This is the privacy notice of International Centre for Hormone Health. In this document, “we”, “our”, or “us” refer to Hormone Health.
We are company number 07913236 registered in England.
Our registered office is at 92 Harley Street, London W1G 7HU
Data Protection Officer: Nick Panay firstname.lastname@example.org
- This is a notice to inform you of our policy about all information that we record about you. It sets out the conditions under which we may process any information that we collect from you, or that you provide to us. It covers information that could identify you (“personal information”) and information that could not. In the context of the law and this notice, “process” means collect, store, transfer, use or otherwise act on information.
- We regret that if there are one or more points below with which you are not happy, your only recourse is to leave our website immediately.
- We take seriously the protection of your privacy and confidentiality. We understand that all visitors to our website are entitled to know that their personal data will not be used for any purpose unintended by them, and will not accidentally fall into the hands of a third party.
- We undertake to preserve the confidentiality of all information you provide to us, and hope that you reciprocate.
- Our policy complies with UK law accordingly implemented, including that required by the EU General Data Protection Regulation (GDPR).
- The law requires us to tell you about your rights and our obligations to you in regards to the processing and control of your personal data. We do this now, by requesting that you read the information provided at https://ico.org.uk/for-the-public/.
- Except as set out below, we do not share, or sell, or disclose to a third party, any information collected through our website.
The basis on which we process information about you
The law requires us to determine under which of six defined bases we process different categories of your personal information, and to notify you of the basis for each category.
If a basis on which we process your personal information is no longer relevant then we shall immediately stop processing your data.
If the basis changes then if required by law we shall notify you of the change and of any new basis under which we have determined that we can continue to process your information.
1. Information we process because we have a contractual obligation with you
When you buy a service from us, or otherwise agree to our terms and conditions, a contract is formed between you and us.
In order to carry out our obligations under that contract we must process the information you give us. Some of this information may be personal information.
We may use it in order to:
- verify your identity for security purposes
- provide you with our services
- provide you with suggestions and advice on products, services and how to obtain the most from using our website
We process this information on the basis there is a contract between us, or that you have requested we use the information before we enter into a legal contract.
Additionally, we may aggregate this information in a general way and use it to provide class information, for example to monitor our performance with respect to a particular service we provide. If we use it for this purpose, you as an individual will not be personally identifiable.
We shall continue to process this information until the contract between us ends or is terminated by either party under the terms of the contract.
2. Information we process with your consent
Through certain actions when otherwise there is no contractual relationship between us, such as when you browse our website or ask us to provide you more information about our business, including our services, you provide your consent to us to process information that may be personal information.
Sometimes you might give your consent implicitly, such as when you send us a message by e-mail to which you would reasonably expect us to reply.
Except where you have consented to our use of your information for a specific purpose, we do not use your information in any way that would identify you personally. We may aggregate it in a general way and use it to provide class information, for example to monitor the performance of a particular page on our website.
If you have given us explicit permission to do so, we may from time to time pass your name and contact information to selected associates whom we consider may provide services or products you would find useful.
We continue to process your information on this basis until you withdraw your consent or it can be reasonably assumed that your consent no longer exists.
You may withdraw your consent at any time by instructing by email at email@example.com or writing to us directly. However, if you do so, you may not be able to use our website or our services further.
3. Information we process because we have a legal obligation
We are subject to the law like everyone else. Sometimes, we must process your information in order to comply with a statutory obligation.
For example, we may be required to give information to legal authorities if they so request or if they have the proper authorisation such as a search warrant or court order.
This may include your personal information.
Specific uses of information you provide to us
4. Newsletter subscription service
We continue to process your information on this basis until you unsubscribe from this service.
The information you provide is not used for any other purpose.
When we receive a complaint, we record all the information you have given to us.
We use that information to resolve your complaint.
If your complaint reasonably requires us to contact some other person, we may decide to give to that other person some of the information contained in your complaint. We do this as infrequently as possible, but it is a matter for our sole discretion as to whether we do give information, and if we do, what that information is.
We may also compile statistics showing information obtained from this source to assess the level of service we provide, but not in a way that could identify you or any other person.
Use of information we collect through automated systems when you visit our website
The ePrivacy directive – more specifically Article 5(3) – requires prior informed consent for storage or for access to information stored on a user’s terminal equipment (ie, you must ask users if they agree to most cookies). However, some cookies are exempt from this requirement and we consider that applies to the cookies set on our website.
You can prevent their use through your browser settings, but you will then not be able to use all the functionality of our website.
7. Personal identifiers from your browsing activity
Requests by your web browser to our servers for web pages and other content on our website are recorded.
We record information such as your geographical location, your Internet service provider and your IP address.
This information is used by our security systems to track malicious activity on the website.
We use anonymised information of this type in aggregate to assess the popularity of the webpages on our website and how we perform in providing content to you.
If combined with other information we know about you from previous visits, the data possibly could be used to identify you personally, even if you are not signed in to our website.
8. Our use of re-marketing
Re-marketing involves placing a cookie on your computer when you browse our website in order to be able to serve to you an advert for our products or services when you visit some other website.
We do not use re-marketing cookies.
Disclosure and sharing of your information
9. Information we obtain from third parties
Although we do not disclose your personal information to any third party (except as set out in this notice), we sometimes receive data that is indirectly made up from your personal information from third parties whose services we use.
10. Third party advertising on our website
We do not carry third-party advertising on our website.
11. Data may be processed outside the European Union
Our website is hosted in the UK.
Our newsletter subscription service is hosted in the United States of America.
We may also use outsourced services in countries outside the European Union from time to time in other aspects of our business.
Accordingly data obtained within the UK or any other country could be processed outside the European Union.
We take all steps reasonably necessary to ensure that any outsourced service providers implement appropriate safeguards to protect your personal information.
Access to your own information
12. Access to your personal information
- We do not hold your personally identifiable information on our website.
- To obtain a copy of any personal information we hold for you, you may email firstname.lastname@example.org.
- After receiving the request, we will tell you when we expect to provide you with the information.
13. Removal of your information
If you wish us to remove personally identifiable information, you may email email@example.com.
This may limit the service we can provide to you.
14. Verification of your information
When we receive any request to access, edit or delete personal identifiable information we shall first take reasonable steps to verify your identity before granting you access or otherwise taking any action. This is important to safeguard your information.
15. Use of site by children
- We do not sell products or provide services for purchase by children, nor do we market to children.
- If you are under 18, you may use our website only with consent from a parent or guardian
16. Encryption of data sent between us
We use Secure Sockets Layer (SSL) certificates to verify our identity to your browser and to encrypt any data you give us.
Whenever information is transferred between us, you can check that it is done so using SSL by looking for a closed padlock symbol or other trust mark in your browser’s URL bar or toolbar.
17. How you can complain
- If a dispute is not settled then we hope you will agree to attempt to resolve it by engaging in good faith with us in a process of mediation or arbitration.
- If you are in any way dissatisfied about how we process your personal information, you have a right to lodge a complaint with the Information Commissioner’s Office. This can be done at https://ico.org.uk/concerns/
18. Retention period for personal data
Except as otherwise mentioned in this privacy notice, we keep your personal information only for as long as required by us:
- to provide you with the services you have requested;
- to comply with other law, including for the period demanded by our tax authorities;
- to support a claim or defence in court.
19. Social Media Platforms
Users are advised before using social links found on this website, that they do so at their own discretion. The social media platforms may track and save the users information through your social media platform account.
External social media links found on this website are custom to the terms and conditions held with each social media platform respectively.
The website or its owners will never ask for personal or sensitive information through social media platforms. The website or its owners encourage users to contact them through primary communication channels such as by telephone or email.
20. 3rd party data processors
3rd party applications:
22. Compliance with the law
However, ultimately it is your choice as to whether you wish to use our website.
We may update this privacy notice from time to time as necessary. The terms that apply to you are those posted here on our website on the day you use our website. We advise you to print a copy for your records.
Last updated: 28 June 2022
If you have any question regarding our privacy notice, please email firstname.lastname@example.org.
1. Who we are and what we do
2. Information we may collect from you
2.1. Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). When you correspond with us by phone, e-mail or otherwise you may give us information that would be classed as personal data about you and / or others you are acting on behalf of. We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
- Identity Data which includes your first name, last name, username or similar identifier, marital status, title, date of birth and gender.
- Your Contact Data which may include your home address, email address and telephone numbers. If you provide us with these details, we may contact you by any of these means.
- Health Data which may include any information about your health including your medical history and/or current health status such as data regarding test results, diagnoses and medications.
- Third Party Data which may include information about dependents, family members and /or emergency contacts. By providing us with such information you confirm that you have the consent of these parties to share their information with us.
- Financial Data which includes your bank account, national insurance number and payment card details. This may also include the details of a third party (an individual or a company) who is responsible for paying your bill and the terms of your contract with them.
- Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
- Marketing and Communications Data which includes your preferences in receiving marketing from us.
2.2. We may also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal data but does not directly or indirectly reveal your identity and so is not personal data in law.
2.3. It is important that the personal data we hold about you is accurate and up to date. Please keep us informed of any changes as this could impact on your treatment and /or the manner in which we provide you with healthcare services.
3. Keeping your data secure
3.1. We have put in place appropriate security measures to prevent your personal data from being accidentally lost, disclosed, used or accessed in an unauthorised way. In addition, we limit access to your personal data to consultants, employees, agents, contractors and other third parties who we need to share it with in order to provide services to you. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
3.2. All healthcare records are stored securely.
4. How we will collect your data
4.1. We collect data from in different ways including through:
- Direct interactions – You may give us personal data by corresponding with us by phone, e-mail or otherwise, for example when you register with us, make an enquiry or have a consultation (either in person or virtually).
- Documentation – We may obtain data about you from other means such as via your passport or other identification papers, interview or surveys.
- Contact, Financial and Transaction Data (if applicable) – From providers of technical, payment and delivery services such as SagePay or Worldpay.
- Third parties or publicly available sources – We may receive personal data about you from various third parties such as hospitals and clinics, your GP or other healthcare professionals. In addition, we may receive personal data about you from other sources such as credit agencies and your insurer.
5. Why we will use your data
5.1. We use your personal data for a number of different purposes but in all circumstances we must have a legal basis for doing so. When we use so called ‘special categories of data’ or ‘sensitive data’, we must have an additional specific legal basis on which to do so in accordance with applicable data protections laws including the General Data Protection Regulations (“UK GDPR”) and the Data Protection Act 2018 (collectively referred to as the “Applicable Data Laws”). There might be occasions when our processing is on the basis of more than one legal ground. The bases upon which we process your data are as follows:
- Contract – The use of our data is necessary to provide you with care and related services so we can fulfill our contractual obligations to you. See Article 6(1)(b) of the UK GDPR.
- Legitimate interests – The processing is necessary for our legitimate interests (for example to administer and maintain our website) or the legitimate interests of a third party unless there is a good reason to protect your personal data which overrides those legitimate interests. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). See Article 6 (1)(f) of UK GDPR.
- Legal Obligation – Use of your personal data is necessary to comply with a legal obligation. See Article 6(1)(c) of UK GDPR.
- Vital Interests – If use of your data might be necessary to protect someone’s life. See Article 6(1)(d) UK GDPR.
- Public Interest – Use of your personal data may be necessary to perform a task in the public interest. See Article 6(1)(e) UK GDPR.
5.2. When processing special category data, we rely on one of more of the following additional bases:
- Explicit consent – See Article 9(a) UK GDPR.
- Healthcare provision – The processing of data is necessary for us to provide you with healthcare treatment. See Article 9(h) UK GDPR.
- Legal claims or judicial acts – We need to use data to defend a claim or participate in some form of judicial proceedings. See Article 9(f) UK GDPR.
5.3. For more information about the types of lawful basis which can be relied upon to process your data, please visit the Information Commissioner’s Office website: https://ico.org.uk/
6. Sharing your personal data
6.1. We may share your personal data with the third parties listed below:
- a doctor, nurse, carer or any other healthcare professional involved in your care.
- members of administrative or support staff, for example medical secretaries, receptionists and accounting personnel.
- anyone that you ask us to communicate with or provide as an emergency contact, for example your next of kin or carer.
- NHS organisations.
- other private sector healthcare providers.
- your GP.
- your dentist.
- your healthcare professional (including their medical secretaries).
- third parties who assist in the administration of your care or who may be responsible for paying for the cost of your care, such as insurance companies.
- third parties acting on your behalf in connection with legal proceedings.
- national and other professional research/audit programmes and registries.
- Government bodies.
- Regulators such as the Care Quality Commission.
- the police and other third parties for the prevention or detection of crime.
- our insurers.
- debt collection and credit referencing agencies.
- third party services providers such as IT and systems support, actuaries, auditors, lawyers, document management providers, accountants and tax advisers.
- other third parties who provide services to us including marketing agencies.
- selected third parties in connection with any sale, transfer or disposal of our business.
6.2. If we share your personal data, we will make sure appropriate protection is in place to protect it in line with Applicable Data Laws.
6.3. We do not transfer your personal data outside the European Economic Area (EEA)/UK unless:
- we are communicating with you directly.
- your country of residence is based outside of the EEA/UK and we need to share your data with a third party in order to, by way of an example, seek to recover payment of an unpaid bill.
7.1. You are given choices around how your personal data is used for marketing and advertising purposes. You will receive marketing communications from us if you have requested information from us or purchased services from us and, in each case, you have not opted out of receiving that marketing. You can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time.
8. How long we will keep your data
8.1. We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
8.2. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
8.3. In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
9. Your legal rights
9.1. You have certain rights in relation to your personal data that we hold about you. These include the right to know what personal data we hold about you and how it is used. You may ask to exercise these rights at any time by contacting our DPL at email@example.com not usually be charged for exercising your rights although we have the right to charge in some circumstances.
- The right to access your personal data – You have the right to request details and a copy of the personal data we hold about you and details of how we use it. We will usually provide you with your personal data in writing. If you have made the request by email the personal data will be provided to you electronically where possible. In some cases, we may not be able to fully comply with your request. If this is the case, we will let you know.
- The right to rectification – You have the right to have inaccurate personal data about you corrected or removed.
- The right to be forgotten – You have the right to request that we delete certain personal data we hold about you. However, there are exceptions to this right, for example if we need to retain it for exercising or defending legal claims.
- The right to restrict processing – You have the right to ask us to restrict our use of your personal data. We do not have to comply with all requests to restrict our use of your personal data. However, there are exceptions to this right, for example if we need to use it for exercising or defending legal claims.
- The right to data portability – You have the right to ask us to transfer your personal data to you or to someone else in a format that can be read by computer.
- The right to object to marketing – You have the right to ask us to stop sending you marketing messages at any time.
- The right not to be subject to automatic decisions – You have the right not to be subject to automatic decisions (i.e., decisions that are made by computer without any human input) in relation to your care.
- The right to withdraw consent – You have the right to withdraw any consent you have given us to use your personal data.
- The right to object to other uses of your personal data – You have the right to object to us using your personal data in a particular way (such as sharing it with third parties), and we must stop using it in that way unless there is a specific reason why we should not do so.
9.2. You can complain to the Information Commissioner’s Office (“ICO”) if you are unhappy with the way that we have dealt with a request from you to exercise any of your rights, or if you think we have not complied with our data protection obligations.
9.3. More information can be found on the ICO website: https://ico.org.uk/