Who we are
At The Brunswick Clinic we respect your privacy, and aim to comply with the latest data protection regulations. This policy explains how we collect and handle data relating to website visitors. Please note that this policy may be altered in the future. It was last updated in June 2022.
Our website address is: https://brunswickclinic.co.uk/
Information About Us
Company Name: AR Hill Limited,
Registered in England & Wales under company number 04713183
38 Brunswick Square,
What does this notice cover?
This Privacy Information explains how we use your personal data: how it is collected, how it is held, and how it is processed. It also explains your rights under the law relating to your personal data.
What is personal data?
Personal data is defined by the UK GDPR and the Data Protection Act 2018 (collectively, “the Data Protection Legislation”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.
Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.
What personal data we collect and why we collect it
We need to collect minimal personal information so we can provide the products and services you have requested from us.
When you contact us by email or via telephone, we will collect your name, email address and contact number so that we can process your inquiry.
Users under 18 years of age
Any user under 18 years of age must have their parents’/guardians’ consent to use our website. Users without this consent are not allowed to provide us with personal information.
Sensitive personal data
As a practice, medical information concerning patients must be held. Medical records are treated as special categories of personal data (formerly sensitive personal data) and we afford them the highest level of protection. Clinical records must be retained for eight years for past patients and in the case of children, until the child has reached the age of 25. To ensure effective destruction, records will be incinerated by an accredited supplier. GDPR allows a patient to as easily withdraw consent as to give it, although there is still a duty for us to retain any existing records for eight years and minors until they have reached the age of 25, after any consent has been withdrawn.
Embedded content from other websites
This site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
Who we share your data with
We will not share your personal information with third parties for marketing purposes. Personal information will only be given to a third party when we are legally obliged to do so. Anonymous data derived from cookies may be shared with third parties, but only for technical purposes, not for marketing.
How and Where Do You Store or Transfer My Personal Data?
We may store some of your personal data in countries outside of the UK. These are known as “third countries”. We will take additional steps in order to ensure that your personal data is treated just as safely and securely as it would be within the UK and under the Data Protection Legislation as follows:
We will use specific approved contracts which ensure the same levels of personal data protection that apply under the Data Protection Legislation. For further information, please refer to the Information Commissioner’s Office.
You will not be sent any unlawful marketing or spam. We will always work to fully protect your rights and comply with our obligations under the Data Protection Legislation and the Privacy and Electronic Communications (EC Directive) Regulations 2003, and you will always have the opportunity to opt-out. We will always obtain your express opt-in consent before sharing your personal data with third parties for marketing purposes and you will be able to opt-out at any time.
We will only use your personal data for the purpose(s) for which it was originally collected unless we reasonably believe that another purpose is compatible with that or those original purpose(s) and need to use your personal data for that purpose. If we do use your personal data in this way and you wish us to explain how the new purpose is compatible with the original, please contact us.
If we need to use your personal data for a purpose that is unrelated to, or incompatible with, the purpose(s) for which it was originally collected, we will inform you and explain the legal basis which allows us to do so.
In some circumstances, where permitted or required by law, we may process your personal data without your knowledge or consent. This will only be done within the bounds of the Data Protection Legislation and your legal rights.
How long we retain your data
Personal data may be required for legal purposes and record keeping. All data will only be stored for as long as it is legally required. We are required by law, for example, to keep medical records for 8 years, or until you reach the age of 25, whichever comes first.
What rights you have over your data
You can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes. When you make a request to receive or erase your personal data, we may ask for additional information to prove your identity.
If you are not satisfied with our response or do not believe we are processing your personal data in accordance with the law, you can complain to the Information Commissioner’s Office (ICO).
How we protect your data
We will store all personal information you provide securely. All traffic between your browser and this website is encrypted and protected via SSL (Secure Socket Layers).
The security of your personal data is essential to us, and to protect your data, we take a number of important measures, including the following:
- Sensitive personal data will never be stored or transferred outwith the company;
- limiting access to your personal data to those employees, agents, contractors, and other third parties with a legitimate need to know and ensuring that they are subject to duties of confidentiality;
- procedures for dealing with data breaches (the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, your personal data) including notifying you and/or the Information Commissioner’s Office where we are legally required to do so
Finally, we will endeavour to report any unlawful data breach of this website’s database or the databases of any of our third party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.