The EU General Data Protection Regulations 2018 (GDPR) introduces the need for organisations to be more accountable in the way that they collect, use, store and dispose of personal information. It also gives individuals more control over their personal information.
This policy details what information Hertford Aesthetics Clinic and website collects, the necessity to collect this information, how it is used and stored and who it could be shared with.
Who are we?
Hertford Aesthetics is a Sole Trader practicing Facial Aesthetics working from a home clinic. The information we require is in order to provide you with appropriate and safe facial aesthetic treatment.
Dr Sushma Klausen, is the owner and proprietor of Hertford Aesthetics, and is responsible for keeping secure the information about you that is held.
How do we collect personal information from you?
Hertford Aesthetics collects personal information via the following means:
via our website contact form
when you send us an email
when you call us on the telephone
when you sign our consent forms and complete the medical history forms
details of treatment discussed and provided
What type of information is collected from you?
The personal information we collect includes:
Your name and contact information (including email address and phone number) which you provide to us when you submit our contact form, telephone us, send us an email, or communicate in any other way
Other information acquired initial consultation
Medical history, date of birth and home address
Treatment plans, consent forms and photographs
Notes of conversations with you and your care
Details of any treatment provided
Dates of your appointments
Correspondence with other health professionals in this field or institutions
Records of Payments
Only an IP address could be used to identify you individually (indirectly through your ISP and only by the relevant authorities). Your IP address is only stored in log files that are deleted after 30 days.
How is your information in the clinic used?
We require up to date and accurate information about you to provide you with safe facial aesthetics treatment personalised to your needs.
Hertford Aesthetics provides an aftercare service as a courtesy via text message or phone call.
We also provide text message or email reminders of your appointments and recalls.
How is your information from the website used?
Collecting data helps us understand what you are looking for from our business, enabling us to deliver improved products and services, and in particular for the following reason:
to contact you in response to a specific enquiry or request
Who has access to your information?
We will never lease, distribute or sell your personal information to third parties unless we have your permission or the law requires us to.
Those that work on the website and social media platforms have only limited access to the photographs and Hertford Aesthetic document templates, not personal information.
Your information is only used by Hertford Aesthetics clinic but there may be instances were we need to share it, in your best interest - for example:
specialist in facial aesthetics
We will only disclose your information on a need-to-know basis and will limit any information that we share to the minimum necessary and always with your permission.
How you can access and update your information
The accuracy of your information is important to us. If you change email address, or any of the other information we hold is inaccurate or out of date, please email us at: firstname.lastname@example.org.
You have the right to ask for a copy of the information Hertford Aesthetics holds about you or to ask for it to be removed. You should submit your request by writing or by email. We will only remove data we hold on you if we are not legally obliged to retain it. However, we may be unable to erase records about your facial aesthetic treatments.
We will ask you to provide formal proof of identity before releasing, editing or removing any of your information.
Keeping your information safe
The patient files with personal information and treatment records are stored in a fireproof locked filing cabinet. The proprietor Dr Sushma Klausen has sole access to this filing cabinet. Clinical photographs are stored on a passcode secured device, which is kept at all times at the clinic premises and is locked away when not in use.
Records will be held for a minimum of ten years after you have last visited the clinic and shredded on disposal.
Security precautions in place to protect the loss, misuse or alteration of your information
We are committed to ensuring that your information is secure. Wix.com hosts our website and provides us with the online platform that allows us to provide information of our services and products. Your data may be stored through Wix.com’s data storage, databases and the general Wix.com applications. They store your data on secure servers behind a firewall.
In order to prevent unauthorised access or disclosure we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect.
Hertford Aesthetics will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information.
Dr Sushma Klausen is registered with the Information Commissioner’s Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF (0303123113 or 01625 545745). If you have any concerns with how we use your information and you feel unable to discuss with Dr Sushma Klausen, please contact the ICO directly.
All patient details will be kept stored on secure servers, and access limited only to authorised personnel with password protected access.
We maintain appropriate administrative, technical and physical safeguards to protect Personal Data against accidental or unlawful destruction, accidental loss, unauthorised alteration, unauthorised disclosure or access, misuse, and any other unlawful form of processing of the Personal Data in our possession. This includes, for example, firewalls, password protection and other access and authentication controls. We use SSL encryption technology to encrypt data during transmission through public internet (your enquiry form submissions and their transmission via email services to us).
However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. We cannot ensure or warrant the security of any information you transmit to us or store, and you do so at your own risk. We also cannot guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards. Once we receive your information, we make our best effort to ensure its security on our systems. If you believe your Personal Data has been compromised, please contact us.
The Following applies to use of our website
Use of 'cookies'
Like many websites, this site uses Google Analytics (GA) to track user interaction. We use this data to determine the number of people using our site, to better understand how they find and use our web pages and to see their journey through the website.
Although GA records data such as your geographical location, device, internet browser and operating system, none of this information personally identifies you to us. GA also records your computer’s IP address which could be used to personally identify you but Google do not grant us access to this. We consider Google to be a third party data processor (see below).
Disabling cookies on your internet browser will stop GA from tracking any part of your visit to pages within this website.
It is possible to switch off cookies by setting your browser preferences. Turning cookies of may result in a loss of functionality when using our website.
Links to other websites
In addition, if you linked to our website from a third party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party site and recommend that you check the policy of that third party site.
If you email us directly, or via a email mailto hyperlink (like this one), the email is transmitted to us via the Simple Mail Transfer Protocol (SMTP). Depending on your email provider, the email contents may or may not be encrypted from the point at which it leaves your computer, until it reaches your email provider or in some cases, until it reaches us. We have no control over this, but most popular email providers like Gmail do provide end-to-end encryption.
Our website contact form operates with a SSL ('Secure Sockets Layer' or 'https'). This means that any information you enter on our contact form will be encrypted by your own web browser from the point you click the 'Submit' button until it reaches our web server. It is briefly decrypted on our web server, but is then re-encrypted and transmitted to us via our email host where it is only ever transmitted in an encrypted form or held in a highly secure manner.
About this website’s server
This website is hosted in a virtual server by Wix (Wix Web services) within a secure UK data centre. The server may only be accessed by authorised personal and we have taken numerous security precautions including:
Anti-Virus and Anti-Malware scans (passive and active)
Secure SSH (Secure Shell) access with private/public key and password authentication for access by authorised personnel only
Firewall locking down all but essential ports
Our third party processors
We use a couple of third parties to process personal data on our behalf.
We have systems in place to protect personal information Hertford Aesthetics holds, if there is a security breach Hertford Aesthetics will investigate and report the incident to the ICO and the patients affected will be notified.
We will report any unlawful data breach of this website’s database or the database(s) of any of our third party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.
Our lawful basis for processing this data
We will ensure we have your permission to use the data necessary for the fulfilment of services provided or in order to take steps to procuring further orders.
If you do not agree
If you do not wish us to use your personal information as described, please discuss with Dr Sushma Klausen. If you object to the way we collect and use your information, Hertford Aesthetics may not be able to continue to provide your facial aesthetic treatments.
Review of this Policy
Any questions regarding this Policy and our privacy practices should be sent by email to email@example.com