PRIVACY & GDPR POLICY
One of our values is to be as clear as possible when it comes to how we treat your personal data.
Dr Fasano takes data protection seriously. That is why we comply with General Data Protection Regulation 2016/679, known as GDPR as well as legislation currently followed in the UK and EU.
On this page, you can find out more about how we collect use and process your personal information.
Personal Data, What we collect:
Clients: When we require specific personal information it is with the sole intent to offer you the best treatments available so that we can tailor them to your special needs. We will not process personal data if your jurisdiction does not allow it. Sensible information includes and is not limited to: Your name, date of birth, sex, gender, GP details, Next of keen details, marital status, contact details, NHS number, before and after treatment pictures, possible disability, racial/ethnic origin, religious beliefs, CCTV footage and audio recording within our premises. As we can’t always ensure the security of email communications we ask you to never share sensitive information such as your bank and credit card details in our email correspondence.
Suppliers: We ask this category to share their contact details.
Website Users: When you visit our web pages we will only collect data that allows us to better understand our clientele and aim at improving our services. Information we usually collect is as follows: Website Language, the frequency with which our website page is accessed, your location, and what treatment, retail product or service you are looking for. We use the latest technologies and spend a good amount of resources in ensuring your personal information is kept safe. Please keep in mind that no internet-based system can provide absolute security. For this reason, we cannot be accountable for illegal access to your personal information that is out of our control.
How we collect?
When you contact us directly either by email, when coming to our clinic, when calling us or when accessing our website, we collect the personal data that we receive. Our suppliers will share data with us via our secure digital systems. This collection can occur automatically when, while you surf our website pages, you agree to the cookies of Dr Fasano’s website. The information that we automatically collect in this way is usually the frequency with which you reach our webpage, what time of the day you tend to do so and your IP address. This list is not exhaustive and more data may be collected.
What do we do with your personal data?
1) Tailor products and services to the specific needs of our clientele
2) Marketing purposes
3) Defend, exercise or establish legal claims.
Re: Tailor products and services to the specific needs of our clientele. This is a description of activities Dr Fasano carries on. Please, note the list is not exhaustive. We would collect data directly from you or other means as highlighted above. Storage of the private information in our database. Analyze your personal data because of treatments/ services we will provide to you to understand if you qualify for those treatments/ services. Allow us to meet the expectations arising from contracts entered into between Dr Fasano and the client or Dr Fasano and suppliers needed for the chosen treatment/services. Use the provided information for invoicing purposes, taxes, duties and crime detection compliance. Allow Dr Fasano to implement marketing strategies.
Re: Marketing Activities
We will use your personal information to market all our treatments and services to you. In some specific cases outlined on this page, we will request your consent.
Until when do we keep your private details with us?
Clients: For treatments, surgical procedures or purchased goods we retain your information for 10 years if we haven’t had any contact with you for 12 months. For consultations with nurses, doctors or beauty therapists we will retain your information for 2 years following your last consultation if we haven’t had any contact from you for the past 12 months. For people only expressing interest in the services provided by Dr Fasano, we will retain your information for 12 months following your last contact with us.
The GDPR provides the following rights for individuals:
1 The right to be informed
2 The right of access
3 The right to rectification
4 The right to erasure
5 The right to restrict processing
6 The right to data portability
7 The right to object
8 Rights concerning automated decision making and profiling.
The right to be informed covers some of the key transparency requirements of the GDPR. It is about providing individuals with clear and concise information about what you do with their personal data. Articles 13 and 14 of the GDPR specify what individuals have the right to be informed about. We call this ‘privacy information’.
The right of access, commonly referred to as subject access, gives individuals the right to obtain a copy of their personal data as well as other supplementary information. It helps individuals to understand how and why you are using their data, and check you are doing it lawfully.
Under Article 16 of the GDPR individuals have the right to have inaccurate personal data rectified. An individual may also be able to have incomplete personal data completed – although this will depend on the purposes for the processing. This may involve providing a supplementary statement to the incomplete data. This right has close links to the accuracy principle of the GDPR (Article 5(1)(d)). However, although you may have already taken steps to ensure that the personal data was accurate when you obtained it, this right imposes a specific obligation to reconsider the accuracy upon request.
Under Article 17 of the GDPR individuals have the right to have personal data erased. This is also known as the ‘right to be forgotten’. The right is not absolute and only applies in certain circumstances.
Article 18 of the GDPR gives individuals the right to restrict the processing of their personal data in certain circumstances. This means that an individual can limit the way that an organisation uses its data. This is an alternative to requesting the erasure of their data. Individuals have the right to restrict the processing of their personal data where they have a particular reason for wanting the restriction. This may be because they have issues with the content of the information you hold or how you have processed their data. In most cases, you will not be required to restrict an individual’s personal data indefinitely but will need to have the restriction in place for a certain time.
The right to data portability gives individuals the right to receive personal data they have provided to a controller in a structured, commonly used and machine-readable format. It also gives them the right to request that a controller transmits this data directly to another controller.
Article 21 of the GDPR gives individuals the right to object to the processing of their personal data at any time. This effectively allows individuals to stop or prevent you from processing their personal data. An objection may be concerning all of the personal data you hold about an individual or only to certain information. It may also only relate to a particular purpose you are processing the data for.
Profiling is now specifically defined in the GDPR. Solely automated individual decision-making, including profiling with legal or similarly significant effects, is restricted. There are three grounds for this type of processing that lift the restriction. Where one of these grounds applies, you must introduce additional safeguards to protect data subjects. These work in a similar way to existing rights under the 1998 Data Protection Act. The GDPR requires you to give individuals specific information about automated individual decision-making, including profiling. There are additional restrictions on using special category and children’s personal data.
We update our policies routinely to be compliant to the law. Please review this page to be aware of any periodical changes. If you disagree with the changes to the policies that will be implemented we advise you to stop using this website.
If you have any questions or complaint in regards to how we handle your personal information, please don’t hesitate to contact our Data Protection Officer (DPO) at email@example.com. Kindly note that the private information that we will collect will be used following our policies and we will disclose it only when it is required by law or once we will acquire your consent.