Protecting the privacy and personal data of the visitors to our site is of the utmost importance to us.
- The Maitland Clinic collects and uses personal data about you, in accordance with the General Data Protection Regulation (GDPR), the Data Protection Act [1998 OR 2018] and any other national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK (‘Data Protection Legislation’).
- Will provide all of the details you need on how we use your information, and how we will comply with the law in doing so.
- Outlines the way this website processes, stores and protects user data and information.
Please read the following carefully to fully understand our practices regarding your personal data and how we will collect and use it.
For the purpose of the Data Protection Legislation and this notice, we are the ‘data controller’. This means that we are responsible for deciding how we hold and use personal data about you. We are required under the Data Protection Legislation to notify you of the information contained in this privacy notice.
We have appointed a Data Protection Officer. Our Data Protection Officer is Umar Sabat, from IG Health Limited. He can be contacted on email@example.com.
Our Data Protection Officer is responsible for assisting with enquiries in relation to this privacy notice or our treatment of your personal data. Should you wish to contact our Data Protection Officer you can do so on the above email address.
What personal information do we collect and use from our patients?
The personal information that we collect will depend on your relationship with us. We will collect different information depending on whether or not you are already a patient of The Maitland Clinic.
We may use “special categories of personal information” (otherwise known as “special categories of data”) about you, such as information relating to your physical and mental health. For example, if you are a patient we will require information about your health in order to provide the best and safest treatment.
If you provide personal information to us about other individuals, or on behalf of another individual (including medical or financial information) you should inform the individual about the contents of this Privacy Notice. We will process such information in accordance with this Privacy Notice.
In addition, you should note that in the event you amend data which we already hold about you (for instance by amending a pre-populated form) then we will update our systems to reflect the amendments.
As a new enquiry or patient of The Maitland clinic, the personal information we hold about you may include the following:
- Contact details, such as postal address, email address and contact number
- Date of birth
- Emergency contact details, including next of kin
- Previous medical history
- Background referral details
Special categories personal information
As a patient of The Maitland Clinic, we will hold information relating to your medical treatment which is known as a special category of personal data under the law, meaning that it must be handled even more sensitively. The special categories of personal information we hold about you may include the following:
- Details of your current or former physical or mental health. This may include information about any healthcare you have received (both from The Maitland Clinic and other healthcare providers such as GPs, dentists or hospitals. We provide further details below on the manner in which we handle such information.
- Details of services you have received from us
- Details of your nationality, race and/or ethnicity
The confidentiality of your medical information is very important to The Maitland Clinic. We make every effort to prevent any unauthorised access to and use of information relating to your current or former physical and mental health. In doing this, The Maitland Clinic complies with UK data protection law, including the Data Protection Act 2018, and all applicable medical confidentiality guidelines issued by professional bodies including, but not limited to, the General Medical Council and the Care Quality Commission.
How do we collect your information?
We may collect personal information from a number of different sources (with your prior consent) including, but not limited to:
- Hospitals, both NHS and private
- Mental health providers
- Commissioners of healthcare services
- Clinicians (including their medical secretaries)
- Directly from you
Information may be collected directly from you when:
- You enter into a contract with The Maitland Clinic for our hair restoration services
- You use those services
- You complete an enquiry form on The Maitland Clinic’s website
- You submit an enquiry to us through our website, by email or social media
- You correspond with us by letter, email, telephone (all incoming calls are recorded) or social media, including where you reference The Maitland Clinic in a public social media post
- You take part in our marketing activities
In order to provide you with the best treatment possible, it may be necessary for us to collect personal information about you from other organisations (only with your prior consent). These may include:
- Medical records from your GP
- Medical records from your clinician (including their medical secretaries)
- Medical records from your dentist
- Medical records from the NHS or any private healthcare organisation
Medical records include information about your diagnosis, clinic and hospital visits and medicines administered.
- We may collect information about you from third parties when:
- You are referred to use for the provision of services
- We liaise with your family or next of kin (only with your prior consent)
- We deal with experts (including medical experts) and other service providers about services you have received or are receiving from us
How we communicate with you?
In order to communicate with you, we are likely to do this by telephone, SMS, email and/or post. If we contact you using the telephone number(s) which you have provided and you are not available (resulting in the call being directed to a voicemail and/or answering service), we may leave a voice message on your voicemail and/or answering service as appropriate.
To ensure that we provide you with timely updates and reminders in relation to your treatment or appointment, we may communicate with you via SMS and/or email (where you have provided us with an email address) in each case where you have expressed a preference within your enquiry to be contacted by SMS and/or email.
If we have your mobile number or email address we may use this as a method of communication to contact you regarding patient satisfaction surveys which are for the purpose of improving our service or monitoring outcomes.
Please note that by providing your mobile number and email address and stating a preference of communication method, this will be taken as an affirmative confirmation that you are happy for us to contact you in that manner.
We may contact you to ask you to participate in surveys regarding your treatment with The Maitland Clinic. The surveys will largely be sent by email following your treatment. These emails do not try to sell you any products or services; it is solely to gather information relating to your experience of The Maitland Clinic, for the purposes of improving the quality of the services we offer. Participation in the surveys is entirely voluntary. You may decide not to complete the surveys and you will have the option to unsubscribe from receiving further survey invitations. You also have the opportunity to request a call back to discuss your survey responses in detail.
What are the purposes for which your information is used?
We may ‘process’ your information for a number of different purposes, which is essentially the language used by the law to mean using your data. Each time we use your data we must have a legal justification to do so. The particular justification will depend on the purpose of the proposed use of your data. When the information that we process is classed as “special category of personal information”, we must have a specific additional legal justification in order to use it as proposed.
Generally, we will rely on the following legal justifications, or ‘grounds’:
- Taking steps at your request so that you can enter into a contract with The Maitland Clinic to receive hair restoration services from us.
- For the purposes of providing you with healthcare pursuant to a contract between you and The Maitland Clinic. We will rely on this for activities such as supporting your medical treatment or care and other benefits, supporting your doctor, nurse, carer or other healthcare professional and providing other services to you.
- We have an appropriate business need to process your personal information and such business need does not cause harm to you. We will rely on this for activities such as quality assurance, maintaining our business records, developing and improving our products and services and monitoring outcomes.
- We have a legal or regulatory obligation to use such personal information.
- We need to use such personal information to establish, exercise or defend our legal rights.
- You have provided your consent to our use of your personal information.
- Note that failure to provide your information further to a contractual requirement with us may mean that we are unable to set you up as a patient or facilitate the provision of your treatment.
The right to object to other uses of your personal data
You have a range of rights in respect of your personal data, as set out in detail in the section entitled “Your rights”. This includes the right to object to The Maitland Clinic using your personal information in a particular way (such as sharing that information with third parties), and we must stop using it in that way unless specific exceptions apply. This includes, for example, if it is necessary to defend a legal claim brought against us, or it is otherwise necessary for the purposes of your ongoing treatment. If you would like more information on details of our legal grounds please contact us through the website “Contact” page.
Who might we share your information with?
From time to time we may be required to share your personal information with a third party, these may include:
- A doctor, nurse, carer or any other health care professional involved in your treatment and wellbeing.
- Other members of support staff involved in the delivery of your care such as receptionists and hair technicians.
- Anyone that you ask us to communicate with or provide as an emergency contact, for example, your next of kin or carer.
- NHS organisations.
- Other private sector healthcare providers.
- Your GP.
- Your dentist.
- Third parties who assist in the administration of your healthcare, such as insurance companies.
- Government bodies, including the Ministry of Defence, the Home Office and HMRC.
- Our regulators such as the Care Quality Commission.
- The police and other third parties where reasonably necessary for the prevention or detection of crime.
- Our insurers.
- Our third party service providers such as auditors, lawyers and tax advisers.
- Selected third parties in connection with any sale, transfer or disposal of our business.
How long do we keep personal information for?
We will only keep your personal information for as long as reasonably necessary to fulfil the relevant purposes set out in this Privacy Notice. Please view this summary of our Retention Policy for more information.
Under data protection law you have certain rights in relation to the personal information that we hold about you. These include rights to know what information we hold about you and how it is used. You may exercise these rights at any time by contacting us (see our “Contact” website page)
There will not usually be a charge for handling a request to exercise your rights. If we cannot comply with your request to exercise your rights we will usually tell you why. There are some special rules about how these rights apply to health information as set out in legislation including the Data Protection Act, the General Data Protection Regulation as well as any secondary legislation which regulates the use of personal information. If you make a large number of requests or it is clear that it is not reasonable for us to comply with a request then we do not have to respond. Alternatively, we can charge for responding.
Your rights include:
The right to access your personal information
You are usually entitled to a copy of the personal information we hold about you and details about how we use it. Your information will usually be provided to you in writing unless otherwise requested. If you have made the request electronically (eg by email) the information will be provided to you by electronic means where possible. Please note that in some cases we may not be able to fully comply with your request, for example, if your request involves the personal data of another person and it would not be fair to that person to provide it to you.
Under Article 15(1) of the GDPR, we must usually confirm whether we have personal information about you. If we do hold personal information about you we usually need to explain to you:
- The purposes for which we use your personal information.
- The types of personal information we hold about you.
- Who your personal information has been or will be shared with, including in particular organisations based outside the EEA.
- If your personal information leaves the EU, how we make sure that it is protected.
- Where possible, the length of time we expect to hold your personal information. If that is not possible, the criteria we use to determine how long we hold your information for.
- If the personal data we hold about you was not provided by you, details of the source of the information.
- Whether we make any decisions about you solely by computer and if so details of how those decisions are made and the impact they may have on you.
- Your right to ask us to amend or delete your personal information.
- Your right to ask us to restrict how your personal information is used or to object to our use of your personal information.
- Your right to complain to the Information Commissioner’s Office.
We also need to provide you with a copy of your personal data.
The right to rectification
We take reasonable steps to ensure that the information we hold about you is accurate and complete. However, if you do not believe this is the case, you can ask us to update or amend it.
The right to erasure (also known as the right to be forgotten)
We may update this Privacy Notice from time to time to ensure that it remains accurate, and the most up-to-date version can always be found at https://www.themaitlandclinic.com/privacy-policy/. In the event that there are any material changes to the manner in which your personal information is to be used we will update this Privacy Notice.
In some circumstances, you have the right to request that we delete the personal information we hold about you. However, there are exceptions to this right and in certain circumstances we can refuse to delete the information in question. In particular, for example, we do not have to comply with your request if it is necessary to keep your information in order to perform tasks which are in the public interest, including public health, or for the purposes of establishing, exercise or defending legal claims.
The right to restriction of processing
In some circumstances, we must “pause” our use of your personal data if you ask us to. We do not have to comply with all requests to restrict our use of your personal information. In particular, for example, we do not have to comply with your request if it is necessary to keep your information in order to perform tasks which are in the public interest, including public health, or for the purposes of establishing, exercise or defending legal claims.
The right to data portability
In some circumstances, we must transfer personal information that you have provided to us to you or (if this is technically feasible) another individual/ organisation of your choice. The information must be transferred in an electronic format.
The right to withdraw consent
In some cases, we need your consent in order for our use of your personal information to comply with data protection legislation. We have explained in the section entitled “What are the purposes for which your information is used?” where we rely on your consent in this way. Where we do this, you have the right to withdraw your consent to further use of your personal information.
The right to complain to the Information Commissioner’s Office
You can complain to the Information Commissioner’s Office if you are unhappy with the way that we have dealt with a request from you to exercise any of these rights, or if you think we have not complied with our legal obligations. More information can be found on the Information Commissioner’s Office website: https://ico.org.uk/
Making a complaint will not affect any other legal rights or remedies that you have.
The website and cookies
www.themaitlandclinic.com and The Maitland Clinic Ltd take a proactive approach to user privacy and ensure the necessary steps are taken to protect the privacy of its users throughout their visiting experience. This website complies with all UK national laws and requirements for user privacy. We use Hubspot as an email tracker so that we are able to confirm that you have received our correspondence. You can see further information here: https://www.hubspot.com/
What are cookies?
Cookies are small files saved to the user’s computer’s hard drive that track, save and store information about the user’s interaction and usage of the website. This allows the website, through its server to provide the users with a tailored experience within this website.
Can I turn cookies off?
Users are advised that if they wish to deny the use and saving of cookies from this website on to their computers hard drive they should take necessary steps within their browsers security settings to block all cookies from this website.
Other cookies may be stored to your computer’s hard drive by external vendors when this website uses referral programs, sponsored links or adverts. Such cookies are used for conversion and referral tracking and typically expire after 30 days, though some may take longer. No personal information is stored, saved or collected. Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement applicable to the website in question.
Although this website only looks to include quality, safe and relevant external links, users are advised to adopt a policy of caution before clicking any external web links mentioned throughout this website. (External links are clickable text/banner/image links to other websites, similar to; www.websitename.co.uk.)
The owners of this website cannot guarantee or verify the contents of any externally linked website despite their best efforts. Users should therefore note they click on external links at their own risk and this website and its owners cannot be held liable for any damages or implications caused by visiting any external links mentioned.
Adverts and sponsored links
This website may contain sponsored links and adverts. These will typically be served through our advertising partners, to whom may have detailed privacy policies relating directly to the adverts they serve.
Social media platforms
Communication, engagement and actions taken through external social media platforms that this website and its owners participate on are custom to the terms and conditions as well as the privacy policies held with each social media platform respectively.
Users are advised to use social media platforms wisely and communicate/engage upon them with due care and caution in regard to their own privacy and personal details. Neither this website nor its owners will ever ask for personal or sensitive information through social media platforms and encourage users wishing to discuss sensitive details to contact them through primary communication channels such as by telephone or email.
This website may use social sharing buttons which help share web content directly from web pages to the social media platform in question. Users are advised before using such social sharing buttons that they do so at their own discretion and note that the social media platform may track and save your request to share a web page respectively through your social media platform account.
Shortened links in social media
This website and its owners through their social media platform accounts may share web links to relevant web pages. By default, some social media platforms shorten lengthy URLs [www.themaitlandclinic.com] (this is an example: http://bit.ly/zyVUBo).
Users are advised to take caution and good judgement before clicking any shortened URLs published on social media platforms by this website and its owners. Despite the best efforts to ensure only genuine URLs are published many social media platforms are prone to spam and hacking and therefore this website and its owners cannot be held liable for any damages or implications caused by visiting any shortened links.
Changes to this notice
We may update this Privacy Notice from time to time to ensure that it remains accurate. In the event that these changes result in any material difference to the manner in which we process your personal data then we will provide you with an updated copy of the Policy.
This Privacy Notice was last updated on 23 May 2018.
Telephone: 0800 612 6076
ICO Registration Number: ZA159905
Companies House Number: 09848802
Station House, North Street, Havant, PO9 1QU