Privacy Policy

Suzanne Haughey Therapies ("We") are committed to protecting and respecting your privacy.

 

 

Policy

IMPORTANT INFORMATION AND WHO WE ARE.

This policy (together with our Terms of Website Use, Cookies Policy, Conditions of Sale, and any other documents referred to within) sets out the basis on which any Personal Data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our practices regarding your Personal Data. By visiting www.suzannehaugheytherapies.com (our site) you are accepting and consenting to the practices described in this policy.

For the purpose of the General Data Protection Regulations (GDPR), the data controller and Data Protection Officer is Suzanne Haughey of Suzanne Haughey Therapies, Room 4, Cockenzie Business Centre, Edinburgh Road, Cockenzie, Prestonpans. EH32 0HL.

Suzanne Haughey can be contacted at:

The above address

Tel: 07725 323 176

Email: purdiesuzanne1@hotmail.com

We know that you value your privacy and the security of personal information held about you. We are committed to handling your Personal Data and personal sensitive data in line with data protection law and principles, which means that your data will be:

  1. Used lawfully, fairly and in a transparent way.

2. Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.

3. Relevant to the purposes we have told you about and limited only to those purposes.

4. Accurate and kept up to date.

5. Kept only as long as necessary for the purposes we have told you about.

6. Kept securely.

This website is not intended for children and we do not knowingly collect data relating to children.

WHAT IS PERSONAL DATA?

Personal Data means information that can directly or indirectly identify you ("Personal Data"). This typically includes information such as your name, address, email address, and telephone number, but can also include other information such as an IP address.

Information about health, is a special category of Personal Data that requires additional safeguarding measures.

HOW DO WE COLLECT PERSONAL DATA?

We use different methods to collect data from and about you, including through:

Direct interactions: You may give us your Personal Data by speaking to us in person on-site or off-site; filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:

  • apply for or buy our products or services;
  • subscribe to our service or publications;
  • request marketing to be sent to you; or
  • give us some feedback.

Automated technologies or interactions: As you interact with our website, we may automatically collect data about your equipment, browsing actions and patterns. We collect this Personal Data by using cookies, and other similar technologies. Please see our Cookies Policy for further details.

Third parties or publicly available sources: We may receive personal data about you from various third parties and public sources as set out below:

  • Technical data from analytics providers such as Google based outside the EU (please see our Cookies Policy);

Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

To see what personal data we collect, for what purpose, how we use it, retain it and secure it, please see the different categories below.

RETAIL CUSTOMERS AT SUZANNE HAUGHEY THERAPIES

1. Products retailed in the Clinic

In order to provide the highest quality skincare service, we need to keep records about your health and the care we have provided or plan to provide to you.

Information recorded

As part of providing a professional, safe and efficient service, there is certain information that we record. This includes details of drugs and appliances dispensed against NHS and private prescriptions as well as significant advice given, and referrals made to other health professionals and any other relevant information. Such information may include:

  • basic details about you, such as name, address, date of birth, next of kin;
  • records of medicines you have been prescribed by your doctor or another qualified prescriber,
  • details of products purchased from the Clinic without a prescription such as over the counter products (“OTC”);
  • details of products purchased from the Clinic with a prescription such as non - over the counter medicines (“NOTC”);
  • other details and notes about your health and medical treatments;
  • information relevant to your continued care from other people who care for you and know you well, such as other health professionals (prescribers’ name, address and registration number) and relatives;
  • signatures for the collection of prescription products; and
  • any other services we provide to you, for example, Skin peels.

Processing Information

We process your personal data, which includes information from your prescriptions and any other  services we provide to you for the purposes of:

Your care -providing pharmacy services and care to you and, as appropriate, sharing your information with your GP or prescriber, and others in the wider NHS or prescriber clinic;

Our Suppliers - we may on occasion have to submit redacted prescriptions to our suppliers to access products. Information supplied will only include the prescriber details and the medication; name and address of patient; date of birth; patient photographs.

We hold your Personal Data on a secure system for as long as advised by our insurers.  Paper copies of private prescriptions are securely archived for two years, as recommended by the Royal Pharmaceutical Society, before being securely destroyed. Destruction records are retained.

We process your personal data in the performance of a task in the public interest for the provision of healthcare and treatment, and to comply with our legal obligations. Our pharmacist is responsible for the confidentiality of your information.

Your Rights

You have the right to confidentiality under the General Data Protection Regulation and the common law duty of confidence.

All of our staff contracts of employment contain a requirement to keep patient information confidential. All staff that deal with Personal Data with regards to prescriptions, OTC products or work in the pharmacy are also trained in and must comply with the NHS Code of Practice on Confidential Information. In addition, pharmacists have a requirement under their professional standards to keep records about you confidential, secure and accurate.

Our guiding principle is that we process your records in strict confidence.

You have the right to ask for a copy of all pharmacy records about you (generally in paper or electronic form).

Generally, there will be no charge for a printed copy of the information we hold about you. We are required to respond to your request within one month. You will need to give adequate information in order for pharmacy staff to identify you (for example, full name, address and date of birth). You will be required to provide ID, for example a passport, full driving licence or credit/debit card before any information is released to you.

If you think any information we hold on you is inaccurate or incorrect, please let us know.

You may object to us holding your information. If you have any further queries about this policy, or wish to find out more about your rights, please contact the Data Protection Officer at purdiesuzanne1@hotmail.com
.

You may lodge a complaint with the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.

2. Retail orders placed in the pharmacy or over the telephone

What information is collected?

When you place an order for products in the Clinic in person or over the telephone,  we may collect the following Personal Data from you:

Name, title, postal address, email address, home telephone, mobile number, payment information (i.e. bank or credit card details), order history, age/date of birth, information on the handling of your request (including information relating to prescription or other medicine beauty products that you order), and other Personal Data you voluntarily provide to us.

What is the purpose of the processing?

We process this Personal Data to provide you with our products or services and take payment for such products or services that you have requested from us.

Where and for how long is the data stored?

We store your Personal Data securely on site or securely archived off-site in the UK as long as we are required to keep the information by law, normally up to six years.

Who may the information be shared with?

We may share this information with our employees to provide a safe and secure services, as well as our merchant payment services provider, HMRC and delivery provider such as a courier or Royal Mail.

What is the legal basis for processing the Personal Data?

We need this information to process your order or any other service you request from us (performance of a contract). If we need information about you that is considered sensitive (e.g. information on your health for service) we will inform you in a transparent manner about our legal obligations to process such personal data. Your data is not used for any further purpose including marketing.

3. Visitors

What information is collected?

When visitors come to our premises for meetings, inspections, project work, building and electrical work etc, we may collect the following Personal Data: name and company.

What is the purpose of the processing?

We process this Personal Data to know who is on-site and to check timings and attendance in relation to project works.

Where and for how long is the data stored?

The Personal Data is kept as a hardcopy in the Visitors Book at three separate locations on the premises. The data is kept securely on-site and retained as long as lawfully required.

Who may the information be shared with?

We may share this information with our employees and, in the case of project works, the managing agents for the building.

What is the legal basis for processing the Personal Data?

We process this information under our legitimate interest in knowing who is on-site to ensure the privacy, safety and security of our premises, our staff, and you. Also, to confirm attendance for work projects to confirm the performance of a contract.

What is the purpose of the processing?

We process this Personal Data to provide you with our products or services and take payment for such products or services that you have requested from us.

Where and for how long is the data stored?

We store your Personal Data securely on site or securely archived off-site in the UK as long as we are required to keep the information by law, normally up to six years.

 

SECURITY

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your Personal Data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

Our site may, from time to time, contain links to and from the websites of our partner networks, our social media pages, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

We do not sell, share or rent any information collected to third parties except for those detailed in this privacy policy.

Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

COOKIES

Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site. For detailed information on the cookies we use and the purposes for which we use them see Cookies Policy.

Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

SOCIAL MEDIA PLATFORMS

Communication, engagement and actions taken through external social media platforms that this website and the Company participate are done on the terms and conditions as well as the privacy policies held with each social media platform respectively.

Users are advised to use social media platforms wisely and communicate / engage upon them with due care and caution in regard to their own privacy and personal details. This website may use social sharing buttons which help share web content directly from web pages to the social media platform in question. Users are advised before using such social sharing buttons that they do so at their own discretion and note that the social media platform may track and save your request to share a web page respectively through your social media platform account.

ACCESS TO INFORMATION

Under the General Data Protection Regulations you have the following rights:

  • Obtain from us confirmation as to whether or not we process Personal Data from you and, where that is the case, access to your Personal Data;
  • Rectification of inaccurate Personal Data;
  • Erasure of Personal Data;
  • Objection to the processing of Personal Data;
  • Restriction of processing of Personal Data; and
  • Portability of Personal Data – to receive the Personal Data you have provided to us in a structured, commonly used and machine-readable form and transmit it to another data controller.

In some instances, for example in relation to processing medical records, our legal obligations or public duties may override your rights under data protection laws.

You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

You can learn more about these rights here: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/. If you have any further queries about this policy, or wish to find out more about your rights, please contact the Data Protection Officer at purdiesuzanne1@hotmail.com Should you choose to exercise any of these rights, a record will be maintained by Suzanne Haughey Therapies.

Where your consent is the legal basis for the processing of your Personal Data, you can withdraw your consent for marketing communications by logging into your account or using the unsubscribe link in any of our marketing communications or by sending us an email to purdiesuzanne1@hotmail.com. Please note that withdrawing your consent will not affect the lawfulness of the processing before the withdrawal.

If you think that the processing of Personal Data by us violates data protection laws, you can lodge a complaint with the Information Commissioner in the UK (www.ico.org.uk) or the data protection commissioner in the republic of ireland (www.dataprotection.ie).

CHANGES TO OUR PRIVACY POLICY

Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy policy.