Privacy Policy
At Crawley Weight Loss Clinic, we know how important it is to keep your personal and medical information safe. That’s why we make it a priority to protect your privacy. Our privacy notice tells you what information we collect and why. We’ll also explain how we process your data.
Contents
1. Who are we
2. Our role
3. Your rights
4. Technical and operational security
5. Patient privacy notice
6. Website browsing privacy notice
7. Supplier privacy notice
8. Disclaimer
1. Who are we
The Website is operated by Crawley Chemists Limited, trading as Crawley Weight Loss Clinic.
We are registered in England and Wales under company number 00523900 and our trading address is: Crawley Chemists Limited, 1st Floor, Cross Keys House, 14 Haslett Avenue West, Crawley, West Sussex, RH10 1HS.
Our Data Protection Officer can be contacted by emailing crawleychem@gmail.com.
2. Our role
We are what is known as a data controller. In terms of the Data Protection Act 2018, that means we are trusted to look after and deal with your personal information in accordance with this policy. We determine the ways and means of processing and must therefore be accountable for it.
3. Your rights
As a data subject, you have rights in respect of our processing of your personal data.
Your right of access: you have the right to ask us for copies of your personal information.
Your right to rectification: you have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure: you have the right to ask us to erase your personal information in certain circumstances – unless it’s a legal requirement, or we have a valid business reason not to delete it. As a healthcare provider, we will not always be able to delete your data for the following reasons:
Continuity of healthcare provision.
We need to be able to know what treatments we have provided to you in the same way as your GP. For example, providing relevant information to other healthcare professionals providing care to you if we need to (for example, do we know of any allergies or any bad reactions to a certain ingredient etc). For this reason, we will not delete your medical record as well as any communications between you and our team related to your request of a medical service.
Establishment, exercise or defence of legal claims.
Based on the guidance published by the General Pharmaceutical Council which states that Pharmacists should follow the UK Department of Health and Social Care guidance on how long health records should be kept, we will keep this data until for 8 years after the last treatment or episode of care. Telephone calls with our Pharmacists are not recorded, and therefore not stored for clinical governance purposes. Written consultation notes will be kept in your patient record thereafter.
Your right to restriction of processing: you have the right to ask us to restrict the processing of your information in certain circumstances. For example, because you believe that your data is incorrect or the processing of your data is unlawful.
Your right to object to processing: you have the right to object to our processing your information if the legal basis is a legitimate interest.
Your right to data portability: this only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you. The right only applies if we are processing information based on your consent.
If you want to exercise any of these rights, please email us at crawleychem@gmail.com and state the nature of your request in the subject line. (For example, Access Request, Deletion request etc).
You also have the right to lodge a complaint about our processing with a supervisory authority. In the UK that is the Information Commissioner’s Office (ICO).
4. Technical and operational security
Our security measures protect you against unauthorised access, changes, disclosure or destruction of your data.
We regularly review our security measures, including how we collect, process, and store data. Part of this means putting in place physical security measures to protect our storage systems.
Every member of our staff signs and agrees to a confidentiality agreement when they start working for us and are trained in relevant data protection regulations.
Access to your data is only given to employees on a need-to-know basis.
5. Patient privacy notice
How we process and use your data
As a patient of Crawley Weight Loss Clinic, we hold the following information about you:
Identity details
When you set up an account with us, you will provide your name, date of birth, gender, and you might also have to provide an ID in order for us to check your identity.
Medical information
We hold information about your health and medical history which you provide us with when you complete our medical assessments during your clinic visit. This includes:
- photos (when applicable)
- information you provided when communicating with our doctors or Patient Care team
- treatments that our doctors prescribed to you
- your test results
- referral letters
- fit notes
This data is required to enable our Pharmacist provide treatment or advice to you.
We might also obtain information from your GP when we or you inform your GP of the treatments we provided to you.
Financial information
When you make a payment to us, we do not act as a payment provider, so we do not store your card details, we just pass them directly to the provider. We may however have access to the following transaction details:
- type of card
- bank details
- last 4 digits of your card
- transaction IDs
Those details are not directly saved by us, but we are able to access them in order to assist you or if there is a payment dispute.
Technical Information
When you are browsing our website, or using our services, we will automatically collect technical information such as the type of device you’re using, browser, IP address, screen size and other information. This allows us to understand any issues with our website, and show you relevant information.
Browsing activity and usage details
When using our website, if cookies are loaded, we will process information about the pages you have visited, your searches, load and download times, time spent on our pages, interaction with the page (click, scrolling, mouse-overs), and what led you to our website (like a link in an article or a Google search etc). We perform analytics based on this data. Performing analytics is vital for us to understand how you interact with our website and various services in order to improve them and to give you a good user experience.
Lawful basis for processing
Please find below the purpose of our processing, the type of data processed, and the lawful basis used to process the data (article 6 and 9 of UK GDPR, or schedule 9 and 10 of Data Protection Act 2018).
Purpose: To register you as a new customer.
Type of data: Identity details (e.g. name, surname, gender, date of birth), contact details (e.g. email, telephone number, address).
Lawful basis: Performance of a contract.
Purpose: To provide the medical service as requested by you. To perform the diagnosis, issue a prescription when appropriate, and for the delivery of your treatment or goods. To follow-up on the treatments and advice given by our Pharmacist.
Type of data: Identity details (e.g. name, surname, gender, date of birth); medical details provided in the questionnaire, treatment prescribed, messages between the patient and our Pharmacist, prescription, contact details (e.g. email, telephone number, address).
Lawful basis: Performance of a contract and medical diagnosis, provision of health care and treatment pursuant to the contract between the patient and us.
Purpose: To verify that you actually are who you say you are.
Type of data: Identity details (e.g. name, surname, gender, date of birth), contact details (e.g. email, telephone number), financial data (e.g transaction details such as date, amount, name, address, email).
Lawful basis: Legitimate interests (to prevent identity or medical fraud).
Purpose: To prevent fraud and maintain security on our website (e.g. suspicious connection to our website outside the countries we operate in). To improve your browsing experience based on your technical device information.
Type of data: Technical details (e.g. technical device information such as type of device used, browser used, IP address, location, device unique identifier, network information, login information).
Lawful basis: Legitimate interests.
Purpose: To collect and recover money owed to us. To provide you with updates about your transaction (e.g. has the payment succeeded?)
Please note: we do not store card data on our end. The payment process is delegated to a third party supplier to process payments.
Type of data: Financial data (e.g. name, email, last 4 digits of the payment card, billing address, cardholder address, time and date of the transaction).
Lawful basis: Performance of a contract and legitimate interests to prevent fraud.
Purpose: To understand the behaviours of the visitors on our website.
Type of data: Usage details (e.g. browsing information such as clickstream, your searches on our website, load and download time, time spent on our pages, interaction with the page such as clicks, scrolling, and mouse-overs), IP address, identity details (anonymous ID, when logged in on the website).
Lawful basis: Legitimate interests.
Purpose: Marketing. In order to send you relevant information, news, advice, recommendations, and offers.
This data can be processed to send information only to certain patients.
Type of data: Identity details (e.g. name, gender, age), contact details (e.g. email, telephone number), order details.
Lawful basis: Legitimate interests.
Purpose: Marketing – medically targeted. Medical data will be used to serve you with more medically specific content adapted to the condition you came to see us for.
Type of data: Health information (data provided in the medical questionnaire).
Lawful basis: Explicit consent.
Purpose: Advertising. To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you.
Type of data: Technical details (IP address), usage (page viewed), system assigned ID number.
Lawful basis: Legitimate interests (to study how customers use our services, to develop them, to grow our business and to inform our marketing strategy).
Purpose: Research and statistics
Type of data: Identity details (e.g. name, gender, age), information provided during the surveys, interviews and research sessions.
Lawful basis: Depending on the type of research, legitimate interest or consent.
Data sharing and transfers
Within Crawley Weight Loss Clinic by Crawley Chemists Ltd:
Your medical information and identity details are shared amongst our team to provide quality and continuity of care. Our team might also need to access your record to assist you in your query and verify your identity before releasing any information to you.
Our team might also access your information in order to send you data when you make a data subject request.
All our staff are bound to strict confidentiality agreement.
Crawley Weight Loss Clinic by Crawley Chemists Ltd implements an access right policy and this allows access to the data only on a need to know basis.
With third parties and processors:
Like most companies, we use a number of suppliers as part of our data processing, for example cloud services, technology services, carriers. Your data is being shared with Crawley Chemists Ltd for the dispensing of your prescription. For marketing purposes, research and analytics, we are also using suppliers such as email platform providers, analytics software, survey tools.
If data is transferred from the UK to the EEA or from the EEA to the UK, then it is done so on the basis of those countries receiving the data are having a comparable data protection regime to the country sharing the data (adequacy)
In order to provide the medical service to you and for security purposes, we may need to share your personal data with third parties including payment providers.
As regulated healthcare providers, we might need to disclose some of your information including personal data and medical data, including but not limited to:
The medical regulators who inspect our service and premises such as the General Pharmaceutical Council.
Other regulators if you make a complaint or in case of an investigation.
Your GP with your consent or based on your vital interests
Other healthcare partners such as laboratories.
Finally, we may need to share your information for legal reasons:
Should we sell or buy any business or assets, we may need to share your data with the future seller or buyer.
If we are asked to share your personal data as a result of a court order, legal processing or any other legal obligation.
To protect the rights, property, or safety of Crawley Weight Loss Clinic by Crawley Chemists Ltd, our patients, suppliers and partners, or others. Rest assured, we only share information that is absolutely necessary.
Retention periods
Medical records
We follow the NHS Records Management Code of Practice for Health and Social Care 2016 and therefore keep your health record for up to 10 years after your last digital appointment was recorded.
Account details
If you registered with us and have not used any service, we will retain this data for up to 10 years from the date the digital medical record was created on our system or you tell us that you want to stop using our service and ask for your data to be deleted unless we have a legal or regulatory reason to keep them.
If you’ve ordered from us or had any exchanges with our Pharmacists about your health or if you are making any claim, we will keep these data as per the paragraph above (Medical Records) and in order to defend our rights and interests in case of a dispute or a claim.
Analytics
Data about the usage of our services and technical data used for analytics are retained for as long as you have a non-suspended account with us or until you action a right to erasure.
Marketing
Data used for marketing purposes is retained for as long as we need it or until you ask for the deletion of your non-medical data.
6. Website browsing privacy notice
Data that we process and how we use it
As a user of our website and depending on the cookie preferences you gave, we collect your individual usage data which includes information about how you use our website, products, and services.
If cookies are loaded, we will process information about the pages you have visited, your searches on our website, load and download times, time spent on our pages, interaction with the page (click, scrolling, mouse-overs) and what led you to our website (like a link in an article or a Google search etc).
We perform analytics based on this data. Performing analytics is vital for us to understand how you interact with our website and various services in order to improve them and to give you a good user experience.
We do not use your browsing data to predict or make any assumptions about you.
Lawful basis for processing
Our lawful basis for processing your data is legitimate interest for security purposes and for business purposes.
Finally, we may need to share your information for legal reasons:
Should we sell or buy any business or assets, we may need to share data with the future seller or buyer.
If we are asked to share your personal data as a result of a court order, legal processing or any other legal obligation.
To protect the rights, property, or safety of Health Bridge Limited, our patients, suppliers and partners, or others. This includes exchanging information for fraud protection, reducing credit risk and verifying your identity by an ID&V provider.
Rest assured, we only share information that is absolutely necessary and we go to great lengths to make sure everyone we work with takes your privacy as seriously as we do.
Retention periods
If any usage and technical data are linked to you directly once you register with us, we will keep them until you ask for the deletion of your data or until you inform us that you want to stop using our services.
7. Supplier privacy notice
Data that we process and how we use it
Data sharing and transfers
We might have to share your data to third parties due to a legal obligation.
If data is transferred from the UK to the EEA or from the EEA to the UK, then it is done so on the basis of those countries receiving the data are having a comparable data protection regime to the country sharing the data (adequacy).
We may need to share your information for legal reasons:
should we sell or buy any business or assets, we may need to share your data with the future seller or buyer
if we are asked to share your personal data as a result of a court order, legal processing or any other legal obligation
to protect our rights, property, or safety
Rest assured, we only share information that is absolutely necessary and we go to great lengths to make sure everyone we work with takes your privacy as seriously as we do.
8. Disclaimer
Please note, this privacy notice explains our processing of your data when using our website crawleyweightlossclinic.com (the “website”) and our services. The website is run and operated by Crawley Chemists Limited, trading as Crawley Weight Loss Clinic. By using the website you are transacting with Crawley Chemists Limited.