Mirabel Clinic is committed to ensuring the privacy of our clients and website visitors. This policy explains what personal data we may collect when you interact with us and how we use it.
Our promise to you
• We will only use your data to help us deliver the best possible service to you and to improve your experience of our services
• We will only use your sensitive personal data to ensure your care and safety
• We will only contact you if you have consented to receiving marketing communications from us or if we need to reschedule an appointment or if we are responding to an enquiry you have made
• We will never sell your data
Who we are
Mirabel Clinic is based at 17 Wood St, Swindon SN1 4AN. The registered company name is Mirabel Cosmetic Injections Ltd and our Company number is 04220156. The website we operate and that this policy refers to is www.mirabelclinic.co.uk. For simplicity, if we use the term “we” and “us” in the remainder of this document it means Mirabel Clinic.
Mirabel Clinic is the data controller in relation to the processing of personal information that you give to us when using our services.
Your personal and sensitive personal data
Under data protection legislation, the data that organisations hold about you can be categorised as follows:
• Personal Data: this is data related to an identifiable person or data that can be used to identify a distinct individual. Examples of personal data we collect and process include names, email addresses, location, telephone numbers, ID numbers and online identifiers. Where this policy states “your data/your personal data” we are referring to Personal Data unless otherwise stated.
• Sensitive Personal Data: sometimes referred to as “Special Category Data”, this is data that is deemed to be more sensitive than personal data. For example, medical records, genetics, biometric data, details of ethnicity, sexual orientation.
We only use this data for the purposes of your treatment and to ensure your care and safety as a patient. We will usually ask for your consent to collect or process this data, though there may be instances where we are required or permitted to do so by applicable law.
Our lawful basis
Under data protection legislation, organisations must have one of a number of reasons for processing your personal data. Our lawful basis is as below:
1. Legitimate Interests: we have a legitimate interest in maintaining our relationship with you in a way which might reasonably be expected as part of running our business and which does not significantly impact your rights or freedom.
• We will use the contact details you provide, to call, text or email you regarding your enquiry and provide you with targeted relevant information
• If you wish to book an appointment we may need your payment details, address and contact details to process payment and secure your booking
2. Consent: we ask for your consent to process your data for the purposes below.
• Personal Data – we will ask for your consent to record your personal data to allow us to ensure your safe treatment and care and to contact you, if needed, in relation to your care, treatment or appointment
• Treatment Consent – we always ask for this before any treatment takes place and only once you are happy to proceed
• Marketing Consent – in order to use your data for any marketing communications we ask you to tick a box on our enquiry form and/or to fill in a consent form in clinic
• Information Sharing – we ask for your permission to share information about you with third parties (i.e. other healthcare professionals, insurance companies etc.)
What personal data do we collect and how do we use it
• Whilst using our website you may submit information to us via an enquiry form. This may include your name, email address, phone number and postcode. We require this information to contact you regarding your enquiry
• When you place an order on our website you need to give us your name and address so we can post your order
• When you call to make an appointment, if you are a new patient we ask for your mobile number so we can send a text reminder and your address for your patient file
• We use your mobile number to send appointment text reminders or to alert you to urgent clinic closures i.e. due to adverse weather conditions such as snow or due to staff illness or incapacity to work
• When you contact us via email at email@example.com you may give us your name, email address and other personal information
• When you engage with us on Facebook you may give us access to your personal profile
• When you attend appointments and as part of the consultation process certain Information must be collected as part of your registration with the clinic. This includes information such as your name, address, date of birth, e-mail address, phone number, next of kin and medical history. Failing to provide us with this information will result in us being unable to provide treatment
• When you attend an appointment at the clinic for the first time you will be asked to Consent to us recording your personal data, sharing your data with third parties (only in the interest of your treatment not for commercial gain) and to receiving marketing communications
• When you call to discuss past treatment we may make notes of conversations and record them in your patient file
• Payment details, although we never store card numbers
• Details of your visits to our websites, including how you arrived, which pages you visited, time spent, links clicked and technical information about your device and internet connection
• We use your email address to send marketing emails if you have consented to receiving this type of communication from us
• If you have consented to receiving marketing emails then we can track if you have opened them and if/where you have clicked on them
• Your reviews, survey responses and comments
• When you visit our clinics we may operate a door camera system for security purposes
• If you’ve given a third party permission to share with us the information they hold about you we will then receive this information
How we protect your data
We take the security of your data seriously and take all appropriate steps to protect it from unauthorised access, loss and misuse. We acknowledge your trust and are committed to take reasonable steps to protect personally identifiable information you provide online from loss, misuse, and unauthorised access. We cannot guarantee that the information you send us over the internet is secure, but once we receive it we will take all reasonable steps to protect the information you supply to us. We never sell your personal data for any purpose.
How long do we keep your data
We only keep your data for as long as is necessary to fulfil the purpose for which it was collected. Our sole reason for keeping a record of your data is to better treat you as a client in the future. There is no other gain for us.
Cookies & similar technologies
Cookies might be used for the following purposes:
• To enable certain functions to happen efficiently such as storing your shopping basket contents or navigate between pages efficiently
• To provide analytics that we may use to improve the website
• To store your preferences
Cookies used on our website will automatically collect information about your online activity on our site such as the web pages you visit, and time spent on each page. This data does not identify you personally and includes pages that you have visited, any error messages from the web pages you have visited, your operating system, browser type, service provider, country and language.
Who do we share your personal data with
We never sell your data to any third parties. We take our obligations under the General Data Protection Regulation and our clinical confidentiality requirements very seriously. Sensitive information relating to your medical history will be kept confidential and will only be disclosed to the individuals involved with delivering your treatment. However, we do use third parties to support, manage or deliver some of our business services.
As a result, we may share personal data with the following type of companies we work with:
• Companies who host and maintain our database i.e. Clinic Office
• Companies that help us deliver our emails and electronic communications to you i.e. Rsolution Design and TextAnywhere
• Companies that support our website, phone handling and other IT/business systems i.e. Resolution Design
• Companies that provide analytics services i.e. Resolution Design
• Companies who issue private prescriptions i.e. HealthXchange Pharmacy
• Companies who offer direct debit payment plan options i.e. Go Cardless
We select these companies carefully and take precautions to keep your data safe and protect your privacy:
• We only provide the data they need to perform the services we require.
• They may only use your data for the purposes we specify and agree with them.
You have many rights relating to your personal data including:
• The right to access the personal data we hold about you
• The right to request the correction of inaccurate data about you. If we hold inaccurate or out of date information about you, you can request that we change or update it
• The right to request that we delete your data – in some instances such as where we no longer need it, we can delete your personal data.
• You have the right to ask us not to process your personal information, but where consent is withdrawn for the processing of personal data from your medical records, our ability to continue your treatments will be impaired
• The right to stop direct marketing
If you wish to exercise any of your rights, have a complaint or questions about this policy, please see the Contact and Complaints section below for contact details.
How to stop marketing messages from us
• There is always an ‘unsubscribe’ link at the bottom of any marketing email that we send you. Please simply click on this link to cease all future marketing communications.
• You can also send a request to unsubscribe by replying directly to any of our marketing emails.
• You can also email us at firstname.lastname@example.org and request to unsubscribe.
In most cases your request will be processed immediately but occasionally it may take a few days to take effect so you may still receive emails from us during this time.
If you have previously unsubscribed but change your mind and wish to be included in our emails again, please email us at email@example.com
We do not knowingly collect personal data relating to children under the age of 16. It is very rare that we treat children under the age of 16 and if we do so it is only with parental consent and their presence.
Contact and Complaints
This policy was last updated on the 24/05/18