For the purposes of the General Data Protection Regulation (EU), the data controller is The Good Sleep Clinic Ltd of 71 New Dover Road, Canterbury, Kent, CT1 3DZ.
In using our website and our Services, you agree to the collection and use of your personal data in relation to this policy.
Changes to this policy
What is personal data and how do we collect it?
Personal data means any information capable of identifying an individual. If the identity has been removed then it becomes anonymous data rather than personal data.
We collect personal data when:
you make an enquiry about our Service or send us a question, comment, complaint or provide other feedback, by emailing us, using a website contact form, completing a survey, using our social media pages/profiles, or by phone
when you buy a product from us or receive treatment through our Service
when you sign up to receive marketing emails from us
when you visit our website.
Sensitive Data refers to personal data that reveals details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. As a health care provider, we may collect and process Sensitive Data relating to your health. We ask Clients for their explicit consent before we contact their GP or other health care provider to request additional health information.
We do not collect your internet protocol (IP) address or other data that could be considered to be personal data. We do not use behavioural tracking cookies. Cookies cannot be used to harm your computer. You can find more information on cookies, including details of how to turn them off for your device, at www.allaboutcookies.org
How we use your data
We only use your personal data in ways that the law allows us to. In some situations we use your data to meet our contractual obligations, such as responding to an enquiry you make about our Service, or providing our Service to you when you become a client. We may process Sensitive Data relating to your health or other Sensitive Data that you choose to provide to us while using our Service, in order to fulfil our contract with you as a health care provider.
We also use personal data when you have given us your consent to do so, for example when you opt in to receive marketing emails from us. You can ask us stop sending you marketing messages by clicking on the unsubscribe link on any marketing message sent to you or by emailing us at email@example.com at any time.
In some circumstances we use personal data when we have legitimate business interests and using the data does not override your own interests and fundamental rights. Examples of this include using personal data to operate and develop our business, and to evaluate and develop our website and marketing activities.
We may also process personal data to comply with our legal and regulatory obligations, for example if required to do so by court order.
We may process your personal data for more than one lawful ground, depending on the specific purpose for which we are using your data. Please email us at firstname.lastname@example.org if you need details about the specific legal ground we are relying on to process your personal data.
We will only keep your personal data for as long as necessary to fulfil the purposes we collected it for, including complying with any legal, accounting, or reporting requirements.
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for a purpose unrelated to the purpose for which we collected the data, we will notify you and we will explain the legal ground of processing.
We may process your personal data without your knowledge or consent where this is required or permitted by law.
Opting in and out of marketing emails
We only send our email newsletter to people who have expressly opted in to receive it. We never share your email address with third parties for marketing purposes. You can ask us stop sending you our email newsletter by clicking on the unsubscribe link which is included in each newsletter, or by emailing us at email@example.com at any time.
Sharing data with GPs and other health care providers
In some cases it is helpful to share information about your treatment as a Client of the Good Sleep Clinic with your GP or other health care provider. We will ask for your explicit consent before sharing information about your treatment with your GP or other health care provider.
Sharing data with other third parties
We may need to share your data with other third parties, for the purposes explained in the ‘How we use your data’ paragraph above. This may include:
Service providers who provide IT and system administration services.
Professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
HM Revenue & Customs, regulators and other authorities based in the UK and other relevant jurisdictions who require reporting of processing activities in certain circumstances.
Email service providers such as Google and MailChimp.
Third parties to whom we sell, transfer, or merge parts of our business or our assets.
When sharing data with a third party, we only provide the information they need to perform the task or service. We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. When we stop using their services, we make sure your data is removed from their systems or anonymised.
We may share general statistical information about our website user base, sales patterns, traffic volumes and related matters with reputable third parties and cookies. Website analytics may be collected and processed by a third party on our behalf. Any information that we share in these ways will be anonymised information that cannot personally identify you.
How we look after your data
We endeavour to take all reasonable steps to protect your data and ensure that we have appropriate technical and organisational security measures in place to protect your data.
The data we collect from you may be transferred to, stored and processed at locations outside of the European Economic Area (EEA). Whenever your data is transferred, stored or processed outside of the EEA we ensure a similar degree of protection by applying at least one of the following safeguarding measures: only transferring personal data to countries that the European Commission (EC) has confirmed provide an adequate level of protection; using EC-approved contracts for the protection of personal data; or only transferring data to US-based organisations that are part of the EU-US Privacy Shield.
Additional information for clients
As a provider of health care services, we apply the highest standards of professional conduct when collecting, processing and storing health information and other Sensitive Data that you provide to us as a Client or when enquiring about our Service.
Third party links
Our website may include links to third-party websites, plug-ins and applications (‘other sites’), and accessing these other sites may allow them to collect or share data about you. We do not control other sites and are not responsible for their privacy statements. We recommend that you read their privacy statements before using them.
Your legal rights
In certain circumstances, data protection laws provide you with rights in relation to your personal data. We’ve summarised these rights below and you can also read more about your data protection rights as an individual on the ICO website.
You can request access to your personal data. We’ll provide a copy of any personal data we hold about you in a structured, readable and commonly-used format.
You can request correction of personal data that we hold about you. If you ask us to correct your personal data, we may need to verify the accuracy of the new data you provide to us.
You can request the removal of your personal data when there is no good reason for us to continue processing it, or if we have processed your information unlawfully, or where we are required to delete your personal data to comply with local laws. If we are unable to comply with your request for legal reasons, we will notify you and explain the reasons.
You can object to our processing of your personal data when we are processing it on the basis of our legitimate interests and you feel it impacts on your fundamental rights and freedoms.
You can request that we restrict the processing of your personal data in a number of situations: if you want us to establish the accuracy of the data; where our use of the data is not lawful but you do not want us to delete it; where you need us to retain the data even if we no longer require it, so that you can initiate, execute or defend legal claims; or if you have objected to our use of the data but we need to confirm whether we have overriding legitimate grounds to continue using it.
If you’d like to exercise any of these rights, please email your request to firstname.lastname@example.org
If you ask us for a copy of your personal data or exercise any of the other rights above, we will not usually charge a fee. However we reserve the right to charge a reasonable fee or refuse to comply with your request if it is clearly excessive, unfounded or repetitive.
We may need to ask you to provide specific information to help us confirm your identity and your right to access your personal data or exercise any of your other data protection rights. This is to make sure your personal data is kept secure and not disclosed to anyone who does not have the right to receive it.
We aim to respond to all legitimate requests within one month. It may take longer than this if your request is complex or you have made multiple requests, but we will inform you of this and keep you up to date.
Making a data protection complaint
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), which is the UK supervisory authority for data protection issues.
We would very much welcome the chance to deal with your concerns before you approach the ICO. Please email us at email@example.com if you have any questions or concerns.