Welcome to Clinic 7! This privacy policy informs you about the nature, scope, and purpose of the processing of personal data within our website, its functions and content associated with. The privacy policy applies to www.clinic7.org and regardless of the domains, systems and devices used (e.g., desktop or mobile).

What is Personal Data?

Personal data is all data that can be related to you personally, e.g., name, e-mail addresses, user behaviour. The personal data of users processed within the scope of our website includes inventory data (e.g., names, e-mail addresses and telephone numbers of patients), usage data (e.g., the websites visited on our website, interest in our products) and content data (e.g., information in the contact and booking form).

Who is responsible for data processing and whom can I contact?

The responsible party is:

Registered Manager

Clinic 7

LB Healthcare

Yew Tree Drive

Whiteley

Hampshire

PO15 7LS

What sources and data do we use?

We will process the personal data that we receive from you in the course of our business relationship.

Relevant personal data are contact data (name, e-mail, telephone number and other contact data), as well as, on a voluntary basis, the reason for treatment and other related data. However, we ask you not to provide us with health data pursuant to Art. 9 GDPR from the outset. If health data are relevant according to Art. 9 GDPR, we process them together with your other data.

In addition, this may also include contractual data, advertising and sales data, documentation data, data about your use of our services offered as well as content data.

What do we process your data for (purpose of processing) and on what legal basis?

We process personal data in accordance with the provisions of the General Data Protection Regulation (“GDPR”) and the UK`s Data Protection Act (“DPA”):

• For the fulfillment of contractual obligations, Art. 6 para. 1 b GDPR
  • Personal data is processed for the purpose of providing appointment assistance,
  • The purposes of the data processing are primarily based on the service we provide, namely, to arrange an appointment.

• Within the framework of our legitimate interests, Art. 6 para. 1 f GDPR

Where necessary, we process your data beyond the actual performance of the contract in order to safeguard legitimate interests of us or third parties. Examples:

• Ensuring IT security and IT operations,
• Measures for business management and further development of services and products,
• Checking whether an appointment was actually kept,
• Defense against third-party claims and enforcement of own claims.

• Based on your consent, Art. 6 para. 1 a GDPR
  • Insofar as you have given us your consent to process personal data for certain purposes, passing on data to third parties, sending newsletters, advertising etc., this processing is lawful on the basis of your consent.
  • Consent given can be revoked at any time. Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected by this.

Who receives my data?

Within LB Healthcare, those that need your data to fulfill our contractual and legal obligations will receive access to it.

Processors used by us (Art. 28 GDPR) may also receive data for these purposes. These are companies in the categories of health care providers, IT services, telecommunications, and sales and marketing. Where we use processors to provide our services, we take appropriate legal precautions and corresponding technical and organisational measures to ensure the protection of personal data in accordance with the relevant legal provisions.

Data is only passed on to third parties within the framework of legal requirements. We only pass on users’ data to third parties if this is necessary, for example, for contractual purposes or on the basis of legitimate interests in the economic and effective operation of our business or you have consented to the transfer of data.

How long will my data be stored?

As far as necessary, we process and store your personal data for the duration of our business relationship, which also includes, for example, the initiation and execution of a contract.

In addition, we are subject to various storage and documentation obligations, which result from the minimum statutory retention periods and HMRC, among others. The retention and documentation periods specified there are two to 6 years.

Are data transferred to a third country or to an international organisation?

Data is not transferred to third countries (countries outside the UK).

What data protection rights do I have?

Every data subject has the right to:

• information according to Art. 15 GDPR,
• rectification according to Art. 16 GDPR,
• deletion according to Art. 17 GDPR,
• restriction of processing pursuant to Art. 18 GDPR, and
• data portability under Art. 20 GDPR.

Furthermore, you can revoke consent, in principle with effect for the future.

You have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). The Information Commissioner`s Office (ICO) is the relevant authority in the UK. The ICO is located at Wycliffe House, Water Ln, Wilmslow SK9 5AF, UK (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO.

Finally, you also have a right to object according to Art. 21 GDPR. This applies, on grounds relating to data processing on the basis of our legitimate interest and also to profiling.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate reasons for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

Direct Advertising

In individual cases, we process your personal data to carry out direct advertising. You have the right to object at any time to the processing of personal data concerning you for the purposes of such advertising; this also applies to profiling insofar as it is related to such direct advertising. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.

Automated decision-making in individual cases

As a matter of principle, we do not use fully automated decision-making pursuant to Article 22 of the GDPR for the establishment and implementation of the business relationship. Should we use such procedures in individual cases, we will inform you of this separately, insofar as this is required by law.

Is there an obligation for me to provide data?

Within the scope of our business relationship, you are only required to provide personal data that is necessary for the establishment, implementation, and termination of a business relationship or that we are legally obliged to collect. Without this data, we will usually have to refuse to conclude the contract or will no longer be able to perform an existing contract and may have to terminate it.

Contacting us

When contacting us (via contact form social media or email), your details will be processed for the purpose of handling the contact enquiry. Your details will be stored in our customer relationship management system (“CRM system”).

Access data and log files

We collect data on each access to the server on which our website is located (so-called server log files) on the basis of our legitimate interests. The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the operating system you are using, referrer URL (previously visited page), IP address and the requesting provider. This is used to defend against third-party claims and to enforce our own claims.

Log file information is stored for security reasons (e.g., for the clarification of abuse or fraud) for a maximum of seven days and then deleted. Data whose further storage is necessary for evidentiary purposes is exempt from deletion until the final clarification of the respective incident.

Cookies & Reach Measurement

Cookies are pieces of information that are transmitted from our web server or third-party web servers to the user’s web browser and stored there for later retrieval. These cookies may be small files or other types of information storage. By using our website and services you consent to the use of cookies.

Integration of third-party services and content

Within our website, we use content or service offers of third-party providers on the basis of our legitimate interests (i.e., interest in the analysis, optimisation and economic operation of our website within the meaning of our legitimate interest in order to integrate their content and services (hereinafter uniformly referred to as “content”).

This always requires that the third-party providers of this content are aware of the IP address of the user, as without the IP address they would not be able to send the content to their browser. The IP address is therefore necessary for the display of this content.

We endeavour to only use content whose respective providers only use the IP address to deliver the content.

Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. Pseudonymous information may also be stored in cookies on the user’s device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our website, as well as being linked to such information from other sources.

The following provides an overview of third-party providers and their content, together with links to their privacy policies, which contain further information on the processing of data and so-called opt-out measures, if any:

• Mapping: Google Maps by Google Inc
• Fonts: Google Font API by Google Inc
• Content Management System: WordPress by Automatic Inc
• Clinic Management Software System, Advertising and Bookings: Pabau

Online presences in social media

We maintain online presences within social networks and platforms in order to be able to communicate with the customers, interested parties and users active there and to inform them about our services there. When calling up the respective networks and platforms, the terms and conditions and data processing guidelines of their respective operators apply. Unless otherwise stated in our privacy policy, we process the data of users if they communicate with us within the social networks and platforms, e.g., write posts on our online presences or send us messages.

Changes and updates to the privacy policy

We kindly ask you to regularly inform yourself about the content of our privacy policy. Our privacy policy will be amended as soon as changes to the information processing activities we carry out make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g., consent) or other individual notification. This Privacy Policy was last updated on Monday, 09 January 2023

Concerns and Contact

If you have any concerns about a possible compromise of your privacy or misuse of your personal data on our part, or any other questions or comments, please contact us.