This notice sets out your rights under applicable data protection laws, as well as our commitment to you regarding how we treat your data. We may update this notice at any time.

It is important that you read this notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information.

This privacy statement provides users with details on:

• The information which we collect about you when you visit our sites and services
• How we use this information
• Occasions when we may share information
• How you can contact us or find out more about privacy and data protection

This statement only applies to those sites and services directly managed by DPClinic Ltd. Reference or links may be made to external sites, but we accept no responsibility for their management and recommend that you read and take note of any terms and conditions applicable to these sites.

Please note that our sites and services may use session cookies, which are deleted from your computer when you close your browser. No personal information is collected or stored within these session cookies. See the section ‘Cookies’ for an explanation of cookies and information on how to control them.

• Used lawfully, fairly and in a transparent way
• Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes
• Relevant to the purposes we have told you about and limited only to those purposes
• Accurate and kept up to date
• Kept only as long as necessary for the purposes we have told you about
• Kept securely

We will only collect personally identifiable information when we have specifically received your consent to do so, and we do not collect this information through our websites. All personal data will be managed in accordance with our obligations under the Data Protection Act 1998.All information volunteered by users is stored for as long as DPClinic Ltd continues to operate in the relevant areas.

Automatically collected data will only be used to measure the effectiveness of our website and plan for new developments. This data is processed anonymously. Personal information will only be used to provide the information or service you have requested. If you have not given consent for us to use your personal information, we will only use it to respond to your enquiry.

These are periodically reviewed to ensure they remain effective and meet current best practice.

While we are protected by antivirus technology and use encryption to send personal data via email, we cannot guarantee the security of personal information being sent in an email whilst it is being transmitted to us across the Internet.

All our patient data is stored in a database called Heydoc.

The data is physically stored on servers which have achieved the highest level of security certification, as used by banks and government services. Their servers are located in London, United Kingdom. Only a very limited number of authorised staff from Heydoc can access these servers. Data is replicated continuously, with multiple copies stored between security centres to ensure immediate failover. Data in transfer is fully encrypted using the most secure cryptographic technologies available (256-bit level of encryption).

This means that when we access your data via the internet, the Heydoc server will negotiate a secure link with the end user via a process called SSL. This is the same technology used for online banking and credit card transactions and is known to be the most secure system available. Heydoc acts as a Data Processor within the definitions GDPR, acting on behalf of ourselves who are the Data Controllers in respect of the personal data stored on the Heydoc.

• You have the right to be informed when your data has been collected
• You have the right of access to your personal data
• You have the right to rectify any personal information that is incorrect
• You have the right to erase any personal data that you wish
• You have the right to restrict processing of personal data
• You have the right to obtain and reuse your personal data for your own purposes across different services
• You have the right to object to your personal data being processed, used for marketing or processed for research
• You have the right to withdraw consent to store your personal data and receive marketing from DPClinic Ltd at any stage, without repercussion

customer feedback and new legal obligations or developments. We encourage you to periodically review this statement to stay informed of how we are protecting your privacy.

Further information on privacy and data protection can be obtained from:

Information Commissioner’s Office

The Information Commissioner’s Office (ICO) is the UK’s independent public body set up to promote access to official information and to protect personal information.

The ICO regulates and enforces the Data Protection Act, the Freedom of Information Act, the Privacy and Electronic Communications Regulations and the Environmental Information Regulations.

The ICO provides guidance to organisations and individuals, rules on complaints and can take action when the law is broken.

Contact details:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Tel: +44 (0)1625 545 700
Fax: +44 (0)1625 524 510