Privacy Policy
1. This privacy policy applies to Suffolk Sports Injury Clinic’s website www.suffolksportsinjuryclinic.co.uk (the “Website”). Suffolk Sports Injury Clinic takes your privacy seriously. This policy covers the collection, processing and other use of personal data under the Data Protection Act 1998 (“DPA”) and the General Data Protection Regulations (“GDPR”).
2. For the purpose of the DPA and GDPR we are the data controller and any enquiry regarding the collection or processing of your data should be addressed to Dr. Jo Coates at our address Suffolk Sports Injury Clinic, 1 The Chestnuts, Horringer, Suffolk, IP295SD.
3. By using the Website you consent to this policy.
Information we collect
4. We will collect personal data on this website via our booking platform Booking Bug only if it is directly provided to us by you the user, e.g. your e-mail address, name, home or work address and telephone number, and therefore has been provided by you with your consent.
5. All data stored via the BookingBug platform is encrypted with AES 256 encryption algorithm. BookingBug practices strong access control on customer information which, if only authorised, can be accessed within the BookingBug infrastructure network. Off-site access is granted to key members of the Engineering team for emergency purposes only (through both IP restrictions and strong IAM controls - including 2-factor authentication). The engineering team only utilize tools that access data services via TLS1.2 or SSH ( AES-256) communication protocols.
Use of your information
6. We may hold and process personal data that you provide to us in accordance with the DPA and GDPR.
7. The information that we collect and store relating to you is primarily used to enable us to provide our services to you, and to meet our contractual commitments to you.
Disclosure of your information
8.We may disclose your information to regulatory bodies to enable us to comply with the law and to assist fraud protection and minimise credit risk.
Controlling the use of your data
9. If you have given us consent to use your data for a particular purpose you can revoke or vary that consent at any time. If you do not want us to use your data or want to vary the consent that you have provided you can write to us at the address detailed in clause 2 or contact via email jo@suffolksportsinjuryclinic.co.uk at any time.
Where we store and transfer your data
10. As part of the services offered to you, for example through our Website, the information you provide to us via the BookingBug platform may be transferred to and stored in countries outside of the European Economic Area (EEA) as we use remote website server hosts to provide the website and some aspects of our service, which may be based outside of the EEA, or use servers based outside of the EEA - this is generally the nature of data stored in “the Cloud”. It may also be processed by staff operating outside the EEA who work for one of our suppliers, e.g. our website server host, or work for us when temporarily outside of the EEA.
12. Information provided to Suffolk Sports Injury Clinic at the time of your consultation is stored in the form of electronic clinical records on a single encrypted device accessed only by Dr. Jo Coates.
13. A transfer of your personal data held via the BookingBug platform may happen if any of our servers are located in a country outside of the EEA or one of our service providers is located in a country outside of the EEA. If we transfer or store your personal data outside the EEA in this way, we will take steps with the aim of ensuring that your privacy rights continue to be protected, as outlined in this privacy policy and in accordance with the DPA and GDPR. If you use our service while you are outside the EEA, your personal data may be transferred outside the EEA in order to provide you with these services.
14. We do not use or disclose sensitive personal data, such as race, religion, or political affiliations, without your explicit consent.
15. We may disclose your personal data outside of our group: (a) in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets; and (b) if Penn Farm Podiatry’s business is bought by a third party, in which case personal data held by it about its customers will be one of the assets to transfer to the buyer. However any such transfer will only be on terms that the confidentiality of your personal data is protected and that the terms of this privacy policy will continue to be complied with by the recipient.
16. Otherwise, we will process, disclose or share your personal data only if required to do so by law or in the good faith belief that such action is necessary to comply with legal requirements or legal process served on us or the website.
Security
18. The transmission of information via the Internet or email is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of data while you are transmitting it to our site; any such transmission is at your own risk. Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorised access.
19. Where we have given you (or where you have chosen) a password so that you can access certain parts of our site, you are responsible for keeping this password confidential. You should choose a password it is not easy for someone to guess.
Third party links
20. You might find links to third party websites on our website. These websites should have their own privacy policies, which you should check. We do not accept any responsibility or liability for their policies whatsoever as we have no control over them. Use of cookies
21. Our Website uses cookies. We use cookies to gather information about your computer for our services and to provide statistical information regarding the use of our Website. Such information will not identify you personally - it is statistical data about our visitors and their use of our Website. This statistical data does not identify any personal details whatsoever. We may also gather information about your general Internet use by using a cookie file. Where used, these cookies are downloaded to your computer automatically. This cookie file is stored on the hard drive of your computer, as cookies contain information that is transferred to your computer's hard drive. They help us to improve our Website and the service that we provide to you. All computers have the ability to decline cookies. This can be done by activating the setting on your browser which enables you to decline the cookies. Please note that should you choose to decline cookies, you may be unable to access particular parts of our Website.
Your rights
22. The DPA and GDPR give you the right to access information held about you by us. Please write to us or contact us by email if you wish to request confirmation of what personal information we hold relating to you. You can write to us at the address detailed in clause 2, above, or by email jo@suffolksportsinjuryclinic.co.uk There is no charge for requesting that we provide you with details of the personal data that we hold. We will provide this information within one month of your requesting the data.
23. You have the right to change the permissions that you have given us in relation to how we may use your date. You also have the right to request that we cease using your data or that we delete all personal data records that we hold relating to you. You can exercise these rights at any time by writing to us at the address detailed in clause 2, above, or by email jo@suffolksportsinjuryclinic.co.uk.
Changes to this policy
24. We may update these policies to reflect changes to the website and customer feedback. Please regularly review these policies to be informed of how we are protecting your personal data. We welcome any queries, comments or requests you may have regarding this Privacy Policy. Please do not hesitate to contact us.
Version: May 2018