Privacy Policy

About this privacy policy

This privacy policy has been written to provide you with information about how the HarveyRhys Clinic Limited (“we”, “us”, “our”) handles or intends to handle personal information in accordance with the UK General Data Protection Regulation (“UK GDPR”). This policy relates specifically to our collection and use of personal information of members, patients and website users for the purposes of running our clinic.

About us

We are the HarveyRhys Clinic. We are a private limited company (company number 10876475). Our registered office address is Heritage House, 9b Hoghton Street, Southport, England, PR9 0TE. We are registered as a data controller with the Information Commissioner’s Office and our registration number is ZA589398.

We aim to process information about you fairly, lawfully, and in a transparent manner. The aim of this document is to provide you with sufficient information for you to be able to understand what we are doing with your data. If you are unsure how we are handling information about you or you think we could improve our privacy information, please let us know.

Information we collect

We collect and hold a range of information about you during the course of our relationship with our members, patients and website users. This includes:

  • We collect your contact details including name, email address, postal address and telephone numbers.
  • We collect your personal details such as your date of birth and your gender.
  • We collect your profile details including your username and password.
  • We collect details of your membership which includes details about payments you have made to us, appointments you have attended and details of any services or prescriptions you have purchased from us.
  • We collect technical data including your IP address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website.
  • We collect and record any information that you provide to us whilst a member of our clinic or that you input into our website.
  • We collect a record of your correspondence with us, either through our website, telephone, email or post.
  • We collect marketing and communications information including your communication and marketing preferences.
  • We keep financial records about the amount of money you have paid us; any amount(s) outstanding and associated recovery action. Depending on your chosen method of payment, we may hold your bank account details
  • We may carry out insight and satisfaction surveys to help us to monitor our performance and to improve our services to our members.
  • We collect CCTV images where CCTV is in operation in our clinic.

Sensitive personal information we collect

We may also collect, store and use the following more sensitive types of personal information (known as “special category data”):

  • Information about your health and medical history (including any information about the medical or health conditions of your family) that you provide to use whilst using our services.
  • Information about your prescriptions and any medication you have been prescribed.
  • Information relating to dietary requirements, allergies or accessibility requirements.
  • Assessments made about your health as a result of using our services (e.g. GP appointments or annual health checks).
  • Details of any referrals for treatment made as a result of the information you provide when using our services.
  • Equal opportunity monitoring information such as information about your ethnic origin, sexual orientation, health and religion or belief, genetic data.

This list is not exhaustive, as we hold records of most contacts we have with you, or about you, and we process this information, so we can deliver our services and membership to you.

How information is collected

Generally, the information we hold will have been provided by you (e.g. during our membership application process or when we communicate with you), but we may also hold information provided by third parties where this is relevant to your own circumstances. This may include information being provided by your GP, the NHS, referral agencies or your insurance provider.

As you interact with our website, we will automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies.

We will only ask for personal information that is appropriate to enable us to administer our services to you. In some cases, you can refuse to provide your details if you deem a request to be inappropriate. However, you should note that this may impact our ability to provide our membership or services to you if you refuse to provide information that stops us from doing so.

Purposes for processing

We have set out below a description of all the ways we plan to use your information, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate. We may process your information for more than one lawful ground depending on the specific purpose for which we are using your information.

Purpose/ActivityType of InformationLawful Basis for Processing Information
To register you as a new member

Contact details

Personal details

Profile details

Membership details

Health and medical information

Performance of a contract with you
To administer your membership benefits and determine your eligibility for these benefits

Contact details

Personal details

Profile details

Membership details

Health and medical information

Performance of a contract with you
To book you appointments, or to process any of our services you request

Contact details

Personal details

Profile details

Membership details

Health and medical information

Performance of a contract with you
To process and operate our clinic including managing payments, membership fees, charges and collecting any money owed to us

Contact details

Personal details

Membership details

Health and medical information

Performance of a contract with you

Necessary for our legitimate interests to recover any debts due to us

To manage our relationship with you which will include notifying you about changes to our terms or privacy policy and asking you to leave a review or take a survey

Contact details

Personal details

Membership details

Marketing and communications information

Performance of a contract with you

Necessary to comply with our legal obligations

Necessary for our legitimate interests to understand how our members use our services to develop them and grow our clinic

To administer and protect our clinic and our website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)

Contact details

Profile details

Technical data

Necessary to comply with our legal obligations

Necessary for our legitimate interests to run our business, provision of IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise

To use data analytics to improve our website, services, marketing, member relationships and experiencesTechnical informationNecessary for our legitimate interests to better understand our members and their use of our services, to keep our website up to date, to develop our business and to inform our marketing strategy
To make suggestions and recommendations to you about our services and our clinic that may be of interest to you

Contact details

Technical information

Profile data

Marketing and communications information

Necessary for our legitimate interests to develop our products and services and to grow our clinic
To send you our newsletter because you have requested us to do so or because it forms part of our contract with you

Contact details

Profile data

Marketing and communications information

Consent

Performance of a contract

Necessary for our legitimate interests to develop our products and services and to grow our clinic

Purposes for processing – Sensitive personal information

We have set out below a description of all the ways we plan to use your information, and which of the legal bases we rely on to do so

Purpose/ActivityType of InformationLawful Basis for Processing Information
To book you appointments, or to process and provide any of our services you requestHealth and medical informationNecessary for the provision of health care
To ensure your dietary needs are catered for and to ensure accessibility at our clinicsHealth and medical information

Vital interests

Necessary for the purposes of carrying out obligations under the Equality Act 2010

Data Protection Act 2018 Schedule 1 Part 1 Para 1 – necessary for the purposes of carrying out obligations under the Equality Act 2010

For statistical analysis of our membersRace and ethnicity informationNecessary for the purposes of ensuring equality of opportunities or treatment

Our marketing communications

We may use your personal information to contact you to inform you about services we believe might be of interest to you via email or text message (we call this marketing communications). Our members may receive marketing communications from us unless you have opted out or unsubscribed to receiving that marketing.

You can ask us to stop sending you marketing communications at any by following the unsubscribe links on any marketing communications sent to you or by contacting us at any time.

Where you opt out of receiving these marketing communications, this will not apply to personal information provided to us as a result of the provision of our services and we will still be required to contact you in relation to the services we provide.

Sharing personal information

Normally, only our employees will be able to see and process your personal information. However, there may be times when we will share relevant information with third parties for the purposes as outlined above, or where we are legally required to do so. When sharing personal information, we will comply with all aspects of data protection law.

Where necessary or required, we may share your personal information as follows:

  • With third party service providers, in connection with services performed on our behalf. For example, our email provider, our payment card provider, our platform provider and analytics and search engine providers that assist us in the improvement and optimisation of our website.
  • With other health care providers or those who help us provide care to you (e.g. your GP, specialist consultants/doctors, the NHS).
  • With our regulators (e.g. the Care Quality Commission, the General Medical Council and other professional bodies);
  • With our insurers and legal advisers.
  • With the police and other relevant authorities (e.g. Department of Work and Pensions, HM Revenues and Customs) in relation to the prevention or detection of crime and fraud; the apprehension or prosecution of offenders and the assessment or collection of tax or duty.
  • With third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy policy.

This list is not exhaustive as there are other circumstances where we may also be required to share information, for example:

  • To meet our legal obligations.
  • In connection with legal proceedings (or where we are instructed to do so by Court order).

Our relationships with third party services providers are governed by contractual provisions with us and they only have access to personal information to perform the described purposes and may not use it for other purposes.

Where we store personal information

The personal information that we collect is stored within the UK and European Economic Area (EEA). However, there may be some circumstances where it is necessary to transfer and store personal information at a destination outside the UK or the EEA. In these circumstances, we will take all steps reasonably necessary to ensure that personal information is treated securely and in accordance with data protection law and, in the event that personal information is transferred outside the UK or the EEA, shall ensure that this is carried out subject to the requirements of the UK GDPR.

How long we keep it for

We will only retain personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Details of retention periods for different aspects of personal information are available upon request. After this period, we will securely destroy or anonymise personal information in accordance with data protection law.

Your rights

Right of access

You have the right of access to information we hold about or concerning you. If you would like to exercise this right, please do so in writing. If you are seeking to obtain specific information (e.g. about a particular matter of from a particular time period), it helps if you clarify the details of what you would like to receive in your written request. If someone is requesting information on your behalf, they will need written confirmation from you to evidence your consent for us to release this and proof of ID (both yours and theirs). We have one month to provide you with the information you’ve asked for (although we will try to provide this to you as promptly as possible). In response to a subject access request, we will provide you with a copy of the information we hold that relates to you.

Right of rectification or erasure

If you feel that any data that we hold about you is inaccurate you have the right to ask us to correct or rectify it. You also have a right to ask us to erase information about you where you can demonstrate that the data we hold is no longer needed by us, or if you withdraw the consent upon which our processing is based, or if you feel that we are unlawfully processing your data. Your right of rectification and erasure extends to anyone we have disclosed your personal information to and we will take all reasonable steps to inform those with whom we have shared your data about your request for erasure.

Right to restriction of processing

You have a right to request that we refrain from processing your data where you contest its accuracy, or the processing is unlawful and you have opposed its erasure, or where we don’t need to hold your data anymore but you need us to in order to establish, exercise or defend any legal claims, or we are in dispute about the legality of our processing your personal data.

Right of portability

You have a right to receive any personal data that you have provided to us in order to transfer it onto another data controller where the processing is based on consent or contract and is carried out by automated means called a data portability request.

Right to object

You have a right to object to our processing of your personal data where the basis of the processing is our legitimate interests including but not limited to direct marketing and profiling.

Right to withdraw consent

In the circumstances where you may have provided consent to the collection, processing and transfer of personal information for a specific purpose has been provided, you have the right to withdraw consent for that specific processing at any time. To withdraw your consent, please contact us using the contact details below. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

Please note, there are some specific circumstances where these rights do not apply and we can refuse to deal with your request.

Complaints

If you have a concern about the way we are collecting or using personal information, we would ask that you raise your concern with us in the first instance by using the contact details below.

You also have a right to lodge a complaint with the Information Commissioner’s Office (ICO) should you feel that we have not handled your information in line with legislative and regulatory requirements. They can be contacted at:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow Cheshire SK9 5AF

0303 123 1113 | www.ico.org.uk

Further information

For further information on how to request your personal information and how and why we process your information, you can contact us our Privacy Officer by emailing privacyofficer@harveyrhys.com.

Changes to this privacy policy

We may change this privacy policy from time to time. This privacy notice was last updated in May 2022.