PRIVACY NOTICE

Preventative Health Doctors Limited trading as ‘The Men’s Health Clinic’ is fully committed to ensuring the privacy of all patients and visitors to our website in line with the General Data Protection Regulation 2018.  We are registered with the Information Commissioners Office – Registration Reference ZA095357 – in accordance with The Data Protection Act 1998.  This policy explains what personal data we may collect about you and how we use it.

About Us

The website we operate and which this policy refers to is www.themenshealthclinic.co.uk.  For simplicity, “we” and “us” refers to Preventative Health Doctors Limited/The Men’s Health Clinic.

Preventative Health Doctors Limited, trading as ‘The Men’s Health Clinic, is the data controller and is responsible for your personal data.  We are a limited company registered in England with company number 09325917.  Our registered office is Flat 5 Redcroft, 20 Pinewood Road, Branksome Dene, Poole, Dorset, BH13 6JS.

Our Medical Director and Data Protection Officer is Dr Robert Stevens MBChB MRCGP Dip.FIPT who can be contacted at info@themenshealthclinic.co.uk.

Alternatively, you can write to:

Dr Robert Stevens MBChB MRCGP Dip.FIPT – Data Protection Officer

The Men’s Health Clinic c/o Lilliput Health, Lower Ground Floor, The Surgery, Elms Avenue, Poole, Dorset, BH14 8EE

Your Personal Data and Sensitive Personal Data

Under data protection legislation, the data that we hold about you is categorised as follows:-

Personal Data – Data related to an identifiable person, or data that can be used to identify an individual.  Examples of personal data we collect and process under this category include names, dates of birth, home addresses, email addresses, telephone numbers, occupations, GP details and other online identifiers.

Sensitive Personal Data – Sometimes referred to as Special Category Data, this is data that is recognised to be more sensitive than the above personal data.  The type of data that we may collect and process under this category includes information about your racial or ethnic origin, genetics, health, sex life and sexual orientation.  We will only ever use this data for the purposes of diagnosis and treatment, and to ensure your care and safety as a patient.  We will never use your sensitive personal data for targeted marketing purposes.

Legal Bases

Under data protection legislation, we must have a lawful reason for obtaining and processing your personal data.  Below are the bases we use and an example of the purpose for which we use it:

Contract – We need your data in order to fulfil our obligations to you.  For example, to see you in clinic we need your information to create a new patient profile on our patient database.  To commence treatment, we need a record of personal and medical history to ensure that your treatment is clinically appropriate, safe and effective.

Legal Obligation – There may be some situations where we are required by law or regulatory bodies to process your data.  For example, we may be required to gather information as part of investigations by regulatory bodies, such as the Care Quality Commission (CQC), or in connection with legal proceedings or requests.

Legitimate Interests – We may sometimes require your data to pursue our interests in such a way that might reasonably be expected as part of running our business but does not significantly impact your rights or freedom.  For example, we will use the contact details you provide to call, email, SMS or instant message you regarding your enquiry, or to provide you with requested and/or relevant information.  We may also combine and anonymise your data with that of other patients to identify trends, complete patient audits and to help make improvements to our service.

Furthermore, we process your sensitive personal data (or special category data), in line with the condition that it is necessary for medical diagnosis and the provision of health care and treatment.

How We Collect Your Personal Data

There are a variety of ways that we may collect your personal data.  These include:

  • When you communicate with us by phone, email, SMS or instant messaging systems.
  • When you visit our website.
  • When you engage with us on social media.
  • When you interact (open/click) with our emails.
  • When you request further information from us.
  • When you arrange appointments with clinic staff.
  • When you attend appointments and as part of the consultation process.
  • When you make payments to us or require a refund.
  • When you complete any forms.
  • When you’ve given a third-party permission to share with us the information they hold about you (e.g. Facebook).
  • When you complete any surveys or testimonial requests that we may send you.
  • When you review our services (e.g. Google business/Facebook).
  • When you refer a friend or are referred by a friend.
  • When you come to work for us.

Types of Personal Data that we Collect

We collect various types of personal data.  These include:

  •  Whilst using our website you may submit information to us via our general enquiry form. This may include your name, email address, telephone number and details of your enquiry.  We require this information so that we can contact you regarding your enquiry and to better understand the demand for our services.
  • When you arrange a new patient consultation we require that you compete a ‘Personal Details Form’ so that we can set up a new patient profile on our patient database platform.
  • We may issue you with medical screening questionnaires to be completed prior to your consultation.
  • Details of your interactions with us over the telephone, through our clinics or online. For example, we may make note of telephone conversations and retain email conversations.
  • Details of your interaction with our websites, including how you arrived, which pages you visited, time spent, links clicked and technical information about your device and internet connection.
  • Your reviews, testimonials, survey responses and comments.
  • Payment details.
  • If you come to work for us we will collect personal details including your name and contact information, date of birth, gender, government identification numbers, education and training information, bank account details, performance information, previous employment details and DBS information.

How and Why Your Personal Data is Used

We strive to provide you with the best possible patient experience.  This starts with your very first interaction with us and continues through your entire patient journey.  One way to achieve this is to have a better understanding of who you are by collecting data about you.  We use this data to make improvements to our service and to communicate information that you are likely to be interested in.

There are cases where we are also required to collect and process data about you to either fulfil our contractual obligations to you, or to comply with the law.

Examples of how we may use your personal data include:

  • To contact you regarding your enquiry, we need to collect and process your data in order to fulfil your request for further information.
  • To provide you with further information about the subject of your enquiry so you understand your options and can make an informed decision.
  • To process your blood results using third party laboratories.
  • To contact you regarding your treatment plan and provide patient support.
  • To issue you with prescriptions.
  • To contact you by email regarding any changes to your upcoming appointment.
  • To obtain patient feedback.
  • To obtain further information about you for the purpose of potential employment or employment.

Protecting your Data

We take the security of your data very seriously and endeavour to take appropriate steps to protect it from unauthorised access, loss and/or misuse.  Your personal data is never sold for any purpose.

Keeping your Data

The law states that we must only keep your data for as long as is necessary to fulfil the purpose for which it was collected.  At the end of this period, your data will either be deleted or anonymised so that it can be used in a non-identifiable manner for statistical analysis to help us make improvements to our service and business.

Sharing your Personal Data

As previously stated, we will never sell your data to third parties for any purpose.  However, we do routinely use third parties to support, manage or deliver some of our day to day business services.  As a result, it may be necessary to share your personal data with the following types of companies that we work with:

  • Companies that help us deliver our emails and electronic communications to you.
  • Companies that support our website, appointment/phone handling and other IT/business systems.
  • Companies that provide analytics services.
  • Companies whose services we utilise for the transport and/or processing of your blood samples.
  • Companies whose services we engage with for the provision of your medical care and/or support.

We select the companies carefully and take appropriate precautions to ensure that your data is kept safe and your privacy protected.  We do this by only providing them with the the data they need to perform the services we require, and only giving them permission to use your data for the purposes we specify and agree with them.  We require third parties to respect the security of your data and to treat it in accordance with the law.

It may sometimes be necessary to share your requested personal data with regulatory bodies.  One example is the Care Quality Commission (CQC) who regulate health and social care services to ensure that safe care is provided.  The law states that we must report certain serious events to the CQC.  For more information about the CQC see – http://www.cqc.org.uk.  As regulators, the CQC have powers to access and use information – including personal and medical records – where they consider this is necessary to carry out their functions as a regulator.

We will never share your personal data, sensitive or otherwise, with any third-party who is not directly involved in your care without your express written request or permission to do this.

Non-EEA Third Party Processing

Many of our external third parties are based outside the European Economic Area (EEA) so their processing of your personal data will involve a transfer of data outside the EEA.

Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
  • Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
  • Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US.

Your Rights

You have explicit rights relating to your personal data.  These include:

  • Your right to access all personal data that we hold about you.  You will not have to pay a fee to access your personal information (or to exercise any of the other rights).
  • Your right to request the correction of any inaccurate data about you. If we do hold any inaccurate or out of date information about you, you can request that it is changed or updated.
  • Your right to request that we delete your data or stop processing it. In some instances, such as where we no longer need it, we can delete your personal data at your request.
  • Your right to stop direct marketing. Although we do not routinely use your personal data for direct marketing purposes, you have the right to be removed from our group email contact list and we will be happy to comply with your request.
  • Your right to withdraw your consent. Whenever you have previously given us consent to use your personal data, you have the right to change your mind and inform us.

Please note that there may be instances where we may refuse your request for any of the above (unless otherwise stated) where we have a strong overriding reason or are legally obliged to.

Should you ever wish to exercise any of your rights, please see the ‘About Us’ section for contact details.

Marketing Emails

We do not routinely use email for marketing purposes.  However, we do occasionally use the group email facility to disseminate pertinent information to all our patients.  In these instances, patient identity is always protected.  If you do not wish to receive such emails, please contact us by email at info@themenshealthclinic.co.uk and request to be removed from our email contact list.  Your request will need to be processed manually and so occasionally there may be a small delay in doing this.  You may therefore still receive emails from us during this time.

Please bear in mind that this action may prevent you from receiving information in the future regarding service delivery and improvements that may be relevant to your on-going care.  You will still receive email correspondence from us in reply to email enquiries from yourself, regarding your treatment plan or in relation to appointment bookings/alterations/cancellations.

Changes to this Privacy Notice

We may update this notice to reflect how we use your personal data.  We will notify all patients of any significant changes by e-mail.  However, you are encouraged to review this policy regularly to stay informed of how we use your data.

Complaints

If you are concerned about the way your data has been handled or used by us, please contact our Data Protection Officer on the contact details in the “About Us” section above.  If you are not satisfied with our response, you can report your concerns to the UK Information Commissioner Office (ICO).  Details of how to do this are on the ICO website – www.ico.org.uk.

Questions

We hope that this privacy notice clearly details the way that we handle your personal data and your rights.  If you have any questions that you feel haven’t been sufficiently addressed, please contact our Data Protection Officer on the contact details in the “About Us” section above.

 

Updated September 2018