1. Kensington Medical is committed to the privacy of our patients and website visitors.
2. Who we are
Kensington Medical is a company providing medical services. If you have any questions, please do not hesitate to contact our Data Protection Office at: email@example.com
3. Your personal data
Under data protection legislation, the data that organisations hold about you can be categorised as follows:
- Personal data: personal data is defined as data that relates to an identifiable person or data that can be used to identify a distinct individual. For example, the personal data we choose to collect and process includes you name, email address, location, telephone numbers, ID number and online information. When we reference personal data this is “your data / your personal data”.
4. The legal basis we rely on
Under data protection legislation, organisations must have reasons for processing your personal data. Please find below the bases we use and an example of the purpose for which it is used:
- Consent: In some situations, we ask for your consent to process your data for the purpose we have identified. For example:
- We ask you to tick a box on our enquiry form to receive our newsletter.
- We may ask you for consent to allow us to collect sensitive personal data about you to ensure your safe treatment and care.
- Contractual obligations: we may need your data to fulfil our obligations. For example, if you wish to book an appointment, we may need your payment details, address and contact details to process payment and secure your booking.
- Legal compliance: there may be situations, where we are required by law or regulatory bodies to process your data. For example:
- We may require by law to ask for proof of ID and age.
- Gathering information as part of investigations by regulatory bodies or in connection with legal proceedings or requests.
- Legitimate Interests: in some situations, we require your data to pursue our interests in a way which might reasonably be expected as part of running our business and which does not significantly impact your rights or freedom. For example:
- We will use the contact details you provide, to call/SMS/email you regarding your enquiry and provide you with targeted relevant information.
- We may use your anonymised data combined with other customers to identify trends and to help make improvements to our service and business.
5. Instances when we collect data
- When you visit any of our websites.
- When you communicate with us by phone or email or instant messaging systems such as SMS text or WhatsApp.
- When you engage with us on social media which could be for example via Facebook or Instagram.
- When you interact (open/click) with our emails.
- When you request further information from us via phone, WhatsApp, SMS text or email.
- When you arrange a consultation or appointments with our clinic staff.
- When you attend appointments.
- When you make payments to us for our service or require a refund.
- When you fill in any forms online or in clinic.
- When you have given a third-party (examples: Facebook or Instagram) permission to share with us the information they hold about you.
- When you complete any surveys, we may send to you.
- When you visit our clinics, we may operate CCTV systems for security purposes.
- When you review our services.
- When you refer a friend or family member to us.
6. Type of personal data we collect
- On our website you may submit a book a consultation, call back request form. This may include your name, email address, phone number and post code, along with treatment of interest. We require this information to contact you about your request. This information helps us understand what service you are enquiring about.
- We may ask for copies of documents you provide to prove your age or ID where the law or company policy requires.
- Details of your visits to our websites, including how you arrived, which pages you visited, time spent, links clicked and technical information about your device and internet connection.
- Personal details which help us make suggestions about a treatment that you may be interested in.
- Payment details.
- Your reviews, survey responses and comments.
7. Why and how do we use your personal data?
It is our main aim to ensure your experience with Kensington Medical is a good one. It is by collecting data from you that we can work hard to achieve a great outcome, improve our services and communication with you. We also collect data for legal reasons, this may be for contractual obligations or to comply with the law. Please find listed below what we use your personal information for:
- To contact you regarding your enquiry – we collect and process your data so we can answer your request for further information, book a consultation for you or call you back to book an appointment.
- To provide you with information about your treatment of interest. This is to ensure that you understand your options and so that you can make an informed decision.
- To remind you by email, phone or SMS text to attend or book further appointments for a treatment or review of a treatment.
- With your consent, we may send you information about news, treatments, or company updates.
- To ensure the information is aligned with your interest and is relevant.
- To continue to provide the best service we analyse your information.
- To make sure we speak to the right person – to help prevent and detect fraud.
- To provide support and excellent customer service.
- To take payment and process refunds.
8. How do we protect your data?
- We take appropriate steps to protect it from unauthorised access, loss and misuse. Sensitive information such as medical records will not be used for marketing purposes. This data is never sold for any purpose. The security of your data is taken seriously by us.
- For how long do we keep your information?
- We keep your data for as long as is necessary to fulfil the purpose for which it was collected. At the end of the period, your data will be either deleted or anonymised to be used in a non-identifiable way for statistical analysis. This helps us improve our service and business.
- Cookies & similar technologies
9. Who do we share your personal data with?
- We never sell or share your sensitive personal data with any third parties, except subcontractors and partners involved in the delivery of the services you buy from us. We want to maintain your trust in us as a reputable company and believe this is essential to ensure this.
- However, we do use third parties to support, manage or deliver some of our business services.
- As a result, we may share non-sensitive personal data (such as phone numbers, email address and IP address) with the following type of companies we work with:
- Companies that help us deliver our emails and electronic communications to you.
- Companies that support our website, phone handling and other IT/business systems.
- Companies that provide online communication services between you and us such as instant messaging and video conferencing platforms. By using these services you accept their terms of usage and understand that all data including messages, photos, videos, files and transcripts will be managed in accordance with the policies of those third parties.
- Companies that provide analytics services, such as Google Analytics.
- We select these companies carefully and take precautions to keep your data safe and protect your privacy:
- Our providers are carefully screened with data security playing a key factor in our decision to work with them.
- We only provide the data they need to perform the services we require.
- They may only use your data for the purposes we specify and agree with them.
10. What are your rights?
You have many rights relating to your personal data including:
- The right to access the personal data we hold about you.
- The right to request the correction of inaccurate data about you. If we hold inaccurate or out of date information about you, you can request that we change or update it.
- The right to request that we delete your data or stop processing it – in some instances such as where we no longer need it, we can delete your personal data.
- The right to stop direct marketing – you have the absolute right to stop our use of your personal data for direct marketing purposes. In this instance we must always comply with your request.
- The right to withdraw your consent – whenever you have given us your consent to use your personal data, you have the right to change your mind and tell us.
- Please note there may be instances where we refuse your request for any of the above (unless otherwise stated), where we have a strong overriding reason or are legally obliged to.
If you wish to exercise any of your rights, have a complaint or questions about this policy, please see the “Who we are” section for contact details.
11. How to stop marketing messages from us
- There are several ways you can stop receiving marketing messages from us. It is important to be aware that these actions will only stop emails that are not related to booking confirmation / payment confirmation / medical aftercare. You may still receive email correspondence from Kensington Medical staff relating to your care as a patient. You can stop receiving our emails by:
- Clicking the "unsubscribe" link at the bottom of any of our marketing emails.
- Send a request to unsubscribe by replying directly to any of our marketing emails.
- In most cases your request will be processed immediately but occasionally it may take a few days to take effect so you may still receive emails from us during this time.
- If you have previously unsubscribed but change your mind and wish to be included in our emails again, please call us or let a member of staff know. We will email you a request which you need to open and accept to start receiving our emails again.
We do not knowingly collect personal data relating to children under the age of 16. If you are a parent or guardian of a child under the age of 16 and think that we may have information relating to that child, please contact us. We will ask you to prove your relationship to the child and if you do, you may request access to and deletion of that child’s personal data, subject to applicable law.
If you have concerns about aspects of the way your data has been handled or used by us and are not satisfied with our response, you can report your concerns to the UK Information Commissioner Office (ICO). Details of how to do this are on the ICO website (https://ico.org.uk).
15. Questions you may have
16. This policy was last updated on the 5 December 2021.