You have provided Children Allergy Doctor’s with some personal data relating to you.
Under the European Union directive known as the General Data Protection Regulation (“GDPR”) which is due to be incorporated into UK law by the Data Protection Act 2018 we, as the data controller in respect of that personal data, are required to provide you with a set of specific information about how we will use, hold and retain this data as well as making you aware of various rights that you have under the related legislation. We have set this information out below in this note.
Should you have any queries about the manner in which we process your personal data please contact Children Allergy Dorctor’s Data Controller:
Dr Helen Brough as follows:
Post: Dr Helen Brough, c/o KMS Professionals Ltd, The Wagon Lodge, Court Lodge Farm, Forge Lane, East Farleigh, Kent, ME15 OHQ
Why we process your personal data:
We process your personal data for the following purposes:
- In order to meet our legal obligations;
- Where the processing we carry out is necessary for the performance of a contract we have with you or in order to take steps at your request prior to entering into a contract with you; including to enable us to enter into, administer and perform a contract with you.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; and
- Where you have given us your consent to the processing of your personal data for one or more specific
- We may use your personal data to provide you with marketing information, promotions and new events and offerings information. We will only use your personal data to provide you with marketing information, promotions and new events and offerings information where you have given us your specific consent to do so.
The legal basis on which we are processing your personal data:
Consent: means that you, the “data subject” has given us your consent to the processing of your personal data for one or more specific purposes.
Where we process your personal data on the basis of Consent you have the right to withdraw that consent at any time.
Necessity: means that the processing we carry out is necessary for the performance of a contract we have with you or in order to take steps at your request prior to entering into a contract with you.
Legal Compliance: means that the processing we carry out is necessary for
compliance by us with a legal obligation placed on us.
Legitimate Interests: means that the processing of your personal data is necessary
for the purposes of our legitimate interests or by a third party and those interests are considered to be sufficient to override your interests or fundamental rights and freedoms which require protection of your personal data.
What data may be collected?
Any of the following data may be collected:
- Name and title
- Contact information including an email address and telephone number
- IP address
- Web browser type and version
- Operating system
- Contact details as supplied on the contact form emailed to myself or my practice administration team KMS Professionals Ltd.
Is it a legal (statutory or contractual) requirement for you to provide us with your personal data?
Where we process your personal data on the basis of necessity or legal compliance please be aware that if you object to our processing your personal data on this basis (and no other lawful basis for that processing applies) it is likely that we will not be able to provide you with (or continue providing you with) the goods or services that will or are providing to you.
Who we may pass your personal data to:
- Worldpay – for processing patient payments
- Debt collection agency – in the course of non payment and where all collection attempts have been exhausted.
Do we pass your personal data outside of the European Union:
We do not pass your personal data outside of the European Union.
How long do we keep your personal data for:
We will keep your personal data for 3 months
Your Data Protection Rights:
As a “data subject” under the DPA and GDPR you have a set of specific rights. We are required to make you aware of the existence of these rights. They are in outline:
- The right to request from us, as the Data Controller, access to your personal data;
- The right to request rectification of your personal data;
- The right to request erasure of your personal data;
- The right to request a restriction on the processing of your personal data
- The right to object to the processing of your personal data; and
- The right to data portability
Your right to withdraw consent where processing is based on consent.
Where any part of our processing of your personal data is based on your consent you may withdraw your consent to that processing at any time.
Your right to complain to the Information Commissioners Office.
You have the right to lodge a complaint about our compliance with the DPA with the applicable regulator for data protection.
This is the Information Commissioners Office. For more information you can visit their website at www.ico.gov.uk
Use of automated decision making or profiling
We do not carry out automated decision making or profiling