Why we are providing this Privacy Notice:

By Law, we are required to provide you with this privacy notice. It explains how we use the personal and healthcare information that you provide to us or any information we may collect from or about you. It applies to all personal data processed by or on behalf of Endless Aesthetics.

 The Law says:

• We must let you know why we collect personal and healthcare information about you;
• We must let you know how we use any personal and/or healthcare information we hold on you;
• We need to inform you in respect of what we do with it;
• We need to tell you about who we share it with or pass it on to and why; and
• We need to let you know how long we can keep it for.
• Your rights under data protection laws.

Who We Are and Our Legal Obligations.

We, at Endless Aesthetics are a Data Controller of your information. This means we are responsible for collecting, storing and handling your personal and healthcare information when you register with us as a patient.

There may be times where we also process your information. That means we use it for a particular purpose and, therefore, on those occasions, we may also be Data Processors. The purpose for which we use your information is set out in this Privacy Notice.

We are committed to protecting your personal data and ensuring its lawful use. In line with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018, we comply with applicable UK and EU laws related to the processing of confidential and sensitive information.

For the purposes of data protection legislation, Endless Aesthetics is the data controller and/or Processor responsible for your personal data.

Information We Collect From You.

• Basic personal data: Name, address, contact details (email, phone number), and date of birth.
• Special categories of data: Health information, ethnicity, gender, and religious beliefs (if relevant to your care).

We use this information to provide you with the best possible healthcare. Your information may be collected from multiple sources, including healthcare providers such as NHS Trusts, GP practices, and others involved in your treatment.

Who We May Provide Your Personal Information To, and Why.

Whenever you use a health or care service, important information about you is collected to help ensure you get the best possible care and treatment. This information may be passed to other approved organisations, because these organisations may require your information to assist them in the provision of your direct healthcare needs. It, therefore, may be important for them to be able to access your information in order to ensure they may properly deliver their services to you:

1. Healthcare Professionals such as GP, doctors, consultants, nurses etc
2. Pharmacists
3. Any other person that is involved in providing services related to your general healthcare, including mental health professionals, dieticians, and personal trainers.

Other People Who We Provide Your Information To.

• Complying with legal obligations such as court orders or requests from law enforcement we may be required to share your information with:
• Commissioners
• Local Authorities
• For the purposes of complying with the law e.g: police, Solicitors, Insurance companies
• Anyone you have given your consent to, to view or receive your record, or part of your record. Please note if you give another person or organisation consent to access your record we will need to contact you to verify your consent before we release the records.

Lawful Basis for Processing Your Data.

We process your personal data in accordance with the GDPR, under the following legal bases:

• Article 6(e): Processing is necessary for tasks carried out in the public interest or in the exercise of official authority.
• Article 9(h): Processing is necessary for healthcare purposes, including medical diagnosis and treatment.

We use your data for:

• Contacting other healthcare professionals involved in your care.
• Complying with legal obligations such as court orders or requests from law enforcement.

We will not share your personal information with anyone unless it is necessary for your care or you have given us explicit consent.

Legal Justification for Processing.

The law requires that we have a lawful basis for processing your personal and healthcare information. These include:

• Consent: In some cases, we rely on your consent to process your data. You have the right to withdraw consent at any time.
• Necessary care: We may process your data to provide you with necessary healthcare, even if you are unable to consent at the time.
• Legal requirements: We may be legally required to share your information with other organisations.

Special Categories of Data.

Health data falls under special categories of personal data due to its sensitive nature. We may process this data for reasons such as:

• Public interest: For example, in the event of a public health concern, we may need to use your data to contact you for treatment.
• Vital interests: If you are unable to provide consent, we may use your information to protect your health.
• Defending claims: If necessary, we may use your data to defend a legal claim.
• Providing care: We may process your data to ensure you receive appropriate medical care.

Retention of Your Data

We retain your personal information only as long as necessary to fulfil the purposes for which it was collected and to comply with legal obligations. The retention period may vary based on the type of data and its use in providing you with healthcare.

Your Rights Under Data Protection Laws.

You have several rights under data protection laws, including:

• Right to access: You can request copies of your personal data.
• Right to correction: We want to make sure that your personal information is accurate and up to date. You may ask us to correct any inaccurate or incomplete information.
• Right to removal: You can ask for your information to be removed, if we require this information to assist us in providing you with appropriate medical services and diagnosis for your healthcare, then removal may not be possible.
• Right to restrict processing: You can request that we limit how we process your personal data.
• Right to data transfer: You can request that we transfer your personal data and/or healthcare information in electronic or other form to another organisation, but we will require your clear consent to do this.
• Right to object: You can object to the sharing of your personal data with anyone else for a purpose that is not directly related to your health.

To exercise these rights, contact us at [email protected]

Data Security.

We are committed to ensuring the security of your personal data. All information you provide is stored on secure servers. We regularly update our processes and systems and we also ensure that our team members are properly trained.

Text Messaging and Contacting You

We are obliged to protect any confidential information we hold about you and we take this very seriously, it is imperative that you let us know immediately if you change any of your contact details.

We may contact you using SMS texting to your mobile in the event we need to notify you about appointments and other services that we provide to you involving your direct care, therefore you must ensure that we have your up-to-date details.  This is to ensure we are actually contacting you and not another person.

Complaints

If you have a concern about the way we handle your personal data or have a complaint about what we are doing, or how we have used or handles your personal and/or healthcare information, then please contact [email protected].  See also our complaints policy.

Our Website

This Privacy Notice applies EndlessAesthetics.co.uk  website. If you use a link to any other website from our website then you will need to read their respective privacy notice.  We take no responsibility (legal or otherwise) for the content of other websites.

Changes to This Privacy Policy.

We may update this privacy policy periodically. Any changes will be posted on this page, and, where appropriate, we will notify you via email. Please check back regularly to stay informed of any updates.