Signed in as:
filler@godaddy.com
Svelte Body Clinic
Privacy and GDPR Notice
This Privacy and GDPR Notice explains how Svelte Body Clinic uses any personal information we collect about you when you use this website, purchase/utilise any SVELTE BODY CLINIC products and services and communicate with SVELTE BODY CLINIC .
This notice covers the following areas:-
1. Who we are and our Data Protection Officer
2. Personal data we collect about you: i. Categories of data we collect ii. Sensitive personal data
3. How and why we use your personal data
4. What the legal grounds for the processing of patient/client personal information are (including when we share it with others, confidentiality and consent)
5. What should patient/client do if their personal information changes
6. How long a patient/client’s personal information is retained by us
7. Patient/client’s rights under data protection laws
8. Requesting access to your personal data
9. Security of your personal data
10. Cookies
11. Updates to our Privacy Notice
12. How to contact us
Our Privacy Notice applies to the personal data that Svelte Body Clinic collects and uses. Svelte Body Clinic is known as the ‘Controller’ of the personal data provide to them. They collect basic personal data about patient/clients which does not include any special types of information or location-based information. This does however include name, address, DOB and contact details such as email and mobile number, etc. Svelte Body Clinic also collect sensitive confidential data known as “special category personal data”, in the form of health information, religious belief (if required in a healthcare setting), ethnicity and gender during the services they provide to patient/clients and/or linked to the healthcare through other health providers or third parties. The clinic manager is the Data Protection Officer (DPO) for Svelte Body Clinic, which means that he will ultimately determine for what purposes personal information is held and what it will be used for. He is also responsible for notifying the Information Commissioner of the data we hold or are likely to hold, and the general purposes of what that data will be used for. Svelte Body Clinic has appointed, Clinical Manager, as the person with responsibility for data protection compliance. He can be contacted at INFO@SVELTEBODYCLINIC.co.uk. Questions about this policy, or requests for further information, should be directed to him.
When using the term “personal data” in our Privacy and GDPR Notice, we mean information that relates to you and allows us to identify you, either directly or in combination with other information that we may hold. Your personal data may include e.g. your name, your contact details, company, information relating to your health or information on how you use our website or interact with us. We collect some personal data from you, e.g. when you order products/services, use our website, use our services or contact us.
We may collect and process the following information about you:
• Information about your transaction, including your payment card details
• When you purchase products or services from Svelte Body Clinic
In the course of providing services to you, we may collect information that could reveal your racial or ethnic origin, physical or mental health, religious beliefs or alleged commission or conviction of criminal offences. Such information is considered “sensitive personal data” under the General Data Protection Regulation. We only collect this information where you have given your explicit consent, it is necessary or you have deliberately made it public. For example, we may collect this information in the following circumstances:
By providing any sensitive personal data you explicitly agree that we may collect and use it in order to provide our services and in accordance with this Privacy Notice. If you do not allow us to process any sensitive personal data, this may mean we are unable to provide all or parts of the services you have requested from us.
The data will be processed by the staff at Svelte Body Clinic in accordance with the type of product or service required. Data collected for other reasons detailed above will be only that which is required to meet the purpose and processed by the appropriate person within Svelte Body Clinic. Svelte Body Clinic will not share your information for marketing purposes with any companies outside the business.
We use your personal data for the following purposes:
• Svelte Body Clinic requires personal data for contractual purposes to provide the product or service ordered
• Details about them, e.g. address, carer, legal representative, emergency contact details
• Any contact the clinic has had with the patient/client, e.g. appointments, clinic visits, etc.
e. To comply with our legal obligations
Svelte Body Clinic needs to know a patient/client’s personal, sensitive and confidential data in order to provide the healthcare services as a clinic, under the General Data Protection Regulation we will be lawfully using your information in accordance with:
Article 6, e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;”
Article 9, (h) processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems.
The privacy notice applies to the personal data of the patient/clients at Svelte Body Clinic and the data that patient/clients have given the clinic about their carers/family members.
Article 6(1)(e) ‘…exercise of official authority…’. For the processing of special categories data, the basis is: - Article 9(2)(b) – ‘processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law…’
iii. Categories of personal data
The data collected by clinic staff in the event of a safeguarding situation will be as much personal information as is necessary or possible to obtain in order to handle the situation. In addition to some basic demographic and contact details, Svelte Body Clinic will also process details of what the safeguarding concern is. This is likely to be special category information (such as health information).
iv. Sources of the data Svelte Body Clinic will either receive or collect information when someone contacts the organisation with safeguarding concerns or if Svelte Body Clinic believes there may be safeguarding concerns and make enquiries to relevant providers.
v. Recipients of personal data The information is used by Svelte Body Clinic when handling a safeguarding incident or concern. The clinic may share information accordingly to ensure duty of care and investigation as required with other partners such as local authorities, the police or healthcare professionals (i.e. their GP or mental health team).
b. Maintaining confidentiality of patient/client records Svelte Body Clinic are committed to protecting patient/client privacy and will only use information collected lawfully in accordance with:
• Data Protection Act 2018
• The General Data Protection Regulations 2016
• Human Rights Act 1998
• Common Law Duty of Confidentiality
• Health and Social Care Act 2012
• NHS Codes of Confidentiality, Information Security and Records Management
• Information: To Share or Not to Share Review
d. Sharing your personal data Svelte Body Clinic will not share your information for marketing purposes with any other company.
e. Where electronic information is stored
All the personal data that Svelte Body Clinic process is processed by our staff and held in the UK. No third parties have access to patient/client personal data unless the law allows them to do so and appropriate safeguards have been put in place. Svelte Body Clinic has a Data Protection regime in place to oversee the effective and secure processing of patient/client personal and or special category (sensitive, confidential) data.
f. Computer System
Svelte Body Clinic operates a clinical computer system on which staff record your payment, patient and private information via a secure network system. Please note, our systems are backed up virtually via a secure private IT company at regular points through our working week, as well as manually stored securely at our premises at SVELTE BODY CLINIC HQ. Svelte Body Clinic consider patient consent as being the key factor in dealing with patient/client health information.
g. Shared Care Records Svelte Body Clinic will not share patient/client information to other systems.
h. Sharing patient/client information without consent Svelte Body Clinic will normally ask patient/clients for their consent, but there are times when it may be required by law to share patient/client information without their consent, e.g.
5. What should a patient/client do if their personal information changes
Patient/clients should inform Svelte Body Clinic of any changes to personal information if they return for any treatment so that the clinic can update their records. They would be advised to email info@SvelteBodyClinic.co.uk as soon as any of your details change. Especially important are changes of address or contact details (e.g. mobile phone number or email address), therefore Svelte Body Clinic will, from time to time, ask patient/clients to confirm that the information currently held is accurate and up-to-date.
6. How long a patient/client’s personal information is retained by us
Svelte Body Clinic are required under UK law to keep patient/client information and data for the full retention periods as specified by the NHS Records management code of practice for health and social care and national archives requirements. More information on records retention can be found online at (https://digital.nhs.uk/article/1202/Records-Management-Code-of-Practice-for-Health-andSocial-Care-2016)
7. Patient/client’s rights under data protection laws
Even if Svelte Body Clinic already holds the personal data of a patient/client, the patient/client still has various rights in relation to it. Svelte Body Clinic would advise that the patient/client to make contact (see section 12). Svelte Body Clinic will seek to deal with the request without undue delay, and in any event in accordance with the requirements of any applicable laws. Svelte Body Clinic may keep a record of the communications to help them resolve any issues which a patient/client may raise.
c. Right to erasure: In certain situations (e.g. where Svelte Body Clinic have processed patient/client data unlawfully), the patient/client has the right to request the clinic to "erase" their personal data. Svelte Body Clinic will respond to their request within 30 days (although Svelte Body Clinic may be allowed to extend this period in certain cases) and will only disagree with a patient/client if certain limited conditions apply. If Svelte Body Clinic do agree to the patient/client request, they will delete the patient/client data but will generally assume that the patient/client would prefer the clinic to keep a note of their name on the clinic register of individuals who would prefer not to be contacted. That way, Svelte Body Clinic will minimise the chances of the patient/client being contacted in the future where their data are collected in unconnected circumstances. If a patient/client would prefer the clinic not to do this, they are free to say so.
8. Requesting access to your personal data
Subject Access Requests (SAR): Patient/clients have a right under the Data Protection legislation to request access to view or to obtain copies of what information Svelte Body Clinic holds about them and to have it amended should it be inaccurate. To request this, they need to do the following:
9. Security of your personal data
We are committed to taking appropriate measures to protect your personal data against unauthorised or unlawful processing and against accidental loss, destruction or damage to that personal data. When you provide your personal data through our website, this information is transmitted across the internet securely using high-grade encryption.
As described in this Privacy Notice, there are some instances where we need to disclose your personal data to third parties. Where Svelte Body Clinic discloses your personal data to a third party, we require that the third party to have appropriate measures in place to protect your personal data; however in some instances we may be compelled by law to disclose your personal data to a third party and have limited control over how it is protected by that party. The information that you provide to us will be held in our systems, which are located on our premises or those of an appointed third party. We will retain your personal data for as long as we need it in order to fulfil our purposes set out in this Privacy Notice or in order to comply with the law.
10. Cookies
In order to improve our services, to provide you with more relevant content and to analyse how visitors use our website, we use technologies, such as cookies. We will not be able to identify you from the information we collect using these technologies. You can delete cookies if you wish; while certain cookies are necessary for viewing and navigating on our website, most of the features will still be accessible without cookies.
We will only read or write cookies for the preference level set, cookies set prior to you changing your settings will still be on your computer and you can remove them using your browser settings.
We use a cookie to remember your cookie preferences this has a couple of consequences
HOW WE USE COOKIES
ASP.NET_SessionId – Stores the unique session ID provided to the user by the website.
.ASPXFORMSAUTH – Stores the user’s encrypted authentication ticket when using forms authentication.
Campaign – Stores the web analytics Campaign assigned to the visitor.
CMSAB<ABtestname> – Used to track conversions for the test and maintain consistent page content for the visitor. Stores the name of the page variant assigned to the visitor, the list of performed conversions and information whether visitor is included in A/B testing specified by an A/B test.
CMSCookieLevel – Specifies which cookies are allowed by the visitor.
CMSCsrfCookie – Store’s a security token that the system uses to validate all form data submitted via POST requests. Helps protect against Cross site request forgery.
CMSMVT<mvtestname> – Stores the combination of variants assigned to the visitor by an MVT test. Used to track conversions for the test and maintain consistent page content for the visitor.
CMSPreferredCulture – Stores the visitor’s preferred content culture.
CMSShoppingCart – Stores a reference to the user’s active shopping cart.
CookieBar – Stores whether or not the visitor has accepted the cookie policy.
CPCKeyword – Stores the keyword that directed the visitor to the site if it was via a PPC campaign.
CurrentContact – Stores the GUID of the contact related to the current site visitor. Used to track activities on the website.
DoubleClick – Cookies used by the Google DoubleClick advertising service. Full details on DoubleClick cookies can be found here.
Google Analytics – Cookies used by Google Analytics to track the visitor’s data on the website. Full details on Google Analytics cookies can be found here.
Source – Stores the channel which the user came from (e.g., email, Facebook, Twitter, etc.).
StickyFooter-<ActionName> – Stores whether or not the visitor has performed an action in the mobile sticky footer.
StickyHeaderViewed – Stores whether or not the visitor has been show the sticky header on the desktop version of the website.
TimeOnSite – Stores the total time in seconds the visitor has been on the website this session.
UrlReferrer, ReferrerURL – Stores the URL referrer from which the user arrives on the website.
VisitorStatus – Indicates if the visitor is new or returning. Used for tracking the visitors statistic in Web analytics.
INFORMATION THIS WEBSITE GATHERS/TRACKS
As web tracking offers more chances to market to website visitors across the Internet, you as a visitor to the Svelte Body Clinic website may be targeted with adverts on other websites. Google and third party vendors might show targeted adverts with the ability to opt out. First and third party cookies are used to provide information and offer improvements to optimise quality of adverts served. You can change the cookie management settings on our website or in your web browser to stop these adverts. If you are a registered Facebook user, you may also receive targeted adverts from Svelte Body Clinic. You can read about how Facebook works by following this link https://en-gb.facebook.com/policies/cookies/
11. Updates to our Privacy Notice
We review this Privacy Notice on a regular basis and will publish any new version on the website.
12. How to contact us
Please contact the Data Protection Officer if you have any questions about our Privacy Notice.
Any queries regarding Data Protection issues should be addressed to: -
Email: info@SvelteBodyClinic.co.uk
Postal: SVELTE BODY CLINIC, 98-100 Eversholt Street, London, NW1 1BP.
If you are happy for your data to be extracted and used for the purposes described in this privacy notice, then you do not need to do anything.
If you have any concerns about how your data is shared, then please contact the Data Protection Officer at Svelte Body Clinic.
If you would like to know more about your rights in respect of the personal data we hold about you, please contact the Data Protection Officer.
Svelte Body Clinic
Norrys Road, Cockfosters, Barnet, EN4 9JX, United Kingdom
Copyright © 2024 Svelte Body Clinic - All Rights Reserved.
Company Reg. No. 12125717.