At the Dr Joney De Souza Skin & Laser, we understand the importance of ensuring that the personal information entrusted to us is protected and respected at all times. All personal data is handled in accordance the Data Protection Act 1998 and General Data Protection Regulation 2018.
Dr Joney De Souza Skin & Laser is registered in England with company number 09321934. Our registered office and trading address are at 49 Blandford Street, Marylebone, London, W1U 7HH.
THE INFORMATION WE COLLECT
What Information Is Collected What We Do With Your Information
Information you give to us:
Names, email address and phone number
To provide the information requested in response to your enquiry
To schedule appointments
When attending an appointment:
Name, address, date of birth, email address, phone number, medical history and photograph(s)
To support and document your treatment provision
As a legal requirement, failure to provide us with this information will result in us being unable to provide prescriptive treatments.
Information we collect automatically:
All telephone calls made to the clinic are recorded.
For quality and training purposes to improve the service we provide
At each visit you make to our website https://www.drjoneydesouza.com/ we will automatically collect technical information including your Internet Protocol (IP) address, browser type and version, time zone setting, browser plug-in types and version, operating system and platform.
Information about your visit including the full Uniform Resource Locators (URL), clickstream to, through and from our Site (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks and mouse-overs) and methods used to browse away from the page.
For legitimate business interests including the upkeep, maintenance and improvement of our website
We may also use this information for some or all of the following reasons:
To inform decisions about how our business is run
To notify you about changes to our service
To send you text and/or email notifications to remind you of appointments booked with us
To contact you for post-treatment follow up and care, including survey requests in order to improve our service
Where you have opted-in to receive marketing communications, to contact you to provide information regarding other treatments or services that we think may be of interest to you.
SHARING YOUR INFORMATION
We take our obligations under the Data Protection Act 1998 and the General Data Protection Regulation 2018 very seriously.
Any information you provide to us will be kept confidential and only disclosed to the individuals involved with delivering your care.
At times, we may share your personal information with:
Other members of the Dr Joney De Souza Skin & Laser team as part of your ongoing care provision, or to monitor and improve the business performance.
Selected third parties such as Wigmore Medical or Healthxchange Pharmacy for prescriptive purposes. Opting out of sharing your information with these providers for prescriptive purposes will impair our ability to treat you.
Our IT or software providers when seeking technical assistance.
There may also be circumstances where we are under a duty to disclose or share your personal information in order to comply with any legal or regulatory requirement, obligation or request. This may include the police for the prevention or investigation of a crime, our Insurers, legal advisors or other third parties who need access to your information in the context of managing, investigating or defending claims or complaints.
We cannot guarantee that the information you send us over the internet is secure, but once we receive it we will take all reasonable steps to protect the information you supply to us. All data is stored inside of the European Economic Area, with backups of electronically stored data taken regularly and strong encryption used to protect all files.
Under the General Data Protection Regulation 2018, we will only hold personal identifiable data for the maximum retention periods:
Job applications and unsuccessful interview candidates – 6 months
Employee Records – 6 years following termination of contract
Medical (Aesthetic) Records – 7 years following last appointment
Marketing Enquiries and Emails – 6 months
Financial Records – 7 years
CCTV footage – 2 weeks
Telephone Calls – 1 month
We employ CCTV in the public areas of the clinic to aid the security of our staff, clients and premises. CCTV cameras are not in use in our treatment rooms and do not have audio recording.
CCTV footage is held for a maximum of two weeks and may be requested as part of a Subject Access Request. We may at times disclose CCTV footage for the prevention or investigation of a crime, or for legal purposes including the defence of claims or complaints.
We record all inbound telephone calls in order to monitor and improve the service we offer.
Where you provide permission, cookies may be stored on the hard drive of your computer. Cookies can be blocked by activating the setting on your browser, however you may not be able to access all or parts of our Site.
You have the right to ask us not to process your personal information. Should you withdraw consent for the processing of personal data from your treatment records, we will be unable to continue to provide prescriptive treatments.
You have the right to ask us not to process your personal information for marketing purposes. We will only contact you for marketing purposes if you have elected to receive marketing text messages or emails. Should you wish to stop receiving marketing communications from us, you can let us know by email to email@example.com.
Our website https://www.drjoneydesouza.com/may contain links to and from third party websites. Dr Joney De Souza Skin & Laser does not accept any responsibility or liability for the safety or security of personal data entered into any third party website it is linked to.
In some circumstances, you have the right to be forgotten and we will erase all data held about you. Treatment records are exempt from erasure before our maximum retention period. Requests for erasure should be made in writing to firstname.lastname@example.org will be assessed on a case by case basis.
SUBJECT ACCESS REQUESTS
Under the General Data Protection Regulation 2018 you have the right to access information held about you. Requests should be made in writing to the Medical Director, 49 Blandford Street, Marylebone, London, W1U 7HH.
Records will be supplied in an electronic format within 1 month of receipt of the Subject Access Request and will be subject to identification checks. Whilst there is no charge for the first copy of your record, we reserve the right to charge a small administrative fee for all subsequent copies of the same record.
CONTACT AND COMPLAINTS