This notice explains why personal data is collected about you, the ways in which the data might be used and the rights that you have with regards to the usage of your personal data.
Who is responsible for the processing of your personal data?
If you book a procedure or treatment through us then the correct entity responsible for the processing of your personal data is Perfect Eyes Ltd of Ground Floor, 121, Harley Street, London W1G 6AX. We are registered with the Information Commissioner’s Office (ICO) and our registration number is ZA280470. This is renewed annually as an on-going policy.
Please note that Perfect Eyes Ltd is the medical arm of Dr Shah Desai’s practice.
Dr Sabrina’s Clinic is the aesthetic arm of Dr Shah Desai’s practice & treatments will incur an additional VAT charge.
Please note that your personal data will be shared between both companies and all information will be treated as confidential and protected in accordance with Data Protection legislation.
Why we collect personal data from you
In our practice we aim to provide the highest quality health care. To do this we must collect and use your personal details, including sensitive details about your health. Without this information it would be almost impossible to deliver the quality health care we seek to provide. We use your personal data to deliver services including testing and examinations, medical diagnoses, clinical treatment and the management of preventive or occupational medication.
What types of personal data do we collect?
Depending on the nature of your visits or treatment, we may collect general personal data such as your name, contact details, employment or profession, job title and payment information along with your banking details if required. We may also collect sensitive information about your physical or mental health status which may include information about a disease, disability, medical history, clinical treatment or your physiological or biomedical state.
The personal data we collect may occur through your contact with us including by phone, by email, through our website, by post, by filling in feedback forms or other forms, or in person. This may vary according to your relationship with us.
We keep the collection of personal information to what is necessary to provide our service to you and not beyond it.
Under what basis do we use your personal data?
Under the GDPR, we must always have a lawful basis for using your personal data. This may be because the data is necessary for our performance of a contract with you, because you have consented to the use of your personal data, or because it is in our legitimate business interests to use it.
In most cases we use your personal data because you ask us to do so, in other words, you give us permission. There are times where you may need to give us specific permission. Where your consent is required, we will provide you with all the details you require in order to make your decision. Sometimes we may be asked by legal authorities to process your personal data and at other times, it might be in order to protect your vital interests. There may also be instances where we have special permission because the interests of the public are deemed to be of greater importance than your confidentiality.
Taking into account the legitimate reasons for processing your data they can include:
- Internal record keeping.
- To assist in managing our relationship with you, our business and third parties who may provide services or products for us.
- For statistical research and analysis to allow us to monitor and improve our services and our website and allow us to develop.
- To carry out marketing activities so we can show you information that is of interest to you, based on our understanding of your preferences.
- To monitor our clinical and non-clinical performance.
Based on the above your personal data may be used for one of the following purposes:
- Supplying our medical and healthcare products and services to you. Your personal data is required in order for us to enter into a contract with you for the provision of our services.
- To meet your healthcare needs: personalising and tailoring our services and products for you.
- Communicating with you. This may include but is not limited to responding to emails or calls from you or meeting with you in person; sending you reminders on appointments or follow-ups; requesting further feedback; communicating with you in relation to any after care needs.
- Supplying you with information you require by email or post.
- Providing and managing your account including financial transactions.
- With your permission and/or where permitted by law, we may use your personal data for our marketing purposes. These can include contacting you by email and/or post with information on our products and services.
What we will not do is send you spam or any unlawful marketing not permitted by the law. We want to fully protect your rights through compliance with the data protection regulations.
You can always opt out of receiving marketing. Please email us at any time and we will remove your name. Our contact details are given below. In the alternative if you want to start receiving emails from us again or have changed email address please contact us.
Where do we obtain your personal data from?
In most cases we collect your personal data directly from you. There are times where we might need to get information from your relatives, other GPs or health professionals and even from the results of testing and diagnoses. Where we get your personal data from other sources we will inform you.
Who might we share your personal data with?
Your personal data will be shared between the two arms of Dr Shah Desai’s practice – Perfect Eyes Ltd and Dr Sabrina Clinic.We may need to share your personal data with health authorities, NHS Trusts, special health authorities, legal authorities, ambulance services and with any other medical practitioner/s and provider/s who are part of your healthcare plan or records. With your consent and, subject to strict sharing protocols about how it will be used, we may also share your information with social services, education services, local authorities, voluntary sector providers as well as the private sector. Before any of your personal data can be sent outside the EU, we must comply with strict conditions as laid down by the law.
Please note that we will always seek your express consent to share personal information with others who are not normally involved in your health care but may be required to become involved for various reasons.
We are aware that not all patients want their NHS GP to be advised of particular matters. We always give you the option to let us communicate and update your NHS GP or to not allow us to do so. This will be discussed with you when treating.
All organizations must deliver up personal data under court order or according to the law. We will not deliver up more than has been requested or we are obliged to do so under the law or court order.
How we look after your personal data
We respect the fact that the personal data belongs to you. We have a duty to keep your information confidential, secure and accurate. We do not keep your personal data for any longer than is necessary for the purpose for which we collected the data. Where we need to further use your personal data, we ensure that it is legal for us to do so and when we need to store your data we take measures to ensure that you or other patients cannot be identified through simply accessing those files.
How long we keep your personal data
We will not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected. We generally keep your personal data in relation to clinical based records for 9 years. As for financial information banking and payment information is generally kept for no longer than 12 months for accounting purposes or as is deemed correct according to the law and HMRC records. Credit card security numbers will be deleted as soon as payment is made and confirmed as received. All information is confidentially disposed of safely.
How can I access my personal data?
If you want to know what we hold please email or write addressing communications to the Manager and marking your email heading and letter ‘DATA INFORMATION REQUEST’. Our full address is: Perfect Eyes Ltd of Ground Floor, 121, Harley Street, London W1G 6AX. If you wish to communicate by email the correct email address will be: [email protected]
You may also request a copy of what we hold which is known as a ‘subject data request’. We may contact you to verify the request. We will ask you to sign a pro forma authority which will be kept on file. We will ask you to provide up to date suitable ID. We will abide by the data protection regulations on charges and timings of the request. To contact us use the above email and postal address. Mark the email heading or letter ‘SUBJECT DATA REQUEST’.
You may decide to contact us through our website which is fine. However when requesting a copy of health care records under a subject data request we will check the request by contacting you, request you sign and date a pro-forma authority and ask you to provide suitable ID.
We always abide by the law and as the law requires us to ask your permission if using certain kinds of cookies we will of course do so the first time you enter. The law also requires us to make sure you understand what cookies are and why we use them.
A cookie, also known as an HTTP cookie, web cookie, or browser cookie, is a small piece of data sent from a website and stored in a user’s web browser while a user is browsing a website. When the user browses the same website in the future, the data stored in the cookie can be retrieved by the website to notify the website of the user’s previous activity. Cookies are not viruses, spyware, or Trojans that cause harm to your machine.
There are different types of cookies. There are cookies that are strictly necessary in order to enable you to move around the website and use of all its features. We do use them.
There are performance cookies. They help us to provide you with a better experience. Information supplied by these types of cookies help us understand how you the visitor to the website use the website so that we can improve how we present our content to you. We do contract with independent third party companies to perform these services. This can entail the use for third party cookies for this function.
We are currently not using Flash cookies.
We may use what is termed sharing cookies. You can share information on our websites with family and friends through popular social networks. When you click on a button for the social networks a cookie may be set by the service you have chosen to share content through. We do not control the dissemination of those cookies.
We currently are not using sharing cookies.
We do use remarketing cookies. This allows us to stay in contact with you after you have left our website. In effect this means that a cookie triggered on our website will allow us to reach out and provide further information to you whilst you visit a third party website such as social media sites. It allows continuity of contact with you.
We want you to know that we use non-cookie based forms of data tracking which is utilised when you sign into other accounts like Facebook whilst visiting out website. Once again we use this data to better understand our website visitors, to tailor the content to their specific demographics and going forward for us to remarket our services to be better attuned to our website visitors.
Opt out and opt in once again
You can opt out of email marketing anytime. Please unsubscribe using the most recent marketing email sent or send us an email or write. Out postal address and email contact details are given above in more than one place. Please mark your letter or email hearing as ‘UNSUBSCRIBE ME’. if at any time you change your mind and wish to subscribe you can go onto our website or email or send a letter.
Sharing your personal data with essential third parties
There will be times that beyond your clinical care we need to share personal data with others. These may include third party service providers processing information for us to function.
These can include:
- Third party service providers processing personal data for us to process credit cards and payments.
- Obtaining of medications and delivery of the same.
- For secure clinical data storage.
- Third parties in relation to our website and managing and distributing of marketing material by email. These third party providers distribute emails, research and analyse opening of email and visiting of our website. We do use MailChimp.
What are your rights as a client/patient?
There is an EU law that protects your personal data and it’s called the General Data Protection Regulation (GDPR). We must ensure that when you ask about your personal data we respond promptly to your request. Under certain circumstances you have the right to have your data corrected or removed or transferred to another service provider and also to ask that we stop using your data. You have the right not to be subject to decisions that were made purely by machine, unless certain conditions apply.
Where you have previously given your consent, you have the right to have that consent removed, unless a legal authority prevents us from doing this. You have the right not to be pestered by nuisance email or tele-marketing.
You also have the right to be informed of certain security incidents which might have an impact on you. You have the right to raise a complaint with the data protection authority (supervisory authority). Please find their details below. Should you require access to your personal data you may make the request by using the link on our website or contacting us directly at our practice. Please see details above to assist you.