offenders and the assessment or collection of tax or duty.
- With third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy policy.
This list is not exhaustive as there are other circumstances where we may also be required to share information, for example:
- To meet our legal obligations.
- In connection with legal proceedings (or where we are instructed to do so by Court order).
Our relationships with third party services providers are governed by contractual provisions with us and they only have access to personal information to perform the described purposes and may not use it for other purposes.
Where we store personal information
The personal information that we collect is stored within the UK and European Economic Area (EEA). However, there may be some circumstances where it is necessary to transfer and store personal information at a destination outside the UK or the EEA. In these circumstances, we will take all steps reasonably necessary to ensure that personal information is treated securely and in accordance with data protection law and, in the event that personal information is transferred outside the UK or the EEA, shall ensure that this is carried out subject to the requirements of the UK GDPR.
How long we keep it for
We will only retain personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Details of retention periods for different aspects of personal information are available upon request. After this period, we will securely destroy or anonymise personal information in accordance with data protection law.
Your rights
Right of access
You have the right of access to information we hold about or concerning you. If you would like to exercise this right, please do so in writing. If you are seeking to obtain specific information (e.g. about a particular matter of from a particular time period), it helps if you clarify the details of what you would like to receive in your written request. If someone is requesting information on your behalf, they will need written confirmation from you to evidence your consent for us to release this and proof of ID (both yours and theirs). We have one month to provide you with the information you’ve asked for (although we will try to provide this to you as promptly as possible). In response to a subject access request, we will provide you with a copy of the information we hold that relates to you.
Right of rectification or erasure
If you feel that any data that we hold about you is inaccurate you have the right to ask us to correct or rectify it. You also have a right to ask us to erase information about you where you can demonstrate that the data we hold is no longer needed by us, or if you withdraw the consent upon which our processing is based, or if you feel that we are unlawfully processing your data. Your right of rectification and erasure extends to anyone we have disclosed your personal information to and we will take all reasonable steps to inform those with whom we have shared your data about your request for erasure.
Right to restriction of processing
You have a right to request that we refrain from processing your data where you contest its accuracy, or the processing is unlawful and you have opposed its erasure, or where we don’t need to hold your data anymore but you need us to in order to establish, exercise or defend any legal claims, or we are in dispute about the legality of our processing your personal data.
Right of portability
You have a right to receive any personal data that you have provided to us in order to transfer it onto another data controller where the processing is based on consent or contract and is carried out by automated means called a data portability request.
Right to object
You have a right to object to our processing of your personal data where the basis of the processing is our legitimate interests including but not limited to direct marketing and profiling.
Right to withdraw consent
In the circumstances where you may have provided consent to the collection, processing and transfer of personal information for a specific purpose has been provided, you have the right to withdraw consent for that specific processing at any time. To withdraw your consent, please contact us using the contact details below. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
Please note, there are some specific circumstances where these rights do not apply and we can refuse to deal with your request.
Complaints
If you have a concern about the way we are collecting or using personal information, we would ask that you raise your concern with us in the first instance by using the contact details below.
You also have a right to lodge a complaint with the Information Commissioner’s Office (ICO) should you feel that we have not handled your information in line with legislative and regulatory requirements. They can be contacted at:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow Cheshire SK9 5AF
0303 123 1113 | www.ico.org.uk
Further information
For further information on how to request your personal information and how and why we process your information, you can contact us our Privacy Officer by emailing privacyofficer@harveyrhys.com.
Changes to this privacy policy
We may change this privacy policy from time to time. This privacy notice was last updated in May 2022.