The Glen Clinic Privacy statement supporting General Data Protection Regulations 2018 (GDPR)
We take your privacy very seriously; therefore we urge you to read this policy very carefully, because it contains important information about us and the personal information we collect about you, our users, what we do with your information, and who your information may be shared with.
This policy was last updated on 17th February 2022.
1 ‐ Awareness
The Glen Clinic will make sure that decision makers and key people in our company are aware of the new GDPR. We raise awareness to our staff and those working out of the Glen Clinic under practising privileges of the impact this is likely to have on individuals and identify areas that could cause compliance problems under the GDPR.
We care that you have the highest level of privacy when using our company website.
2 ‐ Information
We hold with your consent, personal data we hold from details you may enter via our website:
Where it came from
Who we share it with
When using our website webform you will be required to consent to our online mail processing service Mailing Manger for securely managing and processing your email correspondance. We may have to share your data if we are legally required to do so by Scottish law. When you consent to recieve marketing communications you may recieve correspondance via email, sms messaging and via social apps such as; Facebook Messenger, Instagram, Twitter, WhatsApp etc. You may unsubscibe email marketing at any time via the link at the bottom of the email. To unsubscribe from our other marketing communications please contact us directly. When agreeing to Aesthetic treatments, we securely store your data within a Personal Care Plan:
Where it came from
Who we share it with
Consent for Treatment
We may have to share your data if we are legally required to do so by Scottish law. Your personal care plan will be retained for 10 years after your last treatment, held under lawful basis 'special categories health': Section (h) and (i) of the GDPR article 9(2).
At the Glen Clinic we carry out regular information audits to ensure that we are aware of and control all data in compliance with GDPR. To maintain our accuracy of your data, we may contact you from time to time to confirm the accuracy of your data. We maintain records of all processing activities to ensure that we can modify, update, delete and ensure proper provision of your data that we have on record to facilitate Subject Access Requests (SAR). This allows the Glen Clinic to comply with GDPR’s accountability principle. Patients who agree to have their photographic images and treatment details shared on our website and social media, do so under legal basis 'Consent'. We record when this data is posted and where possible will remove the data immediately at the request of the Patient. It is important to note that some digital platforms may not provide the facitlity to completely remove all 'Shared' posts, images and associated data. Users That Register There is no need to register on this website.
We do not use cookie functionality on this website. the Glen Clinic Cookies We do not use cookie functionality on this site. Analytics Cookies We do not use Analytics cookie functionality on this site. Advertising Cookies We do not use Advertising cookie functionality on this site. We fully support your right not to be subject to automated profiling for the purposes of advertising. At the Glen Clinic we do not install tracking cookies on our website. Your privacy is important to us. 3 ‐ Communicating Privacy Information
When the Glen Clinic receive personal data we will provide you with our identity:
THE GLEN CLINIC SUITE 23, 1 SPIERSBRIDGE WAY, SPIERSBRIDGE BUSINESS PARK, THORNLIEBANK, GLASGOW G46 8NG TEL: 0141 6384098/079 6656 1474 E: OFFICE@THEGLENCLINIC.COM WWW.THEGLENCLINIC.COM COMPANY NO. SC710785
Director: Carolyn Fraser
The Glen Clinic ICO nominated Data Controller: Carolyn Fraser
The information The Glen Clinic provide will be concise, easy to understand using clear language. You have a right to complain to the Information Commisioners Office (ICO) if you think there is a problem with the way The Glen Clinic are handling your data. Please contact The Glen Clinic on the first instance so that we have an opportunity to examine the complaint and rectify this if possible. We care about your feedback.individuals'
4. Rights At the Glen Clinic we understand that you have individual rights and we have detailed how we support your rights: Right to be informed; We will always inform you of the specific data we receive from you via confirmation email. We will always inform you of any changes to the way we store or manage your data. Right of access; You may request confirmation of your personal data that we have received and stored. This should be conducted using a written or oral Subject Access Request (SAR). You will receive this information within one month of request. Right to rectification; You may request rectification of your personal data that we have received and stored. This may be done by via email firstname.lastname@example.org or written correspondence to our business address. Right to erasure; You may request erasure of your personal data that we have received and stored. This may be done by via email offor written correspondence to our business address. Right to restrict processing; You may request restrictions in the way we process your personal data that we have received and stored. This may be done by via email or written correspondence to our business address.
Right to data portability; You have the right to Data Portability of your personal data that we have received and stored. This may be done by via email or written correspondence to our business address. Right to object; You may object to the way we process your personal data that we have received and stored. This may be done by via email or written correspondence to our business address. Right not to be subject to automated decision-making including profiling; At the Glen Clinic we fully support this right and as such do not use any third party plug-ins to profile and track you for marketing or re-marketing. Your right not to be profiled is important to us.
5 ‐ Subject Access Requests (SAR) You may request and be furnished with your data via a Subject Access Request (SAR). This should be submitted to the Glen Clinic in written form via: email@example.com or written letter to our company address as above You will receive your information within a month.
Please Note: the Glen Clinic can refuse or charge for requests that are manifestly unfounded or excessive. If the Glen Clinic refuse a SAR request, we will tell you why within a month of receiving the request. You have the right to complain to the supervisory authority and to a judicial remedy. 6 ‐ Lawful Basis for Processing Personal Data Our identification of the lawful basis for your processing activity in concordance with GDPR (2018) is: Where Aesthetic treatments are agreed to, all data stored in your personal care plan will be processed using the GDPR 'special categories health': Section (h) and (i) of the GDPR article 9(2). • (h) processing is necessary for the purposes of preventive or occupational medicine, for the assessment of medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3; • (i) processing is necessary for reasons of public interest in the area of public health, ensuring high standards of quality and safety of health care and of medicinal products or medical devices, on the basis of Union or Member State law which provides for suitable and specific measures to safeguard the rights and freedoms of the data subject, in particular professional secrecy; For all other data, the lawful processing of your personal data is 'Consent'. 7 ‐ Consent At the Glen Clinic your consent for us to receive and store your data will always be conducted in a way that is freely given, specific, informed and unambiguous. We will always offer a specific, granular, clear, prominent and positive opt-in mechanism, we will never seek consent which is inferred from silence, pre-ticked boxes or inactivity and separate from other terms and conditions. We will always offer simple ways for people to withdraw their consent. 8 ‐ Data Breaches the glen clinic will report all data breaches that could result in discrimination, damage to reputation, financial loss, loss of confidentiality or any other significant economic or social disadvantage to the ICO. Where a breach is likely to result in a high risk to the rights and freedoms of individuals, the Glen Clinic will also notify you directly.
For enquiries Contact: carolyn 079 6656 1474
All advice and information contained in this website is for general advice only. Always seek medical consultation from a medical professional before acting, advising, persuing or attaining facial aesthetic and skin treatments advertised on this website.
Contacting us If you have any questions about this policy or the information we hold about you, please contact us using details below:
Terms and Conditions - Practising privileges - Those working at the Glen Clinic under the above will be required to work under a PP contract. This contract must be carefully read through and adhered to, failure to meet the requirements of the pp contract will mean that you will not be able to hire the glen clinic. Before you start you will be asked to sign the pp contract and a 2 hour induction will be required, plus 3 monthly meetings. The clinic has a policies manual and operating procedures which must be studied.
©2022 the Glen Clinic
THE GLEN CLINIC
Suite 23 1 - suite 23 2, 1 Spiersbridge Way, Spiersbridge Business Park, Thornliebank, Glasgow G46 8NG
Tel: 01416384098 / 07966561474
Copyright © 2022 The Glen Clinic Room Ltd - All Rights Reserved.
Company no. SC710785