WHO IS RESPONSIBLE FOR MANAGING MY INFORMATION?
At The Key Clinic, maintaining your privacy and confidentiality is a top priority for us. The Key Clinic Ltd. (“The Company”) are committed to protecting your Personal Information. when you use our website, web portal, mobile apps. We recognise that when you choose to provide us with information about yourself, you trust us to treat it in a responsible manner.
The Company uses all Personal Information that you provide to us or that we collect from you in accordance with all applicable laws, including those concerning the protection of Personal Information such as the EU General Data Protection Regulation.
what information we may collect about you;
how we will use information we collect about you;
whether the Company will disclose your details to anyone else;
where we might send your information;
how you can reject cookies.
The General Data Protection Regulation (“GDPR”) is a regulation in EU law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA).
It also addresses the transfer of personal data outside the EU and EEA areas. The primary aim of the “GDPR” is to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
Data Protection Law
All legislation and regulations in force from time to time regulating the use of personal data and the privacy of electronic communications including, but not limited to, EU Regulation 2016/679 (the“GDPR”), the Data Protection Act 2018, and any successor legislation or other directly applicable EU regulation relating to data protection and privacy for as long as, and to the extent that, EU law has legal effect in the UK).
Encryption or encrypted data
The most effective way to achieve data security. To read an encrypted file, you must have access to a secret key or password that enables you to decrypt it. Unencrypted data is called plain text.
Information Commissioner's Office. The supervisory authority for data protection in the UK.
Any information relating to an identifiable person who can be directly or indirectly identified from that information, for example, a person’s name, identification number, location, online identifier. It can also include pseudonymised data. The terms Personal Data and Personal Information are used interchangeably within this policy.
Personal Data Breach
A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
Special Categories of Personal Data
This data needs more protection because it is sensitive. It includes data which relates to an individual’s health, sexual orientation, race, ethnic origin, political opinion, religion, and trade union membership. It also includes genetic and biometric data (where used for ID purposes).
All client information is digitally stored on The Key Clinic Portal.
After a user is registered and authenticated we ensure the data supplied by The Key Clinic clients/patients is highly secure and always remains anonymous to eyes within The Key Clinic and most certainly any potential threat from outside.
The platform design and architecture employs a number of techniques and implementations to ensure data protection and anonymity. The following are a list of processes in practise
Client information is anonymised.
Database firewall—blocks SQL injection and other threats, while evaluating for known vulnerabilities.
User rights management—monitors data access and activities of privileged users to identify excessive, inappropriate, and unused privileges.
Data masking and encryption—obfuscate sensitive data so it would be useless to the bad actor, even if somehow extracted.
Data loss prevention (DLP)—inspects data in motion, at rest on servers, in cloud storage, or on endpoint devices.
User behavior analytics—establishes baselines of data access behavior, uses machine learning to detect and alert on abnormal and potentially risky activity.
Data discovery and classification—reveals the location, volume, and context of data on-premises and in the cloud.
Database activity monitoring—monitors relational databases, data warehouses, big data, and mainframes to generate real-time alerts on policy violations.
THIRD PARTY INTEGRATIONS
The Key Clinic Ltd uses a variety of third-party service providers to help us provide services related to The Key Clinic website and platform. Examples include: taking bookings, sending communications, and processing payments. The Key Clinic does not own or control these Third Party Partners and when you interact with them, you may be providing information directly to the Third Party Partner, The Key Clinic, or both. These Third Party Partners will have their own rules about the collection, use, and disclosure of information. We encourage you to review the privacy policies of the other websites you visit.
The Key Clinic Portal and website uses the following third party services:
Bluesnap- Bluesnap collects information related to your payment transactions through The Key Clinic platform, including the payment instrument used, date and time, payment amount, payment instrument expiration date and billing postcode and other related transaction details. This information is necessary for the adequate performance of the contract between you and Bluesnap Payments and to allow the provision of the Payment Services.
Cliniko - We use an external booking management provider Cliniko for all appointment bookings managed through this site. Cliniko take security seriously. Data is encrypted, stored in state-of-the-art facilities, access is restricted to those who have a need to know and Cliniko regularly review their technology to maintain security. Click this link for more information about the data protection procedures Cliniko use.
WHAT INFORMATION DO WE COLLECT?
When you use our services including The Key Clinic Platform, we will ask for and collect the following personal information about you. This information is necessary to allow us to comply with our legal obligations. Without it, we may not be able to provide you with the requested service.
Account Information - When you sign up for a Key Clinic Account, we require certain information such as your: name, email address, password (stored as irreversible "hash" in our database), PIN number (encrypted in our database), date of birth, gender, parent's names, contact number, address information and your marketing preferences.
Payment Information - To use certain features of The Key Clinic Platform (such as booking an appointment or paying for a service), we may require you to provide certain financial information (card number, expiry date, CVC) in order to facilitate the processing of payments. These details are stored on both Bluesnap and our database to keep the information secure.
Personal Information - Due to the nature of our services provided by The Key Clinic, we may need to collect certain personal information about you or your child’s health in order to provide you with the best possible service. The level of information stored is therapy dependent, but a medical history may be required. All Information you choose to give us will be processed based on our legitimate interest or when applicable, your consent.
Usage Information - We collect information about your interactions with The Key Clinic Platform such as the pages or content you view, bookings you have made, and other actions on The Key Clinic Platform.
Log Data and Device Information - We automatically collect log data and device information when you access and use The Key Clinic Platform. That information includes, among other things: details about how you’ve used The Key Clinic Platform, IP address, access dates and times, hardware and software information, device information, device event information, unique identifiers, crash data and cookie data.
HOW DO WE USE YOUR INFORMATION?
The information you provide may be used in a number of ways, for example:
Enable us to make informed decisions regarding the appropriate service for your needs and to manage your customer service queries. The legal basis on which we process an individual's personal data in these circumstances is our respective legitimate interests in dealing with client service requests, responding to communications and solving client issues;
Collate anonymised data for research purposes to ensure the benefits of our therapies can become more widely recognised;
For statistical purposes when we evaluate our range of services;
For marketing purposes: Where individuals have expressly opted in to receive marketing communications from us, we will process their personal data to provide such individuals with marketing communications in line with the preferences they have provided. An individual is not under any obligation to provide us with their personal data for marketing purposes, and individuals can withdraw their consent to their personal data being processed in this way at any time by contacting us. If an individual does choose to withdraw their consent, this will not mean that our processing of such individual's personal data before they withdrew their consent was unlawful.
To make our website better: We may process an individual's personal data in order to provide such an individual with a more tailored user experience, including using their personal data to make sure our website is displayed in the most effective way for the device such individual is using.
For website security and internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes. The legal basis on which we process personal data in these circumstances is our legitimate interest to provide an individual with the best customer experience we can, keep our website updated and relevant, study how clients use our services to inform our marketing strategy and to ensure that our website is kept secure.
WHO WILL WE SHARE YOUR INFORMATION WITH?
In order to provide you with our services, we may share your information with the following:
Your practitioner(s) in order that they can provide you with our service.
Our administration staff, for example reception staff and book keepers will have access to basic information but do not have access to your medical history or sensitive personal information.
Occasionally we may want to make a referral to other professionals, for example specialist medical consultants. In which case, we will ask for written consent to share that data.
Protection of Us and Others: We release account and other personal information when we believe release is appropriate to comply with the law, enforce or apply our terms and other agreements, or protect the rights, property, or security of The Key Clinic, our clients, or others.
Appointment reminders will be sent to your chosen mobile telephone, 24 hours prior to your booked appointment. Please let us know if you wish to opt out from this system.
If you wish to unsubscribe or adjust your communication preferences at any time, this can be done by accessing the Client Portal.
WHEN CAN WE CONTACT YOU IN THE FUTURE?
We will only contact you in the future for the following reasons:
Follow up on your or your child’s progress.
Marketing communications - only for individuals who have expressly opted in to receive marketing communications from us.
HOW LONG WILL WE HOLD YOUR DATA FOR?
We have a system of retention periods in place to ensure that your information is only stored whilst it is required for the relevant purposes or to meet legal requirements. Where your information is no longer required, we will ensure it is disposed of in a secure manner.
HOW LONG CAN YOU ACCESS AND UPDATE YOUR INFORMATION?
You will have indefinite access to The Key Clinic Platform.
You have the right to request a copy of the information that we hold about you. If you would like a copy of some or all of your personal information, please email or write to us.
We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate.
We are continuously implementing and updating administrative, technical, and physical security measures to help protect your information against unauthorised access, loss, destruction, or alteration. Some of the safeguards we use to protect your information are firewalls and data encryption, and information access controls. If you know or have reason to believe that your Key Clinic Account credentials have been lost, stolen, misappropriated, or otherwise compromised or in case of any actual or suspected unauthorized use of your Key Clinic Account, please contact us following the instructions in the Contact Us section below.
By using the Company’s website you consent to the collection and use of Personal Data by us as described within this Policy. Continued access or use of the Company’s website will constitute your express acceptance of any modifications to this Policy.
Or write to us at:
The Key Clinic,