Last Updated 9th April 2019
WHO IS RESPONSIBLE FOR MANAGING MY INFORMATION?
THIRD PARTY INTEGRATIONS
The Key Clinic Ltd uses a variety of third-party service providers to help us provide services related to The Key Clinic website and platform. Examples include: taking bookings, sending communications, and processing payments. The Key Clinic does not own or control these Third Party Partners and when you interact with them, you may be providing information directly to the Third Party Partner, The Key Clinic, or both. These Third Party Partners will have their own rules about the collection, use, and disclosure of information. We encourage you to review the privacy policies of the other websites you visit.
The Key Clinic Portal and website uses the following third party services:
Stripe - Stripe collects information related to your payment transactions through The Key Clinic platform, including the payment instrument used, date and time, payment amount, payment instrument expiration date and billing postcode and other related transaction details. This information is necessary for the adequate performance of the contract between you and Stripe Payments and to allow the provision of the Payment Services. https://stripe.com/en-GB/privacy
Cliniko - We use an external booking management provider Cliniko for all appointment bookings managed through this site. Cliniko take security seriously. Data is encrypted, stored in state-of-the-art facilities, access is restricted to those who have a need to know and Cliniko regularly review their technology to maintain security. Click this link https://www.cliniko.com/security for more information about the data protection procedures Cliniko use.
WHAT INFORMATION DO WE COLLECT?
When you use our services including The Key Clinic Platform, we will ask for and collect the following personal information about you. This information is necessary to allow us to comply with our legal obligations. Without it, we may not be able to provide you with the requested service.
Account Information - When you sign up for a Key Clinic Account, we require certain information such as your: name, email address, password (stored as irreversible "hash" in our database), PIN number (encrypted in our database), date of birth, gender, parent's names, contact number, address information and your marketing preferences.
Payment Information - To use certain features of The Key Clinic Platform (such as booking an appointment or paying for a service), we may require you to provide certain financial information (card number, expiry date, CVC) in order to facilitate the processing of payments. These details are stored on both Stripe and our database to keep the information secure.
Personal Information - Due to the nature of our services provided by The Key Clinic, we may need to collect certain personal information about you or your child’s health in order to provide you with the best possible service. The level of information stored is therapy dependant but a medical history may be required. All Information you choose to give us will be processed based on our legitimate interest or when applicable, your consent.
Usage Information - We collect information about your interactions with The Key Clinic Platform such as the pages or content you view, bookings you have made, and other actions on The Key Clinic Platform.
Log Data and Device Information - We automatically collect log data and device information when you access and use The Key Clinic Platform. That information includes, among other things: details about how you’ve used The Key Clinic Platform, IP address, access dates and times, hardware and software information, device information, device event information, unique identifiers, crash data and cookie data.
HOW DO WE USE YOUR INFORMATION?
The information you provide may be used in a number of ways, for example:
Enable us to make informed decisions regarding the appropriate service for your needs and to manage your customer service queries. The legal basis on which we process an individual's personal data in these circumstances is our respective legitimate interests in dealing with client service requests, responding to communications and solving client issues;
Collate anonymised data for research purposes to ensure the benefits of our therapies can become more widely recognised;
For statistical purposes when we evaluate our range of services;
For marketing purposes: Where individuals have expressly opted in to receive marketing communications from us, we will process their personal data to provide such individual with marketing communications in line with the preferences they have provided. An individual is not under any obligation to provide us with their personal data for marketing purposes, and individuals can withdraw their consent to their personal data being processed in this way at any time by contacting us. If an individual does choose to withdraw their consent, this will not mean that our processing of such individual's personal data before they withdrew their consent was unlawful.
To make our website better: We may process an individual's personal data in order to provide such individual with a more tailored user experience, including using their personal data to make sure our website is displayed in the most effective way for the device such individual is using.
For website security and internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes. The legal basis on which we process personal data in these circumstances is our legitimate interest to provide an individual with the best customer experience we can, keep our website updated and relevant, study how clients use our services to inform our marketing strategy and to ensure that our website is kept secure.
WHO WILL WE SHARE YOUR INFORMATION WITH?
In order to provide you with our services, we may share your information with the following:
Your practitioner(s) in order that they can provide you with our service.
Our administration staff, for example reception staff and book keepers will have access to basic information but do not have access to your medical history or sensitive personal information.
Occasionally we may want to make a referral to other professionals, for example nutritionists. In which case we will ask for written consent to share that data.
Protection of Us and Others: We release account and other personal information when we believe release is appropriate to comply with the law, enforce or apply our terms and other agreements, or protect the rights, property, or security of The Key Clinic, our clients, or others.
Appointment reminders will be sent to your chosen mobile telephone, 24 hours prior to your booked appointment. Please let us know if you wish to opt out from this system.
If you wish to unsubscribe or adjust your communication preferences at any time, this can be done by accessing the Client Portal.
WHEN CAN WE CONTACT YOU IN THE FUTURE?
We will only contact you in the future for the following reasons:
Follow up on your or your child’s progress.
Marketing communications - only for individuals who have expressly opted in to receive marketing communications from us.
HOW LONG WILL WE HOLD YOUR DATA FOR?
We have a system of retention periods in place to ensure that your information is only stored whilst it is required for the relevant purposes or to meet legal requirements. Where your information is no longer required, we will ensure it is disposed of in a secure manner.
HOW LONG CAN YOU ACCESS AND UPDATE YOUR INFORMATION?
You will have indefinite access to The Key Clinic Platform.
You have the right to request a copy of the information that we hold about you. If you would like a copy of some or all of your personal information, please email or write to us.
We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate.
We are continuously implementing and updating administrative, technical, and physical security measures to help protect your information against unauthorised access, loss, destruction, or alteration. Some of the safeguards we use to protect your information are firewalls and data encryption, and information access controls. If you know or have reason to believe that your Key Clinic Account credentials have been lost, stolen, misappropriated, or otherwise compromised or in case of any actual or suspected unauthorised use of your Key Clinic Account, please contact us following the instructions in the Contact Us section below.
9th April 2019
Or write to us at:
The Key Clinic,
Manor Courtyard, Church Street,