Terms and Conditions

YOUR PERSONAL INFORMATION- GENERAL DATA PROTECTION REGULATION (GDPR)
GDPR is bringing in new legal protection for personal information from 25th May 2018. This tells you what personal

information I hold and why, and what your rights are.
Data protection officer (DPO): Roger Compton (owner)
Sub-processors: Emma Plant
Address: Silver Trees, 382 Barnsley Road, Sandal, WF2 6BW
Telephone number: 077183 193 62
Email: [email protected]

The Purpose of processing Client Data

I hold and use client data in order to provide you with the best possible treatment options, support and advice.

Lawful Basis for holding and using Client Information

The lawful basis under which I hold and use information is:

  1. My legitimate interests i.e. my requirement to retain the information in order to provide you with the best
    possible treatment options and advice
  2. My requirement to hold your information for the following legal reasons
    a) Insurance records for 7 years
    b) Client’s consent

As I hold special category data (i.e. health related information), the Additional Condition under which I hold and use
this information is: for me to fulfil my role as health care practitioner bound under the GPHC Confidentiality as
defined in the GPHC Code of Practice and Ethics.
What information I hold and what I do with it
In order to give professional aesthetic treatments, I will need to ask for and keep information about your health. I
will only use this to allow me to offer the best advice prior to treatments and relevant after care. The information is
held by Roger Compton Aesthetics LTD on ‘confidential medical history form v1’ and contains:
Name
Address
DOB
Mobile/Work number
Email
occupation/previous occupation (if retired)
GP name/address
previous medical history
current medical status.

DATA privacy policy v1.0

Confidential Information (as above) is not shared with third parties (other than within my own practice, or as
required for legal process) apart from the named GP under medical emergencies or under client instruction.

Protecting Your Personal Data

I am committed to ensuring that your personal data is secure. In order to prevent unauthorised access or disclosure,
I have put in place appropriate procedures to safeguard and secure the information I collect from you.
I will contact you using the contact preferences you have given me.

Your Rights

GDPR gives you the following rights:

  • The right to be informed – to know how your information will be held and used (this notice).
  • The right of access – to see your practitioner’s records of your personal information if it is incorrect or
    incomplete.
  • The right to rectification – to tell your practitioner to make changes to your personal information if it is
    incorrect or incomplete.
  • The right to erasure (also called “the right to be forgotten”). For you to request your practitioner to erase
    any information they hold about you.
  • The right to restrict processing of personal data. You have the right to request limits on how your
    practitioner uses your personal information.
  • The right to data portability: under certain circumstances you can request a copy of personal information
    held electronically so you reuse it in other systems.
  • The right to object. To be able to tell your practitioner you don’t want to use certain parts of your
    information, or only to use it for certain purposes.
  • Rights in relation to automated decision-making and profiling.
  • The right to lodge a complaint with the Information Commissioner’s Office: To be able to complain to the ICO
    if you feel your details are not correct, if they are not being used in a way that you have given permission for,
    or if they are being stored in a way they don’t have to be.

Practitioners Rights

Please note:

  • If you do not agree to your practitioner keeping records of information about you and your treatments, or if
    you don’t allow them to use the information in the way they need to for treatments, the practitioner may
    not be able to treat you.
  • Your practitioner has to keep your records of treatment for a certain period as described above, which may
    mean that even if you ask them to erase any details about you, they might have to keep these details until
    after that period has passed.
  • Your practitioner can move their records between their computers and IT systems, as long as your details are
    protected from being seen by others without your permission.
    I consent to you holding and using my information as outlined above, and understand that I may withdraw that
    consent at any time by emailing you ([email protected]