Last updated: August 29, 2018
GB Aesthetics respects and values the privacy of our patients and believes that you care how your personal data is used. We are committed to only use your personal data in ways that are described here and in consistency with our obligations and your rights under the law.
We are regulated by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”). Our goal is to be fully GDPR compliant.
In this statement we explain how we use your personal data. This includes how your personal data is collected, stored and processed. We will also explain your rights under the law relating to GDPR.
- Information about us
GB Aesthetics Ltd. is registered in England and Wales under company number 10853849, the registered office of the company is 52 High Street, Pinner, Middlesex HA5 5PW, United Kingdom.
Data Protection Officer: Talia Antoniouk
- What is Personal Data?
Personal data is, in simple terms, any information about you that enables you to be identified. This includes information like your name, date of birth, or contact details, but it also covers information that you might not be aware of, such as electronic location data, identification numbers, medical records, including digital data, pictures and reports, correspondence between doctors, healthcare providers, hospitals and other related authorities.
- What are my rights?
Under GDPR, you have the following rights, which GB Aesthetics works to uphold:
- The right to be informed about our collection and use of your personal data. This statement should provide all the information you need to know, but you can always contact us to find out more or to ask any questions;
- The right to request the personal data we hold about you;
- The right to have your personal data rectified if any of the data collected is inaccurate, false, not up-to-date or incomplete;
- The right to have your personal data erased in certain circumstances;
- The right to data portability – to obtain and reuse your personal data for your own purposes across different services;
- The right to object the use of your personal data in certain circumstances e.g. for marketing or profiling purposes;
- Rights relating to automated decision making and profiling. We do not use your personal data in this way and this element does not apply.
Please contact us to find out more, using the address or email given above.
You have the right to complain to the Information Commissioner’s Office (ICO) which can be found at https://ico.org.uk/. It has enforcement powers and can investigate compliance with data protection law.
Full information on your rights under the Data Protection Act can be found from the following link: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
GB Aesthetics is required to keep medical notes for all treatments, so you do not have the right to request erasure. Equally we cannot provide treatment without keeping records so as that consent cannot be voluntary.
- What Personal Data do we collect?
- Your name, date of birth, gender, marital status, occupation, home address and contact details, including email, home and mobile telephone numbers;
- Information about next of kin, emergency contact (name, relationship to you, home address, home and mobile telephone numbers);
- Your medical history, including previous and current medical records;
- Information about medical or health conditions, including whether or not you have a disability or disease for which GB Aesthetics needs to make reasonable adjustments;
- Information about medical or health conditions of your family;
- Your financial information, if you are a ‘self-pay’ patient or paying us directly in any way for any element of our invoice or the financial information of the company or individual who is responsible for the payment of invoices/bills relating to your care (e.g. insurer or sponsor);
- Information you choose to provide to us during consultations and associated services;
- Information contained in or relating to any communications that you send to us, including via e-mail.
• Information received in response to any surveys, complaints or claims.
- How do you collect my Personal Data?
Your personal data may be collected in different ways. This includes our registration and admission forms, pre-assessment questionnaires, or our online web forms which are completed by you prior to your first contact with GB Aesthetics staff or your treatment. Furthermore, personal data is collected from correspondence with you, through consultations and associated services, examinations, meetings and assessments, by photography of your face or details of your body, by recordings of laboratory and radiology results and the investigations and examinations of other doctors or healthcare or aesthetics workers together with any records they make in the course of their care.
In some cases, GB Aesthetics may collect personal data about you from third parties, such as insurance providers, referrers, sponsors, hospitals and other consultants.
- How do you use my Personal Data?
- To support the provision of your healthcare;
- To decide how best to provide treatment or aesthetic services to you;
- As necessary to support the healthcare contract with you and to allow us to receive full payment for those services. This includes email notifications that you have specifically requested and information relating to healthcare or aesthetic procedures, confirmation letters and emails prior to your consultation and subsequent treatments, and statements, invoices, or payment reminders;
- To deal with enquiries and complaints made by or about you relating to the services of GB Aesthetics;
- To keep your records up-to-date;
- As necessary for our own legitimate interests or those of other persons and organisations;
- For good governance, accounting, and managing and auditing our clinical and business operations;
- To monitor emails, calls, other communications, and activities on our networks and systems;
- For scientific research and education of peers, and for analysis of surgical or non-surgical methods;
- For market research, analysis and developing statistics for improving clinical performance; and as necessary to comply with a legal obligation;
- When you exercise your rights under Data Protection Laws and make requests;
- For compliance with legal and regulatory requirements and related disclosures;
- For establishment and defence of legal rights;
- For activities relating to the prevention, detection and investigation of crime;
- To verify your identity, make credit fraud prevention and anti-money laundering checks; and to investigate complaints, legal claims and data protection or clinical incidents, based on your consent;
- If you ask us to disclose your personal data to other people or organisations such as a company handling a claim on your behalf; or otherwise agree to disclosures
- When we process any special categories of personal data about you at your request (e.g. racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning your health, sex life or sexual orientation)
You are free at any time to ask us to stop collecting data, but the consequence would be that we could not continue to provide healthcare or aesthetic services to you.
- How long will you keep my Personal Data?
Personal information will be kept in accordance with the retention periods outlined in the Information Governance Alliance (IGA) Records Management Code of Practice for Health and Social Care (2016). Information may be held for longer periods where the following apply:
- Retention in the case of queries: We will retain your personal data as long as necessary to deal with any queries you may have;
- Retention in the case of claims: We will retain your personal data for as long as you might legally bring claims against us;
- Retention in accordance with legal and regulatory requirements: We will retain your personal data after you have received healthcare or aesthetic services based on our legal and regulatory requirements.
- How and where do you store or transfer my Personal Data?
Your personal data is only stored in the UK, on GDPR compliant servers. This means that it will be fully protected under the GDPR.
- How do you share my Personal Data?
We will not share any details of your personal data with third parties for any purposes except under the following limited circumstances:
- With consultant’s / doctors, other healthcare or aesthetic professionals and hospitals who provide treatment to you;
- With any other healthcare or aesthetic providers where we feel this will enhance the quality of your care or service;
- With sub-contractors, companies and other persons who help us to provide healthcare products and services to you or provide services to you as part of your extended care;
- With our legal and other professional advisors, including our auditors;
- With fraud prevention agencies, credit reference agencies, and debt collection agencies;
- With Government bodies and agencies in the UK and overseas;
- With the Information Commissioner’s Office (ICO);
- With courts to comply with legal requirements, and for the administration of justice and collection of debts;
- In an emergency or to otherwise protect your vital interests;
- To protect the security or integrity of our business operations and other patients;
- With payment systems and providers;
- With anyone else where we have your consent or as required by law
We will not, without your express consent, supply your personal data to any third party for the purpose of their or any other third party’s direct marketing.
- How can I access my Personal Data?
If you want to access the personal data we have about you, you can ask for details of that personal data or for a copy of it (where any such personal data is held). This process is known as a “subject access request” (SAR.
All SAR’s should be made in writing and sent to the email or the postal address shown above. This request must be accompanied with two identity documents; one photo ID (e.g. passport or driving license), and the other showing you address and dated within the last three months (e.g. utility bill).
We will aim to respond to your SAR’s within 20 working days after receiving the necessary information. There may be some exemptions with providing a complete response in time, especially if your request is more complex, more time may be required, up to a maximum of three months, from the date we receive your request. GB Aesthetics will keep you fully informed of progress.
Information relating to any changes will be made available on our website www.gbaesthetics.com. We encourage you to check this page occasionally to ensure you are well informed about and consent to any changes in this policy.
You acknowledge that the transmission of information over the internet is inherently insecure, and we cannot guarantee the security of data sent to us over the internet.