Preventative Health Doctors Limited trading as The Men’s Health Clinic is fully committed to ensuring the privacy of all patients and visitors to our website in line with the General Data Protection Regulation 2018. We are registered with the Information Commissioners Office – Registration Reference ZA095357 – in accordance with The Data Protection Act 1998. This policy explains what personal data we may collect about you and how we use it.
The website we operate and which this policy refers to is www.themenshealthclinic.co.uk. For simplicity, “we” and “us” refers to Preventative Health Doctors Limited. The Men’s Health Clinic is the data controller in relation to the processing of personal information that you provide us when using our services.
Our Medical Director and Data Protection Officer is Dr Robert Stevens MBChB MRCGP Dip.FIPT who can be contacted at email@example.com.
Alternatively, you can write to:
Dr Robert Stevens MBChB MRCGP Dip.FIPT – Data Protection Officer
The Men’s Health Clinic, c/o Lilliput Health, Lower Ground Floor, The Surgery, Elms Avenue, Poole, Dorset, BH14 8EE
Under data protection legislation, the data that we hold about you is categorised as follows:-
Personal Data – Data related to an identifiable person, or data that can be used to identify an individual. Examples of personal data we collect and process under this category include names, dates of birth, home addresses, email addresses, telephone numbers, occupations, GP details, emergency contact details and other online identifiers.
Sensitive Personal Data – Sometimes referred to as Special Category Data, this is data that is recognised to be more sensitive than the above personal data. The type of data that we may collect and process under this category includes information about your genetics, health, sex life and sexual orientation. We will only ever use this data for the purposes of diagnosis and treatment, and to ensure your care and safety as a patient. We will never use your sensitive personal data for targeted marketing purposes.
Under data protection legislation, we must have a lawful reason for obtaining and processing your personal data. Below are the bases we use and an example of the purpose for which we use it:
Contract – We need your data in order to fulfil our obligations to you. For example, to see you in clinic we need your information to create a new patient profile on our patient database. To commence treatment, we need a record of personal and medical history to ensure that your treatment is clinically appropriate, safe and effective.
Legal Obligation – There may be some situations where we are required by law or regulatory bodies to process your data. For example, we may be required to gather information as part of investigations by regulatory bodies, such as the Care and Quality Commission (CQC), or in connection with legal proceedings or requests.
Legitimate Interests – We may sometimes require your data to pursue our interests in such a way that might reasonably be expected as part of running our business but does not significantly impact your rights or freedom. For example, we will use the contact details you provide to call, email, SMS or instant message you regarding your enquiry, or to provide you with requested and/or relevant information. We may also combine and anonymise your data with that of other patients to identify trends, complete patient audits and to help make improvements to our service.
Furthermore, we process your sensitive personal data (or special category data), in line with the condition that it is necessary for medical diagnosis and the provision of health care and treatment.
There are a variety of ways that we may collect your personal data. These include, but are not limited to:
We collect various types of personal data. These include, but are not limited to:
We strive to provide you with the best possible patient experience. This starts with your very first interaction with us and continues through your entire patient journey. One way to achieve this is to have a better understanding of who you are by collecting data about you. We use this data to make improvements to our service and to communicate information that you are likely to be interested in.
There are cases where we are also required to collect and process data about you to either fulfil our contractual obligations to you, or to comply with the law.
Examples of how we may use your personal data include:
We take the security of your data very seriously and endeavour to take appropriate steps to protect it from unauthorised access, loss and/or misuse. Your personal data is never sold for any purpose.
The law states that we must only keep your data for as long as is necessary to fulfil the purpose for which it was collected. At the end of this period, your data will either be deleted or anonymised so that it can be used in a non-identifiable manner for statistical analysis to help us make improvements to our service and business.
As previously stated, we will never sell your data to third parties for any purpose. However, we do routinely use third parties to support, manage or deliver some of our day to day business services. As a result, it may be necessary to share your personal data with the following types of companies that we work with:
We select the companies carefully and take appropriate precautions to ensure that your data is kept safe and your privacy protected. We do this by only providing them with the the data they need to perform the services we require, and only giving them permission to use your data for the purposes we specify and agree with them.
It may sometimes be necessary to share your requested personal data with regulatory bodies. One example is the Care and Quality Commission (CQC) who regulate health and social care services to ensure that safe care is provided. The law states that we must report certain serious events to the CQC. For more information about the CQC see – http://www.cqc.org.uk. As regulators, the CQC have powers to access and use information – including personal and medical records – where they consider this is necessary to carry out their functions as a regulator.
We will never share your personal data, sensitive or otherwise, with any third-party who is not directly involved in your care without your express written request or permission to do this.
You have explicit rights relating to your personal data. These include:
Please note that there may be instances where we may refuse your request for any of the above (unless otherwise stated) where we have a strong overriding reason or are legally obliged to.
Should you ever wish to exercise any of your rights, please see the ‘About Us’ section for contact details.
We do not routinely use email for marketing purposes. However, we do occasionally use the group email facility to disseminate pertinent information to all our patients. In these instances, patient identity is always protected. If you do not wish to receive such emails, please contact us by email at firstname.lastname@example.org and request to be removed from our email contact list. Your request will need to be processed manually and so occasionally there may be a small delay in doing this. You may therefore still receive emails from us during this time.
Please bear in mind that this action may prevent you from receiving information in the future regarding service delivery and improvements that may be relevant to your on-going care. You will still receive email correspondence from us in reply to email enquiries from yourself, regarding your treatment plan or in relation to appointment bookings/alterations/cancellations.
We may update this notice to reflect how we use your personal data. We will notify all patients of any significant changes by e-mail. However, you are encouraged to review this policy regularly to stay informed of how we use your data.
If you are concerned about the way your data has been handled or used by us, please contact our Data Protection Officer on the contact details in the “About Us” section above. If you are not satisfied with our response, you can report your concerns to the UK Information Commissioner Office (ICO). Details of how to do this are on the ICO website – www.ico.org.uk.
We hope that this privacy notice clearly details the way that we handle your personal data and your rights. If you have any questions that you feel haven’t been sufficiently addressed, please contact our Data Protection Officer on the contact details in the “About Us” section above.
Updated 21st May 2018