Signature Medical Ltd respects your privacy and is committed to protecting your personal data. We will ensure that any information you provide to us will be collected, stored and processed in accordance with the General Data Protection Regulation and the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations 2003. We will not share your data with any third party except for administrative purposes relating to the services we provide and where we may be required to do so by law.
- visitors to our website
- people who do business with us and purchase our services treatments
Who We Are
firstname.lastname@example.org owned and operated bySignature Medical Ltd (‘we’ or ‘us’ or ‘our’), a company incorporated and registered in Scotland with registration number SC607129 having its registered office at 1 Gordon Street, Dumfries, DG1 1EG
We are registered with the Information Commissioner’s Office under registration numberSC607129. We are the data controller for the purpose of the EU General Data Protection Regulation (“GDPR”). Our designated Data Protection Officer is Sayani Sainudeen who can be contacted at email@example.com
Information That We Collect
Personal data, or personal information, means any information about an individual from which that person can be identified.
Personal data that we collect from you and process is:
- Identity Data: name, email address, date of birth, home address, occupation, gender, telephone number, mobile number;
- Health Data: also known as “Special Category Data” like medical history, health information and details about your race or ethnicity where this is relevant to your treatment;
- Financial Data: includes bank account and payment card details;
- Transaction Data: includes details about payments to and from you and other details of products and services you have purchased from us;
- Technical Data: includes information about how you use our website, products and services, internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website;
- Profile Data: includes purchases made by you or services that you have experienced, your interests, preferences, feedback and survey responses;
- Marketing and Communications Data: includes your preferences in receiving marketing from us and your communication preferences.
It is important that the personal data we hold about you is accurate and current. It is your duty to inform us, at the earliest opportunity available, of change to your personal data, in particular changes to your Health Data.
We will collect personal data from you when you:
- contact us via post, email or telephone
- engage with us on social media
- fill in forms online or in person
- visit or browse our website
- interact (open/click) with our emails
- request further information from us
- arrange appointments with our staff
- attend appointments and as part of the consultation process
- make payments to us or require a refund
- enter a competition, promotion or survey; orgive us some feedback
- visit us we may operate CCTV systems for security purposes
How We Use Your Personal Data (Legal Basis for Processing)
Most commonly, we will use your personal data in the following circumstances:
- Where we need to perform the contract we are about to enter into or have entered into with you e.g. to provide you with the treatments you have booked with us.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal or regulatory obligation.
Generally we do not rely on consent as a legal basis for processing your personal data.
The purposes and reasons for processing your personal data are:
- We collect your personal data to carry out our obligations arising from any contracts entered into between you and us and to provide you with the services that you request from us;
- We use your personal data to answer your queries, to provide you with the information that you request from us, to notify you about changes to our services and to better understand demand for our services;
- We use your personal data to contact you regarding your appointments and treatments, and to remind you by email or phone to book subsequent appointments for a treatment you have previously had which requires ongoing review;
- We collect your personal data to take payment and process refunds;
- We collect your personal data to administer our website to ensure that content from our website is presented in the most effective manner for you and for your computer, and for internal operations, including troubleshooting, data analysis, testing, research and statistical purposes;
- We collect and store your personal data as part of our legal obligations, for example business accounting and tax purposes;
- We will occasionally send you marketing information where we have assessed that it is beneficial to you as a customer and in our interests. Such information will be non-intrusive;
We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal basis we rely on to do so. Please note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
||Type of Data
|Legal Basis for Processing
|To register you as a new customer
|· Identity Data
· Health Data
|· Contractual obligation
· Requirements of the medical profession
|To process and deliver the treatments you book with us or to conclude the purchase of any products you buy from us, including: managing payments, fees and charges; and collecting and recovering money owed to us
|· Contractual obligation
- Our legitimate interests under Article 6(1)(f) of the General Data Protection Regulation
- Necessary for us to provide health care or treatment
Asking you to leave a review or take a survey
Asking you for updated medical history information
To enable you to partake in a prize draw, competition or complete a survey
- Marketing and Communications
|· Contractual obligation
- Necessary for us to provide health care or treatment
- Legal obligation
- Our legitimate interests
|To make suggestions and recommendations to you about goods or services that may be of interest to you
- Marketing and Communications
|· Our legitimate interests
Please note that we will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please get in touch.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so or obtain your consent. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Marketing & Promotional Offers
You will receive marketing communications from us if you have requested information from us or purchased good or services from us or if you provided us with your details when you entered a competition or registered for a promotion and, in each case, you have not opted out of receiving that marketing. We may use your Identity, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you.
You can ask us or third parties to stop sending you marketing messages at any time following the opt-out links on any marketing message sent to you or by contacting us at any time.
Information We Collect When You Visit or Browse Our Website
With regard to each of your visits to our website we may automatically collect the following information:
- We use a third party server to host our website. Our server is located in Switzerland. When someone visits our website we use a third-party service, Google Analytics, to collect standard internet log information, details of visitor behaviour patterns, technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, browser type and version, geographical location, time zone setting, browser plug-in types and versions, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. Please note that this is statistical data about our users’ browsing activities and patterns, and individuals cannot be identified from it.
- Information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our website (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.
We collect and process the above personal data about you for the purposes of analysing the use of the website and services. The legal basis for this processing is our legitimate interests, namely monitoring and improving our website and services. We may also use Facebook Pixels from time to time.
Information from Third Parties
We generally do not receive information about you from third parties. However, as we work closely with third parties we may receive information about you from them. The third parties from which we receive information about you will generally include other businesses and clients we work with from time to time.
We may combine this information with information you give to us and information we collect about you. We may use this information and the combined information for the purposes set out above (depending on the types of information we receive).For example,where a third party has passed on information about you to us because you have asked that third party to share information about you with us, we will process your information on the basis of your consent.
Where a third party has passed on information about you to us in order for us to provide services to you, we will process your information in order to take steps to enter into a contract with you and perform a contract with you (as the case may be). The legal basis for this processing is the performance of a contract between you and us and/or taking steps to enter into such a contract and our legitimate interests, namely the proper administration of our business.
However, where a third party has passed on information about you to us, and you have not consented to the sharing of that information, we will process your information on the basis of our legitimate interest, namely the performance of our obligations under a contract with the third party.
Special Categories Data
Owing to the services that we offer, we need to collect, store and process sensitive personal information (known as special category data) about you. Special category data is information about an individual that reveals their racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, and information concerning health.
We collect and process information concerning your health (Health Data) for the purpose of assessing the suitability of our services. We only use Health Data for the purposes of your treatment and to ensure your care and safety as a patient. Where we collect such information, we will only request and process the minimum necessary for the specified purpose. The legal basis for this processing is the compliance with our legal obligations(e.g. to comply with public health requirements), and to protect your vital interests. We never use your sensitive personal data for marketing purposes.
With the exception of Health Data, we do not collect any other special categories of personal data about you. Nor do we collect any information about religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, genetic and biometric information.
Our website and our services are not intended for children and we do not knowingly collect personal data relating to children.
You may only purchase our services if you are at least 16 years old. Our website is not intended to be used from persons under the age of 16.
If you are below the age of 16, before you can purchase our services we need to obtain parental consent. We will not knowingly collect or process information from persons under the age of 16 without parental consent.
Without consent, persons under the age of 16 shall no use our website and/or purchase our services. If a parent/guardian does not provide consent, we will delete the information provided during the booking process immediately.
It is possible that we could receive information pertaining to persons under the age of 16 by deception. If we are notified of this, as soon as we verify the information, we will immediately obtain parental consent to use that information or, if we are unable to obtain such parental consent, we will delete the information. Parents/guardians can review the personal information we collect, store and process, request that we delete that information and refuse to allow us to collect further information from their kids by contacting us by email at firstname.lastname@example.org. We may ask additional questions or take other steps to verify the identity of parents/guardians before responding to a request to review or delete their kid’s information, or a request to refuse further collection from kids.
Failure to Provide Personal Data
Where we need to collect personal data by law or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with treatments and/or goods). In this case, we may have to cancel a service you have booked, or a products you have ordered; we will notify you if this is the case at the time.
Subject to few limitations on certain rights, your principal rights in relation to your personal information under data protection laws are set out below. You can exercise any of your rights in relation to your personal data by writing to us to:79 West Regent Street, Glasgow, G2 2AW, or by sending an email to:email@example.com
- Right to access- You have the right to access any personal information that we collect, store and processes about you and to request information about: what personal data we hold about you; the purposes of the processing; the categories of personal data concerned; the recipients to whom the personal data has/will be disclosed; how long we intend to store your personal data for; if we did not collect the data directly from you, information about the source. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee.
- Right to rectification – If you believe that we hold any incomplete or inaccurate data about you, you have the right to ask us to correct and/or complete the information and we will strive to do so as quickly as possible; unless there is a valid reason for not doing so, at which point you will be notified.
- Right to erasure – In some circumstances you have the right to the erasure of your personal data without undue delay. Those circumstances include: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; you object to the processing under certain rules of applicable data protection law; the processing is for direct marketing purposes; and the personal data have been unlawfully processed. However, there are exclusions of the right to erasure. The general exclusions include where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for the establishment, exercise or defence of legal claims.
- Right to restrict processing – In some circumstances you have the right to restrict the processing of your personal data. Those circumstances are: you contest the accuracy of the personal data; processing is unlawful but you oppose erasure; we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defence of legal claims; and you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it: with your consent; for the establishment, exercise or defence of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.
- Right to object to processing – You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose.
- Right to data portability –Where applicable, you have the right to data portability of your information which means you have the right to receive your personal data from us in a structured, commonly used and machine-readable format.
- Right to complain to a supervisory authority – If you consider that our processing of your personal information infringes data protection laws or are unsatisfied with how we have handled your personal information, you have the right to lodge a complaint with the supervisory authority. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement. The supervisory authority in the UK is the Information Commissioner’s Office (ICO), the contact details of which are:
Information Commissioner’s Office
0303 123 1113
- Right to withdraw consent – To the extent that the legal basis for our processing of your personal data is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.You can withdraw your consent to our processing of your personal data by emailing us at firstname.lastname@example.org you can withdraw your consent to email marketing by using the unsubscribe link in such communications.
If we receive a request from you to exercise any of the above rights, we may ask you to verify your identity before acting on the request; this is to ensure that your data is protected and kept secure.
Disclosure of Your Information
The third-party service providers that we work with are:
- We may disclose your personal data to our accountants, insurers and professional advisers insofar as reasonably necessary for the purposes of completing tax returns, obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, or the establishment, exercise or defense of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
- We may disclose your personal data to our business partners, suppliers and sub-contractors insofar as reasonably necessary for the performance of any contract we enter into with you and/or where you have provided consent.
· Financial transactions relating to our services may be handled by our payment services providers. We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds.
· We may disclose your personal data to HM Revenue & Customs, regulators and other authorities who require reporting of processing activities in certain circumstances.
· We may disclose your personal data to analytics and search engine providers that assist us in the improvement and optimisation of our website. We use Google Analytics on our website; Google uses this information, including IP addresses and information from cookies, for a number of purposes.
In addition to the specific disclosures of personal data set out above, we may disclose your personal information to third parties:
· In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
· If Signature Medical Ltdor substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
· If such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person, or in order to enforce or apply our Terms and Conditions and other agreements. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction and debt collection agencies. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
Transfers of Your Personal Data Outside the EEA
Weutilise someproducts or services that may be hosted/stored in countries outside the EEA. Therefore, the personal data we collect may be stored on servers which are hosted outside the EEA. Where this is the case, we will take steps to ensure that those providers use the necessary level of protection for your information and abide by strict agreements and measures set out by Signature Medical Ltdto protect your data and comply with the relevant data protection laws.
The European Commission has adopted standard contractual clauses (also known as Model Clauses), which provide safeguards for personal information that is transferred outside of EEA. We often use these Model Clauses when transferring personal data outside the EEA.
How Long We Keep Your Data
Where you have consented to us using your details for direct marketing, we will keep such data until you notify us otherwise and/or withdraw your consent.
We take your privacy seriously and take every reasonable measure and precaution to protect and secure your personal data. We follow generally accepted standards to protect the personal information submitted to us, both during transmission and after it is received. We work hard to protect you and your information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures in place, including: secure hosting of our website, virus and malware protections, using an SSL certificate, verifying the identity of anyone who requests access to information prior to granting them access to the information, only sharing and providing access to your information to the minimum extent necessary, subject to confidentiality restrictions. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
Unfortunately, no method of transmission over the internet or method of electronic storage is 100% secure. Therefore, while we strive to protect your personal information, we can’t guarantee its absolute security. If you have any questions about the security of your personal information, you can contact us at email@example.com
Links to Other Websites Bookmark
How to Contact Us Bookmark
- Post to:79 West Regent Street, Glasgow, G2 2AW
- Telephone on:01412552737
- Email at:firstname.lastname@example.org