Our contact details
Name: The Courtyard Aesthetic Clinic
Address: Suite 5 The Courtyard, St Cross Business Park, Newport, Isle of Wight, PO30 5BF
The type of personal information we collect
We currently collect and process the following information:
● Personal identifiers, contacts and characteristics (for example, name and contact details)
● Before and after treatment photographs
How we get the personal information and why we have it
Most of the personal information we process is provided to us directly by you for one of the following reasons:
● When you visit the clinic or request an appointment via our website or on the telephone.
We also receive personal information indirectly, from the following sources in the following scenarios:
● When you visit our website we automatically collect your IP address and device type. We also know what pages you have looked at and what links you have clicked on. This is through Google Analytics.
We use the information that you have given us in order to get a better understanding of how you are using our website so that we can continue to provide the best possible experience by personalising the content you see.
We may share this information with regulators, law enforcement bodies, government agencies, courts or other third parties where we think it necessary to comply with applicable laws or regulations, or to exercise, establish or defend our legal rights. Where possible and appropriate we will notify you of these disclosures.
Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:
(a) Your consent. You are able to remove your consent at any time. You can do this by contacting the clinic.
(b) We have a contractual obligation.
(c) We have a legal obligation.
(d) We have a vital interest.
(e) We need it to perform a public task.
(f) We have a legitimate interest.
How we store your personal information
Your information is securely stored through appropriate technical and organisational measures in place.
The length of time we keep your personal data depends on what it is and whether we have an ongoing business need to retain it (eg maintenance of medical records) We keep your data for as long as we have a relationship with you and for a period of time afterwards where we have an ongoing business need to retain it, in accordance with our data retention policies and practices. Following that period, we will delete or anonymise it.
Your data protection rights
Under data protection law, you have rights including:
Your right of access - You have the right to ask us for copies of your personal information.
Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Your right to object to processing - You have the the right to object to the processing of your personal information in certain circumstances.
Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Please contact us at email@example.com if you wish to make a request.
How to complain
If you have any concerns about our use of your personal information, you can make a complaint to us at firstname.lastname@example.org.
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk