Dr Teri Johnson performs all her treatments at Cheshire Lasers Clinic. She shares the same policy of that of the Clinic as she uses the same appointment system, marketing system etc.
Cheshire Lasers Privacy Policy
Cheshire Lasers values your privacy and want to be clear about the data we collect, how we use it and your rights to control that information. This policy reflects the high standards established by the General Data Protection Regulation (GDPR), a set of laws passed in the European Union. It applies to information collected by us, or provided by you, during your appointment, via email, our website, or in any other way including over the phone.
We are committed to protecting the privacy of our patients/clients. This privacy policy is intended to inform you on how we gather, define and use your data.
All your personal data will be held and used in accordance with GDPR and national laws implementing GDPR and any legislation that replaces it in whole or in part relating to the protection of personal data.
Information Collection
We do not collect personally identifiable information about you except when you provide it to us directly or through a third party. For example, if you subscribe to our MailChimp newsletter, complete a Jotform online survey, leave a review on reviews.co.uk, book a treatment with us, or consent to have a treatment with us or make a purchase.
The Information We Record Via Our Website
When you visit our websites (via a computer, mobile or hand-held device) you may provide us with personal information including your name, address, contact details and financial data (via Pay Pal or Fresha).
This information is gathered when you register or book an appointment online using Day Smart, email the Clinic, make a purchase from the on-line shop or sign up for our newsletter (via Mail Chimp), complete a Jotform online survey or leave a review on reviews.co.uk.
Our websites use the Google Analytics cookie. The Google Analytics cookie allows us to see information on user website activity including, but not limited to page views, referral and average time spent on the website. The information is depersonalised and is displayed as numbers, meaning it will not be tracked back to individuals, which helps to protect your privacy. Using Google Analytics we can see what content is popular on our website, and strive to ensure you have the best user experience possible.
Our websites may contain links to or from other websites. Please be aware that we are not responsible for the privacy practices of other websites. This privacy policy applies only to the information we collect on this Site. We encourage you to read the privacy policies of other websites you link to from our site or otherwise visit.
The Information We Record Via Emails
When you correspond with the Cheshire Lasers by email, we may need to retain the content of your email and any photographs supplied together with our replies, as they form part of your medical records.
The Information We Record During Your Consultations & Treatment Appointments
When you visit the Cheshire Lasers Clinic you provide personal information including your name, address, date of birth, contact details and medical history.
During your consultation medical notes are taken, which may include any allergies, operations and medication. We also record treatment data which may include details of treatments or procedures you have had done.
Depending on the treatment, photography and sometimes prescriptions may be required. This will form part of your treatment/medical records.
During your visit, you may be asked to read and sign consent and aftercare forms, which form part of your treatment/medical records. During your treatment, we will record treatment settings and outcomes and take photographs that form part of your treatment / medical records.
How We Use Your Information
Your personal details and medical records are for legitimate purposes and ensure we are able to:
- Provide the best possible care
- Provide Beauty, Medical and Aesthetic treatments safety
- Identify any contraindications you may have for specific treatments
- Diagnose medical concerns, provide treatment plans and write prescriptions
- Maintain an accurate appointment diary for all our specialist
- Confirm your appointment by text, email or phone
- To answer your questions by email or phone
- Keep you up to date on news and treatments offered by the Clinic
- To contact you for post-treatment follow up and care, including survey requests in order to improve our service
You have a responsibility to inform us if any of your details such as name, address, contact numbers change, so our records are accurate and up to date for you. Generally, we do not rely on consent as a legal ground for processing your personal data, other than in relation to sending marketing communications to you via email.
Marketing
We use MailChimp as our marketing automation platform. By agreeing to this you are acknowledging that the information you provide will be transferred to MailChimp for processing in accordance with their Privacy Policy. You have the right to ask us not to process your personal data for marketing purposes and can opt out from marketing at any time. This can be done by unsubscribing to one of their emails or we can unsubscribe for you. This will not affect our use of your data to contact you to remind you about your appointments.
Taking Payments
We take card payments using the Fresha System in the Clinic and PayPal for purchasing products online. These third parties have access to your Transaction Data and their GDPR-compliant policies.
Day Smart System
We use the Day Smart system, formerly known as the Appointment Plus, for our appointment diary; this enables you to book appointments online with most of our specialists, and it also sends automatic appointment confirmations and reminders. We store your contact details, such as name, address, email and phone numbers, here to identify you and send you confirmations and reminders in case we need to inform you of anything related to your appointment. Please view here for more information on Day Smart and its data policy.
Treatments Requiring Prescriptions
At Cheshire Lasers, some treatments require a prescription by a doctor or a prescribing health practitioner. These prescriptions must be sent to a pharmacy to provide your agreed treatment. Opting out of sharing your information with these providers may affect our ability to treat you. All our suppliers have entered into appropriate confidentiality obligations and/or contractual data processing clauses with us.
How We Maintain Confidentiality Of Your Records
Every staff member has a legal obligation to keep information about you confidential.
We have implemented appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know such data. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Depending on the service you use your records are locked away or stored electronically in a GDPR compliant software system. All digital data is secure and is highly protected from unauthorised persons and is also protected from deletion or malicious hacking.
How We Share Your Information
We will only share your information if you have given us written permission to make/cancel appointments with a family member/employee.
We do not sell our database to third parties.
We never share any information with third parties unless there is a genuine need for it, or we receive their request in writing and we have your written consent.
Disclosure of Personally Identifiable Information
-
Fraud Protection and Compliance with Law
We may need to disclose your personal information or share your personal information in order to comply with any legal or regulatory requirement, obligation or request. This includes the police for the prevention or investigation of a crime, HMRC, or our Insurers, legal advisors or other third parties who need access to it in the context of managing, investigating or defending claims or complaints.
-
Service Providers
We may retain other companies and individuals to perform functions consistent with our Privacy Policy on our behalf. Examples include customer support specialists, webhosting companies, credit card processing companies, fulfilment companies (e.g, companies that fill product orders or coordinate mailings), data analysis firms and email service providers. Such third parties may be provided with access to personally identifiable information needed to perform their functions, but may not use such information for any other purpose. We require all third parties to respect the security of your personal data and to treat it in accordance with the law.
How Long Do We Hold Your Information
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes.
As a Medical Clinic we are required to hold medical records for ten years from your last treatment.
Job applications and unsuccessful interview candidates – 6 months
Employee Records – Indefinitely
Marketing Enquiries and Emails – 6 months
Your Rights
You have the right to withdraw your consent at any time by contacting us via email or letter. We will no longer contact you although medical records must be retained for ten years. Where we are required to collect personal data by law, or under the terms of the contract between us and you do not provide us with that data when requested, we may not be able to perform the contract (for example, to deliver goods or services to you). If you don’t provide us with the requested data, we may have to cancel a product or service you have ordered but if we do, we will notify you at the time.
You have the right to request a copy of your medical records and this request must be put in writing and signed by the patient. We are required to respond to you within 30 days.
You have the right to have information updated or corrected if you feel it is inaccurate, incomplete or out of date. This request must put in writing and signed by the patient.
Changing Our Privacy Policy
Our privacy policy will be reviewed regularly and updated as needed or as required by law.
The revised policy will be displayed on our website and a notification displayed in our waiting room. Where necessary, you may be asked to sign the consent form again.
Objections & Complaints
Our Data Protection Officer is responsible for ensuring the Clinic keeps your information secure and confidential.
If you have concerns about the way your information is managed please contact the clinic on 01606 841255 or email cheshirelasers@aol.com
If you are still unhappy you can then complain to the Information Commissioners Office (ICO) at www.ico.gov.uk or telephone 0303 123 1113.
Data Breaches
Cheshire Lasers Clinic has a data breach policy and, in the unlikely event of a breach occurring, a further investigation will be held. Lessons learnt will be added to the policy and the relevant supervising bodies notified if required.
Changes To Our Privacy Policy
Any changes we may make to our privacy policy in the future will be posted on this page.
This privacy policy was last updated on 10 January 23