MD Plastic and Reconstructive Surgery Ltd
PRIVACY POLICY

This policy explains why and when we collect personal information about you, how this information is used, the conditions under which we may share your personal information with others, how long we keep your personal information and how you may access that information.

Who we are?

We are MD Plastic and Reconstructive Surgery Ltd. We are a company who offer and arrange services for cosmetic procedures both non surgical and surgical. We have a trading name of Gary F.Horn. Our main address for activities is at 10 Harley street, London W1G 9PF

Who is responsible for processing your personal information?

If you book and/or proceed to a consultation and/or have a procedure(surgical or non surgical) arranged through us then MD Plastic and Reconstructive Surgery Ltd is responsible for processing your personal information, this is known as being a “data Controller “. We are called a data controller in relation to the processing of activities which are described below. We are registered with the Information Commissioner’s office (ICO) and our registration number is ..

Why do we need to collect your personal data from you?

We need to collect and use your personal details, including sensitive details about your health. Without this information it would be not possible to provide our health care services to you.

We use your personal data to deliver cosmetic services and depending on the treatment you are having this may include testing and examinations; medical diagnoses ; clinical treatment ; management or preventive measures in post procedure treatment and medication.

What types of personal data are collected by us and how?

It depends on the nature of your treatment. This may include your name, contact details, employment or profession, job title and payment information along with your banking details if required. We may also collect what is called sensitive information being your physical or mental health status. This may include information about a disease , disability, medical history, clinical treatment or your physiological or biomedical state.

The personal data we collect may be obtained through direct contact with us including in person, by phone, by email, through visiting our website, by post and by filling in forms. This will vary according to your relationship with us. There may be occasions where we obtain your personal information through a third party such as your GP, hospital, other healthcare professional, testing facility providing testing results and diagnosis.

Under what basis do we collect and process your personal data?

Rest assured we only obtain and process your personal information, where it is necessary to provide our service to you and not beyond it. We list these below:

By consent:

In most cases we collect and process your personal data with your consent. There may be times where you may need to give us specific permission. Where such consent is required , we will provide you with all the details you require in order to make your decision.

Legitimate interest:

We may use and process your personal information where it is necessary for us to pursue our legitimate business interests These can include corresponding with you, arranging theatre slots, internal record-keeping, arranging tests , auditing to improve our service, internal communications with staff, processing financial payments, for marketing and advertising activities and for analysis of that information to enhance and improve your experience. To fulfil on line delivery and security and to operate and manage those activities and to be in contact with all third parties who are involved in your care. This is not an exhaustive list.

You can always opt out receiving marketing. Please email us at any time and we will remove your name. Our contact details are given below. In the alternative if you want to start receiving emails from us again or have changed email address please contact us.

Contract:

We may use and process your personal information where we have entered into a contract with you to supply cosmetic service.

Legal requirement:

We will use your personal information where compelled by law to comply with our legal obligations.

Sometimes we may be asked by legal authorities to process your personal data and at other times, it might be in order to protect your vital interests. There may also be instances where we have special permission because the interests of the public are deemed to be of greater importance than your confidentiality.

Who might we share your personal data with?

We only share that which is necessary. This will usually be by consent or under contract where it is in your vital interest for healthcare reasons. We would operate strict sharing protocols. We may need to share some of your personal data to deliver  health care services with hospital facilities , clinic facilities , GP, NHS trusts, ambulance services, pharmacies, healthcare testing centres, legal authorities , other medical practitioners part of your health care plan. With your consent or as  compelled by law we may share your personal information with social services, education services, local authorities, voluntary sector as well as private sector. If your consent is required we shall gain it.

Please note we will not share your personal data with anyone that requires your express consent. This may include family members or those you have a relationship with.

All organisations must deliver up personal data under court order or according to the law. We will not deliver up more than has been requested or we are obliged to do so under the law or court order.

Please note for our legitimate business interests we may share your personal information for us to process card payments or third party service providers offering secure electronic clinical data storage, third parties in relation to our website, managing and distributing of marketing material, research and analysis on visiting of our website.

We are not responsible for the privacy policy of the third party providers but we are aware of their privacy policy and liaise with them from time to time to the extent required under the GDPR regulations.

How do we look after your personal data and how long it is stored for?

We take our duty to keep your personal information confidential , secure and accurate. We will securely store your personal information. Access to your personal information is restricted. We do not keep your personal data for any longer than is necessary for the purpose for which we collected the data. We generally keep your personal data in relation to clinical based records for 9 years. As for financial information banking and payment information is generally kept for no longer than 12 months for accounting purposes or as is deemed correct according to the law and HMRC records. Credit card security numbers will be deleted as soon as payment is made and confirmed as received. All information is confidentially disposed of safely.

How can I access my personal data?

You need to email us at Mdprs2021@gmail.com and the email header should say something like “ Data Access request”. If you wish to write  to us, our address appears in the first paragraph of this Privacy Policy.

We will then carry out checks: will ask you to sign a form and provided ID to check it is you and specify what you require. We take all requests seriously and must ensure no one is trying to access your records but you.

Our cookie policy

Cookies are small text files stored on your computer when you visit our website. Cookies help websites work and provided information about how users interaction with our site. We use the information to improve our website. Cookies are not viruses , spyware or Trojans that cause harm to your machine. We always abide by the law on the use of cookies. There are cookies which are strictly necessary in order to enable a user to move around the website and use of all its features. We do use them .We do contract with independent

 third party companies to perform these services. This can entail the use for third party cookies for this function.

There are performance cookies to record information about the choices you make. We may use cookies to save your location preference or Flash cookies which means they are stored in your Adobe Flash Player rather than on your web browser. We are currently not using Flash cookies.

We also use cookies to work out what might be relevant to you based on the areas you look at on our site and your IP address geo-location . We are actively using such targeting cookies.

To support the content of our website we sometimes embed photos and video content from websites such as You Tube and Twitter as such you may be presented with cookies from these websites. We do not control the dissemination of those cookies and you should check the relevant third party’s website for more information and that you are happy to access those websites by knowing their privacy policy.

We may use what is termed sharing cookies .You can share information on our websites with family and friends through popular social networks. When you click on a button for the social networks a cookie may be set by the service you have chosen to share content through. We do not control the dissemination of those cookies. We currently are not using sharing cookies.

We do use remarketing cookies. This allows us to stay in contact with you after you have left our website. It allows continuity of contact with you.

There are non-cookie based forms of data tracking which is utilised when you sign into other accounts like Facebook whilst visiting our website. We are currently not using them.

How to opt out and opt in once again?

You can opt out of email marketing anytime. Please unsubscribe using the most recent marketing email sent or send us an email or write. Our postal address and email contact details are given in paragraph 1 of this Privacy Policy.

Please mark your letter or email along the lines of “Opt out” or “unsubscribe”

If at any time you change your mind and wish to subscribe you can go onto our website or email or send a letter.

What are your rights as a client/patient?

The General Data Protection Regulation (GDPR) sets out your rights in detail. We must action a request from you or someone formally acting for you to provide your personal data on request and in accordance with the time lines for providing it or keeping you informed if there is a legitimate delay.

Under certain circumstances you have the right to have your data corrected, removed or transferred to another service provider and that we stop using your data. Please note this is very limited with regard to clinical/medical records and health care.

You can withdraw your consent unless a legal authority prevents us from doing this. Please note the interpretation of this within a medical setting can be explained to you if consent is withdrawn. Consent to treatment is always sought and you may withdraw consent for treatment anytime unless for medical reasons it is not in your vital interest for this to occur at the material time.

You have the right not to be pestered by nuisance email or telemarketing.

You have the right to be informed of security incidents which may directly impact on you.

You have the right to raise a complaint with the data protection authority ( supervisory authority) if the complaint relates to the use of your personal data rather than any medical reason. Please find their details below.

Data Protection Authority

Information Commissioner’s Office, Wycliffe House , Water Lane.

Wilmslow, Cheshire SK9 5AF  International.team@ico.org.uk ,+441625545745, www.ico.org.uk