In line with the new General Data Protection Regulation (effective from 25.5.18) require you to read the below Privacy Notice which clearly outlines how we use and store your personal data, in order to provide you with our services.
GOLD ANGELS AESTHETICS LIMITED Registered in England No. 10674170
(T/A Gold Medical Centre, Gold Angels Medical Aesthetics & Gold Medical Hair Transplant)
Data Privacy Notice Created: February 2021
The purpose of this Data Privacy Notice is to outline GOLD ANGELS AESTHETICS LIMITED approach to responsibilities regarding the legal protection of data collected, handled, and stored throughout the course of the Company’s business activities. It is also to ensure compliance to the European General Data Protection Regulations (GDPR).
GOLD ANGELS AESTHETICS LIMITED strive to ensure, accountability and transparency with regards to the handling of personal data at all times.
The Company’s policies and procedures are designed to ensure that we provide data subjects with easily accessible and meaningful information to ensure that they know what personal data is collected about them, as well as why and how it is being processed, their rights in connection with that processing and the exercising of those rights. The Company is committed to the continuous improvement of the management of personal data.
Personal data means any information relating to an identified or identifiable natural person – known as a “data subject” – and can include, for example, names, ID numbers, location data, online identifiers, and factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of a data subject. The data protection legislation also recognizes ‘special categories’ of personal data, the processing of which are subject to stricter regulation than other forms of personal data. This category of personal data includes data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data used to uniquely identify natural persons, data concerning health or data concerning an individual’s sex life or sexual orientation.
All activities relating to personal data (e.g., collection, structuring, alteration, storage, retrieval, consultation, use, adaptation, disclosure, erasure, or destruction), whether using automated means or not, are known as “processing” for the purposes of the data protection legislation.
The data protection legislation makes a distinction between those who process data as “controllers” and those who process it as “processors” and imposes different obligations on controllers and processors. “Controllers” are individuals or organizations that determine the purposes and means of the processing of personal data. “Processors” are individuals or organizations that process personal data on behalf of a controller.
THE IDENTITY AND CONTACT DETAILS OF THE CONTROLLER (defined as GOLD ANGELS AESTHETICS LIMITED)
A data controller is a person or organization who determines the purposes for which and the way any personal data is to be processed. In the case of GOLD ANGELS AESTHETICS LIMITED the company acts as a controller. The contact details are as follows:
CONTACT DETAILS OF THE DATA PROTECTION OFFICER
Name: CHRISTOS ANGELIS
Tel: 0775 9461 298 / 020 3488 2014
Address: GOLD ANGELS AESTHETICS LIMITED, Southgate Office Village, 286a Chase Road, London, N14 6HF
PURPOSE OF THIS NOTICE
GOLD ANGELS AESTHETICS LIMITED provide medical services and is trading as Gold Medical Centre, Gold Angels Medical Aesthetics & Gold Medical Hair Transplant LTD providing consultation, advice and aesthetic treatments and private GP services to its clients and patients. The company collects and processes clients and patient’s personal data in order to enable appropriate care and treatment to assist with ongoing care and refer to other healthcare practitioners according to the clients and patients’ needs and to maintain the follow relationship and service provision following the securing of a role. You may give your personal details to the company directly, when enquire online via our website, or when you book an appointment for consultation, occasionally limited data are collected through social media.
Our process is to contact clients and patients and to discuss potential treatments and establish clients and patients’ interest and availability for a face-to-face consultation. Clients and patient’s details are retained on our database system and filed manually following strict security processes. Our database is semi-electronic with paper-based documents safely stored in secure protected area, and electronic data are save encrypted in a clou based CRM system, but there is no clients and patient’s information being held on online server. Access to the databased is only available to the doctor providing the consultation and consequently the treatment. Clients and patient’s details are retained on this databased for a reasonable time for as long as treatment is provided, for follow up and reminders of appointments and reviews of the effectiveness of treatment. These activities are recorded on the database to ensure accuracy of information and ongoing patient care.
This notice is to explain what GOLD ANGELS AESTHETICS LIMITED do with personal data – how we collect, use, and process the data. It also outlines what our legal obligations are and what rights data subjects have.
This notice covers the personal data of GOLD ANGELS AESTHETICS LIMITED, clients, suppliers and website visitors and anyone that the Company may contact for any legitimate reasons required to carry out our business.
GOLD ANGELS AESTHETICS LIMITED lawful Basis for the processing of your personal data is to pursue our legitimate business interests, described in more detail below, although we will also rely on the Lawful Basis of legal obligation and the Lawful Basis of consent for specific uses of data. We will rely on legal obligation if we are legally required to hold information on to you to fulfil our legal obligations.
We will rely on consent for use of your data and in these circumstances, you will be asked for your express consent, whenever legally is required. Examples of when consent may be the lawful basis for processing include Special Category (sensitive information).
Our legitimate interests in collecting and retaining your personal data are described below:
The company provides aesthetic medical consultations and treatments and GP consultations to clients and patients and has a legitimate interest to process personal data in order to be able to provide these services – in doing so, the Company acts as a Data controller.
The Company needs to check the identity of clients and patients, accuracy of the information provided, as well as process payments and manage certain statutory rights. It is therefore in the legitimate interests of all parties involved (the clients and patients, the doctor providing treatment, advice or consultation and GOLD ANGELS AESTHETICS LIMITED to be able to process personal data.
Data is mainly collected directly from Data subjects – either by direct contact to us by phone or email, or web enquiry. Data may also come from third parties such as online or offline media research or referees. The following list is not exhaustive but includes personal data that may, dependent on specific circumstances, be needed to allow GOLD ANGELS AESTHETICS LIMITED to undertake its activities. The company will only collect and process data that is deemed necessary and only in jurisdictions where there are no restrictions imposed and will vary depending on which services you engage us to deliver and the payments process.
The personal information we collect:
If you do not provide certain information when requested, we may not be able to proceed with your treatments.
When personal data is stored on paper or has been printed out for business reasons, it is always kept in a secure place with only authorized personnel having access. GOLD ANGELS AESTHETICS LIMITED apply the following business practices:
Recognize that personal data if accessed could cause risk of loss, corruption or theft and apply the following:
GOLD ANGELS AESTHETICS LIMITED automatically collect data from the company website via cookies, as deemed useful to help improve user experience and manage the services provided.
This information includes:
Personal details of clients and patients are collected and are generally used in the following ways:
Marketing activities: Processing personal data to ensure the receipt of relevant and targeted marketing materials and information
Invoicing and payment processes: Collecting bank details, or keep payment details in order to process payments for treatments and consultations provided
To assist in establishing, exercising or defending potential legal claims
We will only use your personal information for the purpose for which it was collected unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will advise you of this and explain the Lawful Basis for us doing so.
You should be aware that we may process your personal information without your knowledge or consent where this is required or permitted by law.
It is important that the personal information we hold about you is accurate and current. Please be sure to keep us informed if your information changes during your treatments or follow up with us.
We use sensitive personal information, these are special categories of personal data, and include information about your general health and medical conditions, these information are held by as because is by law obligations for healthcare service providers for health and safety purposes.
GOLD ANGELS AESTHETICS LIMITED use the services of a number of third-party providers which may involve the processing of clients and patient’s personal data in the legitimate interests of conducting a safe medical treatment.
These may include:
Should we want or need to rely on consent to lawfully process your data we will request your consent by asking you to sign a Consent Form for the specific activity we require consent for and record your response on your file. Where consent is the lawful basis for us to provide our services, you have the right to withdraw your consent to this particular processing at any time, by completing a Withdrawal of Consent Form, which can be requested from our Data Protection Officer.
The GDPR provides you with the following rights.
You have the rights to:
The GDPR gives you the right to access and obtain the personal information held about you. This is known as a “data subject access request”. Your right of access can be exercised in accordance with the GDPR. A data subject access request should be submitted to firstname.lastname@example.org (No fee will apply under the terms of the GDPR.)
GOLD ANGELS AESTHETICS LIMITED recognize the data subject’s right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her. However, this does not apply where the decision is:
GOLD ANGELS AESTHETICS LIMITED providing of clients or patients treatments always involves human decision making and is never based solely on automated process. In order to analyses or predict suitability of the treatment offered or requested to meet the requirements of the client or patient we use medical evidence-based approach and decision making that involve both parties (practitioner – patient)
A personal data breach is a breach that results in the destruction, alteration or unauthorized disclosure or access to personal data.
GOLD ANGELS AESTHETICS LIMITED will make every effort to contain any personal data breaches identified and will also undertake an immediate assessment of any potential risks resulting from the breach in line with our data breach incident process. Should it be considered that there is a high risk to an individual because of the breach, then GOLD ANGELS AESTHETICS LIMITED will endeavour to inform the individual as soon as possible.
In such situations where you feel that a breach may have taken place then you must notify our Data Protection Officer immediately.
It is also the responsibility of our data controller to ensure that GOLD ANGELS AESTHETICS LIMITED has in place the necessary insurance provision in the event of a personal data breach or a cyber-attack.
GOLD ANGELS AESTHETICS LIMITED is registered with the Information Commissioner’s Office and all records retained by the company are done so in accordance with data protection laws. It is the policy of GOLD ANGELS AESTHETICS LIMITED to retain personal data where there is legitimate reason to do so; this reason is to assess and provide medical aesthetic treatments.
All hard copies of personal data are securely stored and then disposed of in confidential waste bins.
GOLD ANGELS AESTHETICS LIMITED mandate that no personal data is to be held for longer than necessary on company laptops, phones desktop computers or any other electronic devices and that all personal data received must be transferred to the company’s database system as soon as possible. All original records received via Outlook or any other electronic method, or paper-based documents received must be deleted or destroyed securely as soon as reasonably possible. Employees who fail to comply will be subject to disciplinary action.
The exception to this is data held by the GOLD ANGELS AESTHETICS LIMITED Compliance and Finance teams under the terms of the GDPR. This is defined as personnel and financial records that are required to run the company efficiently and to comply with statutory requirements. The company is not required to keep the original of all documents – copies can be stored but they must be stored in writing, including in electronic format.
The type of record will determine the length of time the record must be kept for and will be assessed in line with the legitimate business needs of the business, including the requirements of various client contracts in place from time to time.
This notice may be updated, revised, replaced, and re-issued from time to time, to ensure it continues to meet all legislative requirements and relevant developments in data management and security techniques. Any changes to GOLD ANGELS AESTHETICS LIMITED data processing processes or this privacy notice will be brought to the attention of all data subjects.
Questions, comments and requests regarding this privacy notice are welcomed and should be sent to GOLD ANGELS AESTHETICS LIMITED in writing at email@example.com or Gold Medical Centre, Gold Angels Medical Aesthetics & Gold Medical Hair Transplant Address: GOLD ANGELS AESTHETICS LIMITED, Southgate Office Village, 286a Chase Road, London, N14 6HF Tel: 0775 9461 298 / 020 3488 2014
You also have the right to raise concerns or make a complaint to a supervisory body which in the United Kingdom is the Information Commissioner’s Office.
The ICO can be contacted on 0303 123 1113 or at https://ico.org.uk/concerns/