Privacy Policy
DATA & PRIVACY POLICY
Ear Care Dorset values your privacy and is committed to protecting personal and clinical information in accordance with UK GDPR
and the Data Protection Act 2018.
WHAT IS PERSONAL DATA UNDER THE GDPR?
Our privacy policy applies to all personal data handled by Ear Care Dorset.
The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person (‘data subject’) who can be directly or indirectly identified by reference to an identifier. This definition provides for a wide range of personal identifiers to constitute personal data, including name, identification number, location data or online identifier, reflecting changes in technology and the way organisations collect information about people. The GDPR applies to both automated personal data and to manual filing systems where personal data is accessible according to specific criteria.
DATA CONTROLLER
Ear Care Dorset is the data controller responsible for your personal data.
Contact:
Ear Care Dorset
Email: support@earcaredorset.co.uk
Telephone: 07356 233 133
Website: www.earcaredorset.co.uk
DATA PROTECTION PRINCIPLES
Ear Care Dorset will ensure data is:
Lawfully processed
Accurate and up to date
Stored securely
Kept confidential
Retained only as necessary
WHAT DATA DO WE HOLD?
Data held by Ear Care Dorset may include:
Name
Address
Contact details
Date of birth
Medical history
Treatment records
Consent records
Appointment history
HOW DO WE USE PERSONAL DATA?
Ear Care Dorset uses your data for the following lawful basis and purposes:
We process personal information under Article 6 UK GDPR (contract, legal obligation and legitimate interests) and health information under Article 9 UK GDPR where processing is necessary for the provision of health care services.
To enable our business to respond to enquiries, referrals and contacts about the quotation/provision of ear wax removal and ear health services (including microsuction and other treatments for the removal of excess ear wax) as advertised in print, signage, online at www.earcaredorset.co.uk and through associated social media platforms. Enquiries, referrals and contacts include those received through phone calls, emails and post; or in response to e-newsletters/online, print advertising and social media.
To advise or remind you about your appointments with us and to perform pre-appointment triage.
To maintain a client record detailing your ear health history and treatment provided. This data is stored securely and a copy of this record is available on request.
We may occasionally contact you by email or letter to follow up about the service(s) you have received or to inform you of similar services we offer that may be relevant to you. You will be invited to opt-in to our mailing list. You can unsubscribe at any time and we never share our mailing list contact details with third parties.
We retain personal and clinical records only for as long as necessary to fulfil legal, regulatory, insurance and professional requirements. Requests for deletion will be considered in accordance with UK GDPR and any applicable legal obligations.
SECURITY OF DATA
Electronic records must:
Be password protected
Stored on secure systems
Accessible only to authorised personnel
Protected from unauthorised access
Practitioners must:
Use password protected devices
Lock screens when not in use
Avoid storing data in unsecured apps
Avoid public Wi Fi when accessing records
CONFIDENTIALITY AND DATA SHARING
We implement reasonable and appropriate security measures against unlawful or unauthorised processing of personal data and against the accidental loss of, or damage to, personal data. In addition, we limit access to your personal data to staff members who have a need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place reasonable and appropriate procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Practitioners must:
Maintain confidentiality at all times
Avoid discussing clients in public
Store records securely during transport
Information may only be shared:
With your explicit consent
For safeguarding or legal obligations
THIRD-PARTY SERVICE PROVIDERS
We may use trusted third-party service providers such as website hosting providers, email service providers, booking systems and payment processing providers to help operate our business. These providers process personal data only on our instructions and are required to keep it secure.
Where personal data is transferred outside the UK, we ensure appropriate safeguards are in place in accordance with UK GDPR requirements.
When you visit our website, we may collect technical information including IP address, browser type, pages visited and website usage statistics through cookies and analytics tools.
Our website uses cookies and similar technologies to improve functionality, analyse website traffic and enhance the user experience. You can control or disable cookies through your browser settings. Where required, we will request your consent before placing non-essential cookies on your device.
YOUR RIGHTS UNDER THE GDPR
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:
The right to request a copy of your personal data which Ear Care Dorset holds.
The right to request that Ear Care Dorset corrects any personal data if it is found to be inaccurate or out of date.
The right to request your personal data is erased where it is no longer necessary for Ear Care Dorset to retain such data.
The right to withdraw your consent to the processing of personal data at any time.
The right to request that the data controller provides the data subject with his/her personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability).
The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing.
The right to object to the processing of personal data.
The right to lodge a complaint with the Information Commissioner’s Office (ICO).
CONTACT DETAILS
For privacy-related enquiries, please contact us at support@earcaredorset.co.uk
Contact the ICO on:
Helpline: 0303 123 1113
Post: The Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF