Last Updated: 23rd March 2018
CBR Clinics Ltd (“us”, “we”, or “our”) operates the cbrclinics.com website (the “Service”). We are a Physiotherapy and Osteopathy clinic providing rehabilitation and relaxation therapies to members of the general public. We are located in two locations, Mercury House, 117 Waterloo Road, London, SE1 8UL, and South Quay Building, 189 Marsh Wall, London, E14 9SH. Our telephone number is 02079210538 and our contact email is email@example.com.
In its everyday business operations CBR Clinics Ltd makes use of a variety of data about identifiable individuals, including data about:
- Current, past and prospective employees or self-employed therapists or limited companies
- Users of its website
In collecting and using this data, the organisation is subject to a variety of legislation controlling how such activities may be carried out and the safeguards that must be put in place to protect it.
The purpose of this policy is to set out the relevant legislation and to describe the steps CBR Clinics Ltd is taking to ensure that it complies with it.
This control applies to all systems, people and processes that constitute the organisation’s information systems, including board members, directors, employees, contractors, suppliers and other third parties who have access to CBR Clinics Ltd systems.
Information Collection And Use
While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you. Personally identifiable information may include, but is not limited to, your email address, name, phone number, postal address and date of birth (“Personal Information”).
We may also collect information that your browser sends whenever you visit our Service (“Log Data”). This Log Data may include information such as your computer’s Internet Protocol (“IP”) address, browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages and other statistics.
In addition, we may use third party services such as Google Analytics that collect, monitor and analyze this type of information in order to increase our Service’s functionality. These third party service providers have their own privacy policies addressing how they use such information.
Cookies are files with small amount of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a web site and stored on your computer’s hard drive.
We use “cookies” to collect information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.
- GoogleGoogle AdWords remarketing service is provided by Google Inc. You can opt-out of Google Analytics for Display Advertising and customize the Google Display Network ads by visiting the Google Ads Settings page: http://www.google.com/settings/ads
- Google also recommends installing the Google Analytics Opt-out Browser Add-on – https://tools.google.com/dlpage/gaoptout – for your web browser.
- Google Analytics Opt-out Browser Add-on provides visitors with the ability to prevent their data from being collected and used by Google Analytics.For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: http://www.google.com/intl/en/policies/privacy/
- Facebook remarketing service is provided by Facebook Inc. You can learn more about interest-based advertising from Facebook by visiting this page: https://www.facebook.com/help/164968693837950
- To opt-out from Facebook’s interest-based ads follow these instructions from Facebook: https://www.facebook.com/about/ads/#568137493302217
- Facebook adheres the Self-Regulatory Principles for Online Behavioral Advertising established by the Digital Advertising Alliance. You can also opt-out from Facebook and other participating companies through the Digital Advertising Alliance in the USA http://www.aboutads.info/choices/, the Digital Advertising Alliance of Canada in Canada http://youradchoices.ca/ or the European Interactive Digital Advertising Alliance in Europe http://www.youronlinechoices.eu/, or opt-out using your mobile device settings.
- For more information on the privacy practices of Facebook, please visit Facebook’s Data Policy: https://www.facebook.com/privacy/explanation
We may employ third party companies and individuals to facilitate our Service, to provide the Service on our behalf, to perform Service-related services or to assist us in analyzing how our Service is used. They are as follow:
- Cliniko Limited
- CliniqApps Limited
- MailChimp Limited
These third parties have access to your Personal Information only to perform the tasks specified on the Legitimate Interestes section on our behalf and are obligated not to disclose or use it for any other purpose.
Purposes and legal basis of the processing
1. Performance of a Contract
The personal data collected and processed are required to fulfil a contract with the data subject, and explicit consent to process their data is not required. The contract of services cannot be completed without the personal data in question.
2. Legal Obligation
The personal data is required to be collected and processed in order to comply with the law. Being a healthcare provider, we are required by law to keep clients data and clinical notes for a period of no longer than six years.
The processing of specific personal data is in the legitimate interests of CBR Clinics Ltd and is judged not to affect the rights and freedoms of the data subject in a significant way as below:
- To record data and clinical notes within Cliniko in order to be compliant with the law which requires us to keep client’s clinical notes for six years
- To improve client attendance, re-engagement and retention
- To market for our services following the client’s engagement
- To advise clients of our opening hours on special dates and bank holidays, new services or therapists and special offers
We may use your Personal Information to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any email we send.
Compliance With Laws
We will disclose your Personal Information where required to do so by law or in accordance with an order of a court of competent jurisdiction, or if we believe that such action is necessary to comply with the law and the reasonable requests of law enforcement or to protect the security or integrity of our Service. We will retain your clinical notes and personal data for a period of 6 years in order to comply with the law.
Your rights to access, rectification, erasure and portability of your personal data.
You, the data subject, have rights under the GDPR. These consist of:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling.
Each of these rights are supported by appropriate procedures within CBR Clinics Ltd that allow the required action to be taken within the timescales stated in the GDPR. Any requests to address your personal data should be sent in writing to our physical address below or via email to firstname.lastname@example.org.
However, we are required by law to keep your data for a period of six years. We will be unable to deal with any erasure requests before that time. You can ask to transfer your data from our clinic to a different clinic. In that case, we will securely send all your data to the new appointed clinic and will then erase your data at CBR Clinics. Once the transfer is completed you will not be able to engage with our services any longer.
The security of your Personal Information is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security. As such we make no warranties as to the level of security afforded to your data, except that we will always act in accordance with the current GDPR.
Your information, including Personal Information, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.
If you are located outside United Kingdom and choose to provide information to us, please note that we transfer the information, including Personal Information, to United Kingdom and process it there. Your data is also transferred to Australia and to the United States to the third parties mentioned above, all of which are compliant with the GDPR.
In the event that a dispute arises with regards to the international transfer of data, you agree that the courts of England and Wales shall have exclusive jurisdiction over the matter.
Links To Other Sites
We have no control over, and assume no responsibility for the content, privacy policies or practices of any third party sites or services.
This Policy shall be governed and construed in accordance with the laws of England and Wales, without regard to its conflict of law provisions.