Re:Nu Dental & Medispa is a dental practice based in Notting Hill.
We are a data controller for the purposes of the General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR) and related data protection legislation.
How to contact us
If you have any questions about our Privacy Notice or our data protection policies generally, please contact us:
· Initial enquiries should be directed to our practice as follows:
· By post: 20 Chepstow Road, London, W2 5BD
· By phone: 020 8167 4185
· By email: firstname.lastname@example.org
Our Data Protection Officer is: Latha Rajagopal
We are fully committed to handling personal information in accordance with the General Data Protection Regulation (GDPR) which came into force on the 25 May 2018.
This means your personal information will be:
· Processed lawfully, fairly and in a transparent manner.
· Collected for specified, explicit and legitimate purposes.
· Only collected as required for our lawful purposes.
· Reviewed regularly.
Retained only for as long as necessary and in accordance with our retention policy.
· Processed securely and with integrity.
It is important that you are aware of our procedures and practices and understand your rights in relation to your personal data and this Privacy Notice is designed to be part of that information.
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together follows:
Identity data includes first name, last name, username or similar identifier, title and job title.
Contact data includes postal address, email address and telephone numbers.
Technical data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website.
Profile data includes your interests, preferences, feedback and survey responses.
Usage data includes information about how you use our website, products and services.
Marketing and communications data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
How do we collect the information
We may collect this information directly from you (e.g. when you submit a form to us or enter into a contract for services with us or via a face to face meeting).
Change of purpose
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Do We Share with Third-Parties?
We may share your personal information with third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so.
We will take all reasonable steps to ensure all information sharing is carried out in a secure way and will ask our third-party associates to assure us they will handle your personal data securely by using contracts to make our requirements clear and within the legal requirements as set out in the GDPR.
Where do we store Personal Data?
Your data is stored on a secured database enforced by password protocols.
We do collect statistics on visits to our website and social media sites and whilst these are anonymous statistics, your IP address may be considered personal data under the legislation. Therefore, we may collect information about the computer or device which is used to access our website. We use this information to collect anonymous statistics to view traffic to the site and how the site is used. This collection does not identify individual users.
Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity.
For further information visit www.aboutcookies.org or www.allaboutcookies.org
You can set your browser not to accept cookies and the above websites tell you how to remove cookies from your browser. However, in a few cases some of our website features may not function as a result.
In the event of a “high risk” personal data breach the individual(s) will be notified immediately within 72 hours as well as the Information Commissioners Office (ICO). Our company and staff shall follow our security protocols in line with our “Data Breach” company policy as well as the ICO guidelines and take all necessary precautions in order to minimise the severity of the breach for the individual. All personal data breach shall be recorded in our data breach register.
Right to be informed.
You have the right to be informed about the processing of your personal data, and this Privacy Notice provides you with the information you need to reassure you that we handle your personal data securely and lawfully.
Right of access.
You have the right to request access to your personal data and to request further information relating to your personal data such as the purposes of processing, the categories of organisations with whom we share your personal data, the retention period for such personal data and the existence of any automated decision-making relating to your personal data.
Right to rectification.
You have the right to have any inaccuracies or factual errors corrected or incomplete data amended.
If this information has been disclosed to a third-party we will inform that party and request that they amend their records.
We want your information to be accurate, complete and up to date so you can ask us to make any rectifications necessary as your details or circumstances change.
Right to erasure (the right to be forgotten).
You can request to have your personal data deleted or removed if there is no compelling reason to keep it, as follows:
· if your personal data is no longer required for the purposes for which we obtained them;
· where the processing of your personal data is based on your consent and you withdraw such consent;
· where the processing of your personal data is based on our legitimate interests and you successfully object to such processing;
· where the personal data is processed unlawfully; or
· where the personal data has to be erased for compliance with a legal obligation.
If the personal data is held for statutory or regulatory requirements it cannot be erased.
Any request made will be discussed with you, unless deletion is an obvious step.
Following erasure we will not retain your information and therefore it is possible that your personal information may be re-obtained from the public domain or social media which may result in contact from our organisation.
Right to data portability.
You have the right to take and use your data for other services or purposes. Where the personal data provided by you is processed on the basis of your consent or a contract between us and you, we are required to make this information available to you in a readable easily transferred format.
We do not sell your personal data.
We meet in person as we believe that is the best way to start our relationship and to asses your requirements for our services.
Exercise of your rights.
If you wish to exercise any of your rights in respect of your personal data, please contact us using the details above. Our Data Protection Officer will provide you with further information if required.
We will respond to any exercise of your rights within one month of such request, unless the request is complex in which case we will seek an extension and respond within a further two months thereafter.
We will respond to your requests to exercise your rights at no charge, although repeated or manifestly unfounded or excessive requests may be refused or may incur an administrative charge covering the time and other costs associated with this.
During the registration process we may ask how you wish to be contacted:
· By telephone
· By email
· By post
· By text/SMS
You are free to consent to all or one or more of these, however, the law requires that if you permit us to use only one method, that is the only method we can use. Given your requirements and opportunities that can come up at short notice you may wish to consider more than one contact method.
In the first instance we would request that you discuss any complaints with us.
The ICO website has a template letter to assist you but we are happy to discuss in person if you contact your personal consultant at 0208 167 4185
If you are not satisfied after we address your complaint you can complain to the:
Information Commissioners Office
The website has a live chat facility, or you can call 0303 123 1113 (local rate)