GDPR PRIVACY POLICY
WHO WE ARE
Sumeya Jakhura Ltd Trades as The Amber Clinic and Vitality Dietitian. The Company is registered in England and Wales with company number 06705846 and has it’s registered office at:
Sumeya Jakhura Ltd
103 Leicester Road
Oadby
Leicester
LE2 4AB
Contact Email: info@theamberclinic.com
Contact Phone: 07984780372
In this privacy policy references to ‘we’ or ‘us’ refer to The Amber Clinic. The Amber Clinic encompasses Vitality Dietitian & Sumeya Jakhura Ltd. This policy will explain what information we collect about you and how we use it.
PURPOSE
The Amber Clinic (referred to hereafter as the ‘We’ or the ‘Company’) are committed to protecting and respecting your privacy.
This policy (together with our terms of use) and any other documents referred to on it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By visiting www.theamberclinic.
For the purpose of the Data Protection Act 1998 (the Act), and General Data Protection Regulations 2018 (GDPR) the Data Controller is The Amber Clinic.
KEY PRINCIPLES
To outline the Company’s processes aligned to Data Protection and Privacy relating to you.
This privacy policy sets out how The Amber Clinic uses and protects any personal information that you provide us. The Amber Clinic is committed to ensuring that your privacy is protected. We aim at all times to comply with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018. This policy applies to all of our dealings with you including when you interact with our website www.theamberclinic.com. Our site is hosted by one.com.
This privacy policy is effective from November 2020 and is regularly reviewed and updated.
WHO DOES THIS POLICY APPLY TO?
Any employee who works for the Company, as well as any other individuals working at or visiting the Company premises or engaged by the Company. It also applies to [apprentices signed up by The Amber Clinic (and their parents/carers, where they are deemed to be young people or vulnerable adults), and] visitors to the Company, as well as agency workers, casual workers, contractors, consultants, interns, seconded staff, agents, suppliers and sponsors, or any other person associated with us (“associated persons”).
INFORMATION ABOUT US
Our nominated data protection contact is Sumeya Jakhura who can be contacted at info@theamberclinic.com.
Please note:
By giving your consent you are accepting and consenting to the practices described in this policy. You may withdraw your consent at any time. An explanation of your rights is set out below.
If you are not satisfied with any action taken by us or response given, you have the right to complain to the Information Commissioner at:www.ico.gov.uk, or help line telephone number: 0303 1231113.
Should we ask you to provide Personal Data (as defined below), you can be assured that it will only be used in accordance with this privacy policy.
DEFINITIONS
In this policy the following terms shall have the following meanings:
Cookie: a small file placed on your computer or device by our website when you visit certain parts of it or use certain features.
Cookie Law: means the relevant parts of the Privacy and Electronic Communications (EC Directive) Regulations 2003.
Data Subject: a natural identifiable person.
Personal Data: has the meaning set out in the Data Protection Legislation, being as at the data of this policy, any data which identifies a natural person (by way of example, name, address, phone number and so on).
WHAT THIS POLICY ALSO COVERS
This policy also explains:
- What personally identifiable information of yours is collected:
– on our website, when you interact with it;
– when you download from our website;
– when you interact with our website advertising and applications on third party websites and services.
- What organisation is collecting the information;
- How the information is used;
- With whom the information may be shared;
- What choices are available to you regarding collection, use and distribution of the information;
- What kind of security procedures are in place to protect the loss, misuse or alteration of information under our control;
- How you can correct any inaccuracies in the information; and
- How you can request the Personal Data we process and store to be removed.
HOW DO WE COLLECT INFORMATION?
When you contact “The Amber Clinic” regarding our services, send or receive information and make purchases, you provide us with personal information.
WHAT WE COLLECT:
Personal Information
We need to collect some personal information about you and your health in order to make sure there are no contraindications to your treatment, and legal requirements. You can of course, refuse to provide the information, however unfortunately we would have to refuse your treatment as this form is a legal requirement for our insurance.
We may collect the following information:
- Full name, occupation, gender and marital status;
- Contact information and personal details – home address, email, contact telephone numbers, details of GP and other medical professionals;
- Current and past medical history, current medications, body measurements (including before and after pictures with consent) and lifestyle information provided by the client;
- If you access our website, technical information including internet protocol (IP) address used to connect your computer to the internet, your log in information, browser type and version time zone setting, browser plug in types and versions, operating system and platform.
Financial Information
In order to process financial transactions, we may ask you for your bank or credit card details. All online transactions are encrypted using SSL (Secure Socket Layer). We do not store credit card details nor do we share customer details with any third parties. All financial transactions are completed using a payment platform called ‘Square’.
Non-personal Information
Data such as IP addresses (the location of computers on the internet through your ISP), pages accessed and files downloaded are collected by “The Amber Clinic”. Information of this nature is anonymised and no attempts are made to link this information with personal data held on record. This information is collected to help “The Amber Clinic” determine how our users are visiting and navigating our web pages. This information is used to help monitor and improve our service to you.
WHAT WE DO WITH THE INFORMATION WE GATHER:
We will use the data collected about you in the following ways:
- to provide services to you;
- to deal with your enquiry if you complete our contact form;
- to assess and understand your requirements;
- Professional clinical record keeping of client information;
- Your phone number and email may be used electronically, with your permission. This is for appointment reminders or occasional offers.
- If you wish to contact us via social media, this is password protected but for historic issues with privacy associated with social media sites, you may wish to think about what you send us.
- We may with your consent perform telehealth consultationusing audio or video conferencing technology e.g. zoom, Mirosoft Teams, Halaxy, Whats App. We will take every precaution to use a platform that has end to end encryption and one which is secure. You understand this will not be the same as a face-to-face consultation since you will not be in the same room as the service provider. You understand there are potential risks to this technology, including interruptions, unauthorised access and technical difficulties. The Amber Clinic has no control over such platforms and is no way responsible for the content thereof. This policy does not extend to your use of such software/apps/ sites. Users are advised to read the privacy policy or statement of other software/ apps/ sites prior to agreeing to using them with the Amber Clinic.
WHERE AND HOW WE STORE YOUR PERSONAL DATA
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place appropriate technical, organisational and security measures to safeguard and secure the information we collect.
- As referred to above, our website is hosted by one.com No data is stored[1] on our website.
- We keep all paper records containing your Personal Data in locked cabinets within the salon and only allow accessible by Staff to The Amber Clinic who need to access the Personal Data. We also use an online software called Ovatu to make bookings, store client data and request forms etc.
- Our laptops are password protected
- Digital Documents or records on salon’s software are password protected; and are only accessible by staff of The Amber Clinic.
- Records made by The Amber Clinic relating to the care of a client, will be stored for up to seven years from the time of your most recent appointment. After this time your records will be destroyed in a method compliant with GDPR. We may also be under an obligation to store your Personal Data for longer in accordance with our professional indemnity insurers requirements.
YOUR RIGHTS
As a Data Subject under the Data Protection legislation referred to above, you have the following rights:
We will never share your data with anyone who does not need access without your consent. Only the Manager and Staff of The Amber Clinic will have access to your data
We will not share your information with third party marketing agencies without your consent, nor will we contact you for marketing purposes unless you give your consent. If you consent to us contacting you for marketing purposes at any stage, you can change your mind at any time by exercising your right to ask us not to contact you by e mailing us at: info@theamberclinic.com
Our website may, from time to time, contain links to and from other websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any Personal Data to these websites.
You have the right to ask us to supply to you the information we hold, this is known as a data subject access request. For further details please contact us on: info@theamberclinic.com
You have the right to ask us to rectify the data we hold if it contains inaccuracies or is incomplete. To discuss this please contact us on: info@theamberclinic.com
You have the right to ask us to erase the Personal Data Provided the legal minimum period has elapsed, you may also ask the business to erase your records we hold if: (i) it is no longer necessary for us to hold the data; (ii) you wish to withdraw your consent to us holding the data; (iii) you object to us holding or processing the data; (iv) you believe that we have processed the data unlawfully; or (v) the data needs to be erased for us to comply with a particular legal obligation. To make a request please contact us on: info@theamberclinic.com
DISCLOSURE OF YOUR INFORMATION
You agree that we have the right to share your Personal Data with:
relevant health professionals (only when consent is given by the client).
In exceptional circumstances information about a client may be disclosed without consent if it is in the public interest to do so. This might be in circumstances where disclosing the information is necessary to prevent a serious crime or serious harm to other people.
To a prospective buyer or seller if we sell or buy any business, shares or assets.
If necessary only, due to unforeseen circumstances Sumeya Jakhura in her Will has nominated her Spouse Mr Riaz Jakhura to be the inheritor to the business who will thereby declare and abide by this privacy policy set herein.
If we are under a duty to disclose or share your Personal Data to comply with any legal obligation, or to enforce or apply our terms of business or terms of use, and other agreements; or to protect the rights, property, or safety of our business, our clients, or others.
COOKIES
All Cookies used by our business are used in accordance with current Cookie Law. We may use some or all of the following types of Cookie on our website in accordance with one.com Cookie policy]:
Strictly Necessary Cookies – a Cookie falls into this category if it is essential to the operation of our website, supporting functions such as logging in.
Analytics and Flash Cookies – it is important for us to understand how you use our website. For example, how efficiently you are able to navigate around it, and what features you use. Analytics Cookies enable us to gather this information and helps us to improve our website.
Functionality Cookies – enable us to provide additional functions to you.
Persistent Cookies – any of the above types of Cookie may be a persistent Cookie. Persistent Cookies are those which remain on your computer or device for a predetermined period and are activated each time you visit our website.
Session Cookies – any of the above types of Cookie may be a session Cookie. Session Cookies are temporary and only remain on your computer or device from the point at which you visit our website. To delete these cookies you will need to clear your browser history.
Before Cookies are placed on your computer or device you will be shown a cookie compliance statement, requesting your consent to set those Cookies. By giving your consent to the placing of Cookies you are enabling us to provide you with the best possible experiences and services to you. You may wish to deny consent to the placing of the Cookies at which point we request you cease using our website.
EXTERNAL WEB SERVICES AND LINKS
We may use external web services on our website, mostly to display content within our web pages. We cannot prevent these third-party sites, or external domains, from collecting information on your usage of this embedded content. If you are not logged in to these external services then they will not know who you are but are likely to gather anonymous usage information e.g. number of views, plays, loads and so on. Users are advised to read the privacy policy or statement of other websites prior to using them.
SUPPLIERS AND OTHER SERVICE PROVIDERS
From time to time we use third party suppliers and service providers to facilitate our services. We may use social media (e.g. Facebook, Twitter, you tube, pintrest and Instagram) and other third party services including Ovatu, Square, nutritics, zoom, Microsoft teams, (and possibly others) subject to their terms of use. Before you consent to interacting with The Amber clinic through any such medium we advise you read their privacy policy.
We would like you to rest assured that we treat your personal data responsibly and that we do everything we can to make sure that only people who can access that data have a genuine need to. Please feel free to contact Sumeya Jakhura by emailing info@theamberclinic.com should you have any further queries or concerns. We will be happy to help you.
Notification of change of privacy policy
“The Amber Clinic” reserves the right to amend this privacy statement. You are advised to visit www.theamberclinic.com/privacy-policy periodically in order to keep up to date with changes in our privacy policy.
© 2020, The Amber Clinic.