Your privacy is important to us
What are Cookies?
A cookie is a text-only string of information that a website transfers to the cookie file of the browser on your computer or mobile devices so that the website can remember who you are. A cookie will typically contain the name of the domain from which the cookie has come, the ‘lifetime’ of the cookie, and a value, usually a randomly generated unique number. Cookies can help a website to arrange content to match your preferred interests more quickly and are used by most major websites. Cookies cannot be used by themselves to identify you. Find out more about cookies.
Sometimes we embed photos, video content and links from websites such as LinkedIn, YouTube, Twitter, Facebook, Pinterest, etc. Pages with this embedded content may present cookies from these websites. Similarly, when you use one of the share buttons on our websites, a cookie may be set by the service you have chosen to share content through. PayPal may also present a cookie as part of the booking and paying for an appointment via our website. Excellent Care 1st does not control the dissemination of these cookies and you should check the relevant third-party website for more information about these.
Most web browsers allow some control of most cookies through the browser settings. These settings can be changed to disable cookies. This may result in a loss of functionality of the website. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit: https://www.whoishostingthis.com/resources/cookies-guide/
- Your data and personal information are used for:
- Helping to identify you.
- Statistical analysis and behavioural analysis – via google analytics.
- Fraud prevention and detection.
- Billing and order fulfilment for purchases made through the website.
- Customising the website and its content to your particular preferences.
- To notify you of any changes to the website or to our services or products that may affect you.
- Improving our services and products.
Disclosure of your personal data
We may disclose your personal data to:
- All healthcare practitioners who work at Excellent Care 1st Limited.
- Our agents and service providers;
- Law enforcement and regulatory agencies in connection with any investigation to help prevent unlawful activity or as otherwise required by applicable law.
Your Consent and Rights of Access
Asserting your rights over your data
Such requests for amendment, access, change of consent, marketing preferences, etc. regarding your data should be made in writing to firstname.lastname@example.org. You will need to provide proof of identity and address (eg a copy of your driving licence or passport, and a recent utility or credit card bill) and specify the personal data you want access to, amended or removed. Marketing emails can be unsubscribed from simply by replying with the word “unsubscribe” in the subject line.
Personal Information about other individuals
If you give us information on behalf of someone else, you confirm that the other person has appointed you to act on his/her behalf and has agreed that you can:
- give consent on his/her behalf to the processing of his/her data.
- receive on his/her behalf any data protection notices.
- give consent to any transfer of his/her data.
Keeping your data secure
We will use technical and organisational measures to safeguard your personal data, for example:
- We will store your personal data on secure servers.
- Payment details are encrypted using SSL technology.
While we will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the internet is not entirely secure and for this reason, we cannot guarantee the security or integrity of any personal data that are transferred from you or to you via the internet.
Transfers of data out of the EEA
We will make reasonable efforts to ensure that your data is not transferred outside the European Economic Area (EEA). Where we use data servers that may transfer data out of the EEA we will take steps to ensure adequate protections are in place to ensure the security of your information and give you remedies in the unlikely event of a security breach.
All information you provide to us is stored with secure data processors for the purposes of storing your data, accounting purposes and social media purposes for example. A copy of your information is also stored securely on our internal server and computers where access is restricted.
Please note that any processors we utilise that may transfer your data to the US, comply with the EU-US Privacy Shield Framework, which is a mechanism that ensures compliance with EU data protection requirements when transferring personal data from the European Union to the United States. You can learn more about Privacy Shield here: https://www.privacyshield.gov/welcome
What you can do to keep your information safe
If you want detailed information on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.
We may monitor and record communications with you (such as telephone conversations, web forms and emails) for the purpose of quality assurance, training, fraud prevention and compliance.
How long we will store your data
- You have withdrawn your consent to data processing
- The original purpose of processing the data is no longer relevant or cannot be performed any more.
- The data is no longer up to date or accurate.
We may change this Policy from time to time. You should check this policy frequently to ensure you are aware of the most recent version that will apply each time you use the Website.
Data Protection Supervisory Authority
The Data Protection Supervisory Authority in the UK is the Information Commissioner’s Office. Should you have any complaints about the way we handle your data, you may direct them to the ICO. More information on the ICO can be found on their website.
For the purposes of the Data Protection Act 1998, Data Protection Bill when in force and all other relevant legislation, Esther Echegini, Managing Director of Excellent Care 1st Limited is the ‘Data Controller’, (that is; responsible for, and controls the processing of, your personal data). We welcome any feedback and questions you may have. If you have any particular concerns please contact us via email or fill in the website’s contact form. You can also write to us at Excellent Care 1st, 71-75 Shelton Street, London, Greater London, United Kingdom, WC2H 9JQ or call us on 012345678910.
Policy Revision Date: Last Revision Date: 12th July 2020
We hold certain information about you that comes under the lawful basis of “special category data”. It is held in order that we can uniquely identify you and provide you with the foot health care that you or a person you are legally responsible for requires. We also use your contact information so that we can confirm appointments made, send appointment reminders and annual check-up notices. We also occasionally use this data for marketing purposes such as advising you of our Christmas hours, informing you of new treatments available or any other changes at the practice which we feel may be of interest to you.
Holding this information about you has many responsibilities. In brief, it must be; securely stored, used for purposes you agree to, amended when necessary if incorrect, copies of the information we hold on you provided if requested, deleted if requested (this is subject to medico-legal guidelines). We must hold no more information necessary than is needed for us to safely and appropriately perform our service to you. You can control who we share this data with and complain about how we use your data. You can amend the preferences on how your data is used at any time.
This policy will be revised as and when requirements of the practice or legal requirements arise. The latest revision will always be available on the practice website; www.excellentcare1st.com or at reception.
Where does our data come from?
The data we hold in your records comes principally from you! At your first appointment, you will have given us your name, address date of birth, contact details etc. You will have given us your health details when we question you about your medical history and you may have given us supporting information such as a doctor’s letter.
Information from third parties
We may receive information from your doctor if you have asked them to forward any information. Your doctor will not share any information they have regarding you without you expressly requesting them to do so. We may have received information from a health insurer about you – this will only occur if you, the policyholder, are referred to us and consent to this.
Types of data held:
- Personal Details
- Date of Birth
These are held to help to uniquely identify patients on our record system. They are also needed when assessing patients and their problems as various problems may, for example, affect different subsets of the population, for example, men commonly but not women or may affect young women but not older women etc. We also require DOB’s to consider issues of consent to treat minors (Under 18’s). There are also problems that do and do not generally affect different age groups.
- Street address
- Email address
- Landline phone number
- Mobile phone number
These are also held to help us to cross-reference and therefore uniquely identify patients in our record system. They aid us in contacting you regarding appointments made (text messages & confirmation emails are sent when appointments are booked). They are also held for reminders, annual check-up notices, announcements re new staff, new treatments, and advance warning of any holiday closures.
Medical History Information
In order for us to assess our patients and provide the best advice and treatment in a safe and proper way, it is necessary for us to collect health information. We update this on an annual basis for regularly attending patients as our medical history can change throughout our lives and therefore affect decision making in providing appropriate care for you.
These details include:
- Past treatments/surgery/hospitalisations.
- We also may hold copies of letters from doctors, hospitals, other practitioners regarding you and your problems. These will have been given to us by you at an appointment you have attended. We scan these documents and attach them to your patient record and then return the original to you. We can at your request shed the documents in a cross-cut shredder if you no longer require them.
- We may also take photos of your problem for future reference and hold these on your file (with your consent). If we take photos for you to see your problem these are generally deleted immediately after showing you.
- Which GP Practice you are registered at.
- We may also hold details of communications from your medical insurer if they contact us regarding you and your problem. This will only occur if you consent to your insurer contacting us. We will only supply the information requested by them with your consent.
We hold a record of charges, invoices and payments for the goods and services we provide to our patients. We do NOT hold any credit/debit card or CVV numbers at all. Our payments are received at the practice in cash/cheques or via a stand-alone PDQ machine which produces receipts for the patient and us the Merchant. Our Merchant receipts have no identifiable data that can be used for fraud. They are kept for 1 month so we can reconcile our merchant account. They are then securely destroyed. Payments we receive via online bookings are collected via a third party (PayPal) on a secure website. We are not privy to any payment details of our patients when they make a payment except for the date, amount and the contact details of the person booking the appointment.
Who do we share your data with?
From time to time we may need to contact another health professional or hospital regarding you and your condition. This is the only time we share any information about you and it will NEVER be shared without your prior consent. This information is usually in the form of a letter which we write and give to you to hand-deliver to the relevant doctor, health professional etc so you have complete control of this situation.
Your rights about your data
The right to be informed
The types of data we hold about you and how we use it are described fully above. Essentially it is the information we use to identify you in our record system (Name, Address, Email & phone numbers etc). It is also information about your health so we can provide the best care and advice for you (eg, medication taken, allergies, medical complaints etc). We also keep track of charges, invoices and payments for our accounting requirements. We don’t share ANY information with any other parties without your permission.
The right to rectification
We always attempt to keep our data current and correct. Our software prompts us to ask you for any changes in your medical history once a year. If you have a change in your health, please notify us of it at the beginning of your next appointment and we will amend our records. This will ensure we continue to give you appropriate care and advice for your personal situation. Any changes to contact details can be made at reception or during an appointment at any time.
The right to erasure
We have statutory obligations for the minimum lengths of time that we retain the records we keep on individuals. These are; 8 years for adults, Persons under 18 years old until their 25th birthday and for deceased persons for 8 years after death. After these periods we can erase records on request. There may be other medico-legal requirements which may vary these periods.
The right to restrict processing
You have the right to restrict the way we use your data. You may only wish us to hold treatment records/supplied medical information only. Alternatively, in addition to this, you may wish us to process your data by supplying you with appointment booking confirmation emails/texts, reminders, practice notices and marketing emails. You can alter your requirements at any time, both restricting or freeing up our limited data processing activities.
The right not to be subject to automated decision-making including profiling.
We do not use any automated decision making or profiling processes.
The right to object
If you have a complaint about the way any of your data is handled or used by the practice, we would ask you in the first instance to notify Esther Echegini (Data Controller) to address your complaint. If you are still not satisfied after this you have the right to complain to the Information Commissioner’s Office (ICO) at – https://ico.org.uk/concerns/
The right of access
You can apply for access to view your data by making a “subject access request”. There are a limited set of circumstances where this may not be possible. If you do wish to make a “subject access request” please contact reception for the relevant form where you will need to detail which records you wish to see. We will respond with a timely manner (Generally much sooner than the maximum period of 1 month). There may be a fee of £50.00 applied to such requests. If we refuse your request, we will tell you why. If you are unhappy with this, you can complain to: https://ico.org.uk/concerns/ and you may have a right to a judicial review.
The right to data portability
If you wish to obtain your data for your own purposes across different services, in most cases we will provide this information to you in a CSV file. There is no administrative charge for this service. You will need to apply in writing to the Data Controller for this.
The information we hold on you comes under the lawful basis of “Special Category Data”.
The conditions we are using to process this data under this lawful basis come from Special Category Data Article 9, Paragraphs C, H & I as follows:
(c) processing is necessary to protect the vital interests of the data subject or of another natural person where the data subject is physically or legally incapable of giving consent;
(h) processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3;
(i) processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of health care and of medicinal products or medical devices, on the basis of Union or Member State law which provides for suitable and specific measures to safeguard the rights and freedoms of the data subject, in particular, professional secrecy;
Any requests for information about the types of data usage we make, our data security and any complaints raised in the first instance should be directed to Esther Echegini who is the “Data Controller” for Excellent Care 1st Limited. Please address all requests/complaints to: Esther Echegini, Excellent Care 1st, 71-75 Shelton Street, London, Greater London, United Kingdom, WC2H 9JQ.
Policy Revision Date: Date of last revision: 12th July 2020