Privacy Notice
We take your privacy very seriously. It is therefore important that you read this Privacy Notice carefully as it contains important information on who we are and how and why we collect, store, use and share your personal data. It also explains your rights in relation to your personal data and how to contact us or the supervisory authorities in the event that you have a complaint.
When we use your personal data we are regulated under current data protection regulation. As the responsible controller, our use of your personal data is subject to your instructions, the current data protection regulation and our professional duty of confidentiality.
Key terms
It would be useful to start by explaining some key terms we use in this Privacy Notice:
We, us, our
Restore Surgery Limited of Chandlers Court, 158/159 High Street, Hull HU1 1NQ, registered in England and Wales under registration number 07089836 (‘the controller’ for the purposes of your personal data).
Our Data Protection Officer
Uche Akali - Director (Solicitor)
Telephone: 01482 616 616
Personal data
Any information relating to an identified or identifiable living individual
Special category personal data
Personal data revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs or trade union membership
Genetic and biometric data Data
concerning health, sex life or sexual orientation
Personal data we collect about you
Below sets out some examples of the personal data we may collect during the course of your matter.
Personal data/Special category personal data (where necessary) we will collect during the course of providing you with our services.
Your name, address and telephone number
Information to enable us to check and verify your identity, e.g. your date of birth or passport details for the purposes of the current anti-money laundering and other regulatory legislation.
Personal data/Special category personal data (where necessary) we will collect during the course of providing you with our services.
Your email address and mobile phone number
Information relating to the matter in which you are seeking our advice
Your financial details so far as relevant to your instructions
This personal data is required to enable us to provide our services to you. If you do not provide the personal data and information that we ask for, it may delay or prevent us from providing the services to you that you have contracted with us to carry out on your behalf.
How your personal data is collected
We collect most of this information from you. However, we may also collect information:
from publicly accessible sources;
from a third party usually with your consent, e.g. your doctor, clinics or hospitals;
consultants and other professionals we may engage in relation to your case;
your doctor(s), medical and occupational health professionals;
via our website
How and why we use your personal data
Under current data protection legislation, we can only use your personal data if we have a proper reason for doing so, e.g.
to comply with our legal and regulatory obligations;
for the performance of our contract with you or to take steps at your request before entering into a contract;
for our legitimate interests or those of a third party; or
where you have freely given specific and informed consent.
A legitimate interest is when we have a business or commercial reason to use your information.
Marketing
We like to keep our contacts up to date and send information which we believe may be of interest to you, such as details of our services, newsletters and legal updates and invitations to events. In accordance with current data protection legislation, we must have your freely given, specific and informed consent to do this.
If you wish to give your consent to receiving marketing information with us, please complete the enclosed Communication Consent Form and then sign the form as confirmation of your consent and return it to us by either scanning and emailing it to practice.manager@restoresurgery.com. You are entitled to withdraw your consent to receiving marketing information from us at any time by contacting us on 01482 223 553 or by emailing the above address.
We will always treat your personal data with the utmost respect and never share it with other organisations outside of our external Marketing Consultants for marketing purposes and under no circumstance, we will not sell your data on to any third parties
We may ask you to confirm or update your marketing preferences if you instruct us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business.
Who we share your personal data with
We routinely share personal data with:
professional advisers or other experts who we interact with in order to ensure a smooth service delivery to you;
our insurers and brokers;
our external marketing consultants,
external auditors, e.g. in relation to the audit of our accounts;
our bank;
our external ICT providers;
our regulators such the BMA, BAPRAS and others.
We only allow our service providers to handle your personal data if we are satisfied that they take appropriate measures to protect your personal data. We also impose contractual obligations upon our service providers to ensure they can only use your personal data to provide services to us and to you.
We may also disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.
Where your personal data is held
Information may be held at our offices, located in Hull and those of our third party agencies, service providers, representatives and consultants as described above.
How long will your personal data be kept by us
We will keep your personal data after your matter has been concluded. We will do so for one of the following purposes:
to respond to any questions, complaints or claims made by you or on your behalf;
to show that we treated you fairly;
to enable us to carry out conflicts of interests checks
to keep records required by law, including compliance with the anti-money laundering legislation.
We will not retain your data for longer than necessary for the purposes set out in this Notice. Different retention periods will apply for different types of personal data due to the legal and statutory duties under which we are obliged to operate. This means that we cannot provide you with a definitive period in relation to how long we hold your personal data as this will vary.
Transferring your personal data out of the EEA
To deliver our services to you, it is sometimes necessary for us to send your personal data outside the European Economic Area (EEA), e.g.
where our service providers are located outside the EEA
if you are based outside the EEA;
where there is an international element to the matter upon which we are advising you.
These transfers are subject to special rules under current European and UK data protection legislation.
Non-EEA countries do not have the same data protection laws as the United Kingdom and EEA. We will, however, ensure that the transfer of your personal data complies with current European and UK data protection legislation and all personal data will be secure.
If you would like further information please contact our Data Protection Officer.
CCTV
Although CCTV is in operation in certain locations around our offices, we would like to make it clear that we are not the controller for any CCTV. If you wish to access any recordings of CCTV in any areas around our offices, you must make this request directly to the relevant controller. We will be happy to provide you with contact information for these controllers if your require them. This information can be obtained from our Data Protection Officer.
Your rights
You have the following rights, which you can exercise free of charge:
Access – The right to be provided with a copy of your personal data
Rectification – The right to require us to correct any mistakes in your personal data
To be forgotten – The right to require us to delete your personal data—in certain situations
Restriction of processing – The right to require us to restrict processing of your personal data—in certain circumstances, e.g. if you contest the accuracy of the data
Data portability – The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations
To object – The right to object:
at any time to your personal data being processed for direct marketing (including profiling);
in certain other situations to our continued processing of your personal data, e.g. processing carried out for the purpose of our legitimate interests.
Not to be subject to automated individual decision-making – The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you
If you would like to exercise any of those rights, please:
email or write to our Data Protection Officer, and provide us with the following:-
documentary evidence of proof of your identity and address (for example a certified copy your driving licence or passport and a recent utility bill dated within the last 3 months); and
inform us of which right(s) you want to exercise and the information to which your request relates.
Keeping your personal data secure
We have appropriate security measures to prevent your personal data from being accidentally lost, used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Complaints
We hope that we can resolve any query or concern you may raise about our use of your information.
The current data protection legislation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the ICO who may be contacted at https://ico.org.uk/concerns or their address which is Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF or telephone: 0303 123 1113.
Changes to this Privacy Notice
We may change this Privacy Notice from time to time.
Contact us
Please contact our Data Protection Officer by post, email or telephone if you have any questions about this Privacy Notice or the information that we hold about you. Details of how you can contact him/her can be found at the top of this Notice.