1. Your personal data – what is it?
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation (GDPR) from 25th May 2018.
2. Who is responsible for managing my information?
Southville Clinic Limited is the data controller (contact details in section 14). This means it decides how your personal data is processed and for what purposes.
Southville Clinic Limited complies with its obligations under the GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data. Our security policy is available on request.
3. What information do we collect?
If you contact us by telephone: We will collect the following information from you to enable us to book an appointment: name, contact number, e-mail address. Please note telephone calls may be recorded.
If you contact us by e-mail: We will collect the following information from your e-mail to enable us to book an appointment: name, contact number (if provided), e-mail address. Please do not e-mail sensitive or personal information. Please contact practitioners directly if you have questions or queries. Our main role is to assist with appointment booking.
If you contact us via ‘Contact Us’ form: We will collect: message, name, contact telephone number and e-mail address.
CCTV: We use CCTV monitoring outside our premises. Signs are in place to identify the locations of the cameras. Recording is 24/7 and images are stored securely on the premises. We run this security measure jointly with Southville Surgery. No images are recorded within our premises.
4. Data Processors
Data processors have specific legal obligations; for example, they are required to maintain records of personal data and processing activities. They have legal liability if they are responsible for a breach.
We consider the following to be ‘data processors’ on our behalf:
Details of all our practitioners are available on our website. Please note practitioners will also act as data controllers in relation to any additional information they collect from you. We advise that you review their individual ‘privacy policies’ in relation to how they will manage your data. We have no role in the collection or management of this additional data.
Where we use the following SuperSaas services:
Secure appointment booking system
More information about this company can be found at https://www.supersaas.com
In relation to joint CCTV monitoring only.
In relation to provision of telephone services only. Please note, call recording is currently suspended. More information can be found at:
5. Lawful basis for processing
We collect information directly from you, with your consent. Where consent is obtained verbally or in writing, depending on the method of contact.
6. How do we use your information?
Your personal data will be treated as strictly confidential and will be shared with relevant individuals only.
Specifically, the information you provide may be used:
- to enable us to make an appointment with your chosen practitioner;
- to confirm and remind you of your appointment;
- to put you in direct contact with the practitioner of your choice;
- to enable us respond to your query;
- CCTV: if an incident or crime occurs in the view of our cameras, we may review the images and resolve a minor matter internally or pass images on to the police, if relevant to a criminal offence.
- Telephone call recording: if an incident occurs where a client is abusive to a staff member or when a client makes complaint in relation to a telephone encounter.
We will never use your information for marketing. We will never use your images for any other purposes.
7. Who will we share your information with?
In order to provide you with the services that we offer we may share your information with:
- Clinic Manager;
- Reception staff;
- SuperSaas software for appointment booking;
- Your chosen practitioner;
We will never share your information with 3rd parties for direct marketing.
8. When can we contact you in the future?
Other than the circumstances outlined above, we will never send you information about our products and services, or information from third parties.
9. How long will we hold your information for?
We have a system of retention periods in place to ensure that your information is only stored whilst it is required for the relevant purposes or to meet legal requirements. Where your information is no longer required, we will ensure it is disposed of in a secure manner.
Our Policy is to delete information after 3 months. If you want us to remove your data ahead of this automated deadline then please contact us (see section 14 for full contact details), either verbally or in writing. Please note we have 28 days to comply with any request for data deletion.
11. How can you access and update your information?
You have the right to request a copy of the information that we hold about you. If you would like a copy of some or all of your personal information, please email or write to us (contact details, section 14). We will process any requests for information (Subject Access Requests) within 28 days, subject to identity verification. We reserve the right to charge a fee if multiple requests are made for the same information or if the request is ‘unfounded or excessive’.
We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate at any time, either verbally or in writing. We have up to 28 days to consider and correct any inaccuracies.
12. Does the policy apply to linked Websites?
Reviewed: January 2020
Next review: January 2021
Clinic Reception Manager: Karen Pitman
Southville Clinic, 68 Coronation Road, Bristol, BS3 1AS
15. How can you report a data breach?
If you have concerns that your data has been accessed, shared or otherwise used for purposes not outlined within this document or without your consent. Please contact us as soon as possible and we will investigate the matter. (Contact details provided in section 14)
16. Your rights and your personal data
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:
- The right to request a copy of your personal data which Southville Clinic Limited (data controller) holds about you;
- The right to request that the Southville Clinic Limited corrects any personal data if it is found to be inaccurate or out of date;
- The right to request your personal data is erased where it is no longer necessary for Southville Clinic Limited to retain such data;
- The right to withdraw your consent to the processing at any time;
- The right to request that the data controller provide the data subject with his/her personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), (where applicable).
- The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
- The right to object to the processing of personal data, (where applicable)
- The right to lodge a complaint with the Information Commissioners Office.
For more information about data protection and your rights visit: www.ico.org.uk
If you have any comments or suggestions in relation to this policy or require additional information, please contact us (contact details in section 14).