GDPR Compliance Policy for Integrated Healthcare Clinic
Effective Date: October 8, 2024
Location: London, UK
At Integrated Healthcare Clinic, we are fully committed to protecting your personal data and ensuring that it is processed in compliance with the General Data Protection Regulation (GDPR) and applicable laws in England and Wales. This GDPR Compliance Policy explains how we collect, use, store, and protect your personal information.
1. Data Controller
The data controller responsible for your personal data is Integrated Healthcare Clinic, located at [Insert Clinic Address in London]. This means that we are responsible for determining the purposes and means of processing your personal data.
2. Personal Data We Collect
We collect and process the following personal data:
Identification Information: Name, address, phone number, and email.
Health Information: Medical history, treatment plans, prescriptions, and health conditions provided during consultations or treatment sessions.
Payment Information: Credit/debit card details and billing information for the payment of services.
Website Usage Data: IP address, browsing history, and device information when you use our website, collected via cookies and tracking technologies (e.g., Google Analytics).
3. Purpose of Data Collection
We collect your personal data for the following purposes:
To provide healthcare services: Personal and medical information is essential for us to offer treatments such as acupuncture, marma therapy, nutritional counseling, and others.
Booking and communication: To manage your appointments and communicate with you regarding consultations, follow-ups, and treatment plans.
Payment processing: To facilitate payments for treatments and services.
Marketing and Advertising: With your consent, we may use your contact information to send promotional content related to our services, including Google Ads, Facebook Ads, and retargeting.
Analytics and Website Improvements: Data collected via Google Analytics is used to analyze website traffic and improve our online presence and service offerings.
4. Legal Basis for Processing
The legal basis for processing your personal data is as follows:
Consent: We rely on your explicit consent to process your data for marketing activities, such as sending newsletters or promotional offers.
Contractual Necessity: We process your data to fulfill our healthcare obligations, such as providing treatment and managing appointments.
Legal Obligations: We process certain data to comply with legal requirements, including healthcare regulations.
Legitimate Interest: We use your data to ensure efficient clinic operations, improve patient care, and promote our services, in line with legitimate interests.
5. Your Rights Under GDPR
Under GDPR, you have the following rights concerning your personal data:
Right to Access: You can request a copy of the personal data we hold about you.
Right to Rectification: If any of your data is inaccurate or incomplete, you have the right to request corrections.
Right to Erasure (“Right to be Forgotten”): You can request that we delete your personal data when it is no longer necessary for the purposes it was collected.
Right to Restrict Processing: You have the right to request that we limit the processing of your personal data under certain conditions.
Right to Data Portability: You can request a copy of your data in a structured, machine-readable format and transfer it to another provider.
Right to Object: You may object to the processing of your personal data for direct marketing or other purposes based on legitimate interests.
Right to Withdraw Consent: Where consent is the basis of processing, you can withdraw it at any time, without affecting the lawfulness of processing before the withdrawal.
To exercise these rights, please contact us at info@firdousali.com.
6. Data Security
We have implemented appropriate technical and organizational measures to protect your personal data from unauthorized access, accidental loss, disclosure, or destruction, including:
Encryption: Data is encrypted during storage and transmission, where applicable.
Access Control: Only authorized personnel have access to personal data based on their roles and responsibilities.
Regular Audits: We regularly review and update our data protection practices to maintain compliance with GDPR.
7. Data Retention
We retain your personal data for as long as necessary to fulfill the purposes for which it was collected or as required by law. For medical records, we typically retain data for a minimum of [Insert Time Period] in compliance with UK healthcare regulations.
8. Data Sharing with Third Parties
We may share your data with third parties when necessary for providing healthcare services or for marketing purposes, including:
Healthcare Providers: For consultations, referrals, or collaborative treatment efforts.
Marketing and Analytics Platforms: We use Google Ads, Facebook Ads, Google Analytics, and other platforms to manage and analyze our marketing campaigns and website traffic. These services may collect data about your interaction with our website and advertisements.
Payment Processors: We work with payment processing companies to handle your transactions securely.
Legal and Regulatory Authorities: We may share your data when required by law or for the protection of public health.
All third parties are required to comply with GDPR and respect the privacy and confidentiality of your data.
9. Cookies and Tracking Technologies
Our website uses cookies to improve your browsing experience and provide personalized content. Cookies and similar tracking technologies (such as pixels) help us analyze website usage and deliver targeted advertisements through Google Ads and Facebook Ads. You can manage your cookie preferences or opt-out of personalized ads by:
Adjusting your browser settings to disable cookies.
Managing your preferences on Google Ad Settings.
Enabling “Do Not Track” in your browser.
10. International Data Transfers
In cases where we transfer your data outside the European Economic Area (EEA), we ensure that the appropriate safeguards, such as Standard Contractual Clauses (SCCs), are in place to protect your data.
11. Marketing and Retargeting
We use marketing tools such as Google Ads, Facebook Ads, and retargeting to promote our clinic and services. By interacting with our website, you may receive personalized advertisements based on your browsing behavior. You have the right to opt out of such marketing activities by:
Contacting us directly to request removal from marketing lists.
Adjusting your Facebook or Google ad preferences to limit the collection of data for marketing purposes.
12. Changes to this Policy
We may update this GDPR Compliance Policy periodically. Any changes will be communicated via our website, and the effective date will be revised accordingly.
13. Contact Information
For further information about our GDPR compliance, your rights, or to make a data-related inquiry, please contact us at:
Email: info@firdousali.com
Phone: +442072245111
Address: Integrated Medical Centre,
121 Crawford Street
London
W1U 6BE
United Kingdom