Privacy Policy Notice
The policy: This privacy policy notice is served by Dr SW Clinics, 77, Harley Street, London, W1G 8QN under the website; www.drswclinics.com. The purpose of this policy is to explain to you how we control, process, handle and protect your personal information through the business and while you browse or use this website. If you do not agree to the following policy you may wish to cease viewing/using this website, and or refrain from submitting your personal data to us.
Policy key definitions:
“I”, “our”, “us”, or “we” refer to the business, Dr SW Clinics.
“you”, “data subject”, “the user” refer to the person(s) using this website.
GDPR means General Data Protection Regulation.
PECR means Privacy & Electronic Communications Regulation.
ICO means Information Commissioner’s Office.
Cookies mean small files stored on a users’ computer or device.
Introduction
The privacy of our patients and website visitors matters greatly to Dr SW Clinics and this policy is designed to contain all the information you need to know, in a clear and concise format, about the kind of personal data that we handle, store, protect and use in relation to this website and our email marketing activities. We encourage you to read this policy carefully and to contact us if you have any questions or concerns about our practices in relation to your privacy and our compliance with the GDPR.
Who are we?
Dr SW Clinics is an aesthetic clinic business founded and run by Dr Sherif Wakil. Dr SW Clinics is the data controller for personal data submitted to this website by visitors. Our data protection officer can be contacted at 77, Harley Street, London, W1G 8QN.
What information do we collect?
We collect personal data, including name, email address, street address and telephone number when a user completes a contact form or requests to join our mailing list on the website.
Processing of your personal data
How do we use your personal information?
We will use your personal information to address an enquiry placed about the treatments and services we offer in our clinic(s), and to assist in the processing and booking of consultation appointments. We will also use your personal data, specifically your name and email address to deliver marketing and special event communications via email, or to involve you in polls or surveys. We may use it to personalise the content that we serve to you to improve your customer experience. We may also use your name and address to send you physical mail-outs in relation to our marketing activities. You may unsubscribe from marketing activities at any time.
Your personal data may also be used for internal research and development purposes, during internal auditing and to meet other legal obligations.
What legal basis do we have for processing your personal information?
Under the GDPR (General Data Protection Regulation) we control and/or process any personal information about you electronically using the following lawful bases. There are six possible legal grounds or lawful bases which allow us to process your personal data. These are: consent, contract, legitimate interests, vital interests, public task and legal obligation.
Lawful basis: Consent
Where our purpose for processing your personal data is related to the completion of a contact form or to join a mailing list, you have consented to provide your personal data as part of an enquiry about our services and/or wish to arrange a follow-up communication to arrange an appointment for consultation. You have also consented to receive further marketing communications from us, via email, telephone or direct mail. You may withdraw your consent or manage your consent and the type of processing of your personal data at any time. We process your information in the following ways: contact you via email, contact you via your telephone number, or via your street address. We will continue to process your information under this basis until you withdraw consent, or it is determined your consent no longer exists; this constitutes our data retention period. We do not share your information with third parties.
Lawful basis: Contract
Where our purpose for processing is to enter into a contract to provide private treatment services which you have solicited via our website.The processing of your personal information is necessary for the commencement of a contract between us and you. We process your information in the following ways: contact you via email, contact you via your telephone number, or via your street address. We will continue to process your information under this basis is no longer valid or it is determined you a contract no longer exists; this constitutes our data retention period. We do not share your information with third parties.
If, as determined by us, the lawful basis upon which we process your personal information changes, we will notify you about the change and any new lawful basis to be used if required. We shall stop processing your personal information if the lawful basis used is no longer relevant.
Where do we store and process your personal data?
We ensure that your personal data is processed according to our privacy policy and is applicable to the UK and European GDPR law.
We do not transfer data outside of the European Economic Area.
How do we secure your personal data?
Data security and the security of any personal information is very important to us, so we ensure that we use secure technologies, including web hosting and data storage (database) services, including customer relationship management software systems to protect your personal information. We have precise procedures in place to store, access and manage personal information which is compliant with GDPR requirements. We protect your personal data against accidental loss, unauthorised access, use, destruction or disclosure. We ensure compliance with business continuity and disaster recovery and conduct privacy impact assessments in accordance with the law, as well as training staff and contractors on data security, as well as managing any third party risks.as managing any third-party risks.
How long do we keep your personal data for?
GDPR regulations require us to retain your personal data no longer than is reasonably necessary. We will continue to store your personal information, and utilise it to maintain communication with you, either regarding appointments, an ongoing contract or marketing communications until which point that you unsubscribe from our services, withdraw your consent or your personal data ceases to facilitate an ability to communicate with you. The length of time that we keep or retain your data will be determined by these factors.
Your individual rights
Under the GDPR your rights, as a data subject, to access and control your personal data are as follows:
the right to be informed;
the right of access;
the right to rectification;
the right to erasure;
the right to restrict processing;
the right to data portability;
the right to object; and
the right not to be subject to automated decision-making including profiling.
This all means that you have the right to access your personal information, to correct it or have it deleted or to be able to transfer it easily (data portability). You also have the right to withdraw your consent from any processing of your personal data, such as withdrawing consent for marketing communications and to restrict processing of your data or object to the way in which it is being processed. You also have the right to complain to the ICO [www.ico.org.uk] if you feel there is a problem with the way we are handling or processing your data.
How to contact us?
If you wish to get in touch if you have any questions or concerns about this privacy policy and our practices in relation to GDPR, if you wish to access your personal information or file a complaint, you may contact us by post, email or telephone at the following:
Dr SW Clinics
77, Harley Street
London
W1G 8QN
Telephone: +44 (0)20 7467 5340
Email: [email protected]
Internet cookies
We use cookies on this website to provide you with a better user experience. We do this by placing a small text file on your device/computer hard drive to track how you use the website, and to record or log viewed content. Some cookies are required to enjoy and use the full functionality of this website.
Some cookies will be saved for specific time periods, where others may last indefinitely. Your web browser should provide you with the controls to manage and delete cookies from your device, please see your web browser options.
Email marketing
Under the GDPR we use the consent lawful basis for anyone subscribing to our newsletter or marketing mailing list. We only collect certain data about you, as detailed in the “Processing of your personal data” above. Any email marketing messages we send are done so through an Email Marketing Service (EMS). An EMS is a third-party service provider of software/applications that allows marketers to send out email marketing campaigns to a list of users. We currently use a customer relationship management system from Pabau, as well as email marketing services from MailChimp.
Email marketing messages that we send may contain tracking beacons/tracked clickable links or similar server technologies in order to track subscriber activity within email marketing messages. Where used, such marketing messages may record a range of data such as; times, dates, IP addresses, opens, clicks, forwards, geographic and demographic data. Such data, within its limitations will show the activity each subscriber made for that email campaign.
Any email marketing messages we send are in accordance with the GDPR and the PECR.
We provide you with an easy method to withdraw your consent (unsubscribe) or manage your preferences. See any marketing messages for instructions on how to unsubscribe or manage your preferences, such as those provided through MailChimp.