Fair Processing Notice for Patients
At London Pain Clinic Group, we respect your personal data. This Fair Processing Notice explains how we will use your personal data when you wish to become a patient or make enquiries at London Pain Clinic Your information will be filed securely both on our computers and any paper copies will be securely stored.
Our contact details
London Pain Clinic Group
9 Harley Street
020 7118 0250
Email : email@example.com
Our Data Protection Officer is Sapphire Consulting Group Ltd
What personal data do we collect about you? How will we use that personal data?
When you use our website, we will collect the following personal data about you:
- name, email, phone and the nature of your enquiry via our ‘Contact Us Form.
- IP Address/ MAC address when you use the website
If you become a patient of ours we will collect your name, contact details, GP and medical information and payment card detail or insurance details so that we can meet you and discuss how we may be able to treat you.
What is our legal basis for processing your personal data? How long do we hold your personal data?
We need a legal basis in order to process your personal data.
- We need your name, email and phone number in order to answer your enquiry and we process this data with your consent.
- Your health data is a special category, and we are processing this information in our roles as medical professionals.
- We need your IP address and MAC address so that we can monitor the use of our website, this is a legitimate interest for a business.
- If you become one of our patient, we will process your name, contact details, medical information and bank or insurance details as part of our contract with you.
Do we have a statutory or contractual requirement to process your personal data?
There is a contractual requirement for us to process your personal data because you are one of our patient and we need to fulfil our contractual responsibilities.
Do we use any automated decision making?
We us cookies, pixels and tags for analytical and re-targeting purposes.
Who do we share your personal data with?
- Companies that provide services to us. Our telephone service providers will get to see your phone number if we call you and our broadband supplier which could see your email address (but not the content of what you send us, if you encrypt it).
- Cloud service & IT providers. We use a number of cloud service & IT providers, such as our CRM, project management systems and webhosting. We also share with IT professionals who not only ensure that our systems run smoothly,but are also committed to the highest standards of data protection compliance.
- We use a Bookkeeper and an Accountant to help us with our finances.
- In response to a court order. It is possible, though unlikely, that we might be forced to disclose your information in response to a court order.
- We use an external marketing consultancy to assist us with our website and general marketing, and an email service so that we can update you with our news and events.
- If you become a patient of ours, we will share your data with our team of Medical & Health Care Professionals including Phoenix Hospital Group from whom we lease rooms and theatre space.
Do we transfer your personal data outside of the EU or EEA?
We use Microsoft, Google and DropBox which are based in the USA. However adequate safeguards are in place as these organisations are certified to the EU-US Privacy Shield Framework.
How long do we keep your personal data for?
- If you become one of our patients, we will keep your data on our secure database for 30 years.
- If you decide not to pursue treatment, we will keep your data for 30 years.
- If you make an enquiry, we will keep your data for 3 months.
You have rights in respect of our processing of your personal data which are:
- To access to your personal data and information about our processing of it. You also have the right to request a copy of your personal data (but we will need to remove information about other people).
- To rectify incorrect personal data that we are processing.
- To request that we erase your personal data if:
- we no longer need it;
- if we are processing your personal data by consent and you withdraw that consent;
- if we no longer have a legitimate ground to process your personal data; or
- we are processing your personal data unlawfully
- To object to our processing if it is by legitimate interest.
- To restrict our processing if it was by legitimate interest.
- To request that your personal data be transferred from us to another company if we were processing your data under a contract or with your consent and the processing is carried out automated means.
If you want to exercise any of these rights, please contact us.
You also have the right to lodge a complaint about our processing the UK’s Information Commissioner’s Office