For the purposes of the Data Protection Act 1998 we confirm that the proprietor and operator of the Thornhill Clinic website at www.thornhillclinic.o.uk (the “Website”) is Thornhill Clinic Limited a company registered in England with company number 7912078 whose registered address is 1-3 Thornhill Road Luton, Bedfordshire LU4 8EY (“we,” “us,” “our” or “Thornhill Clinic”). Thornhill Clinic can be contacted via the contact section on the Website.
Processing of Personal Data
Personal data about you or any minor for whom you are parent or legal guardian will be collected when you contact Thornhill Clinic via the above-mentioned online information request form or otherwise. You will be required to give us certain personal details which may include medical details comprising sensitive personal data under the Data Protection Act 1998. The types of personal information you provide to us in such circumstances may include name, address, telephone number, e-mail address, contact preferences, age, sex and details relating to medical history.
We collect your personal data for the purpose of processing your requests for information and providing cost quotes for Thornhill Clinic’s services to carry out treatment, in which you have registered your interest. We will not disclose your personal data or any other personal data provided by you to us to any third party.
We do not collect additional information about you from other sources, such as public records or bodies, or private organisations.
Specifically, we may use your personal data to communicate with you, provide information and cost quotes to you pursuant to your requests. Contact with Thornhill Clinic will be at your discretion. Thornhill Clinic may also use your telephone number to follow up your information request by telephone for the purposes of discussing any treatment or service for the purpose of booking an appointment for you. You hereby consent to this use of your personal data.
With regard to any sensitive personal data (as defined in the Data Protection Act 1998) which we collect from you, which may include details of medical conditions or medical history, upon submission of an information request via the Website, you hereby expressly consent to our processing of such sensitive personal data for the sole purpose of responding to your information request. You acknowledge and agree that in the event that Thornhill Clinic requires any sensitive personal data from you, it will be your responsibility and at your discretion to disclose such sensitive personal data to the Third Part Provider in question.
We may also use your personal data to better understand who uses our Website and the pages they access so as to be able to improve the Website. From time to time, we may also use your personal data to contact you for market research or client care survey purposes, but we will always give you the opportunity to opt-out of such market research and client care surveys. We will otherwise ensure that your personal data will not be disclosed to other organisations, institutions and authorities unless required by law.
You agree to the use of your personal data or other personal data you have provided to us for the above purposes. If we wish to use your personal data or other personal data you have provided to us for new or different purposes, other than for which it was originally supplied, we will request your written permission first. We take seriously the trust you place in us.
You agree that if we transfer ownership or management of the Website or Thornhill Clinic to a third party we may also transfer your personal data or other personal data you have provided to us and any other information about you to such third party, provided such third party agrees to observe this policy.
Privacy of your information
Security of Personal Data
Transmission of data and information via the information request function on the Website is not a secure or encrypted transmission method for sending your personal data, unless otherwise indicated on the Website. Accordingly, your attention is drawn to the fact that any information and personal data carried over the Internet is not secure. Information and personal data may be intercepted, lost, redirected, corrupted, changed and accessed by other people.
We set strict security standards to prevent any unauthorised access to your personal data once we have received it and wherever possible we will use adequate security software and working procedures to ensure the security of your personal data. To prevent unauthorised access, maintain accuracy, and ensure proper use of personal data, we have employed physical, electronic, and managerial processes to safeguard and secure the information we collect online.
Third Party Websites
Parts of our Website contain links to third party websites (“Third Party Websites”) for your convenience and information. If you use these links, you will leave the Website. When you access a Third Party Website, please understand that we do not control the content of that Third Party Website and are not responsible for the privacy practices of that Third Party Website.
Automatic Collection of Data
All networks connected to the Internet communicate in “IP” (Internet Protocol), which is a technical standard that allows data to be transmitted between two devices. “TCP/IP” (Transmission Control Protocol/Internet Protocol) is responsible for making sure messages get from one host to another and that the messages are understood. An IP address is a string of code which identifies your personal computer and tells the Internet that you are connected.
The Website does not automatically store or capture personal data except for logging your IP address. This information is not retained after you have logged off. We do not link information automatically logged in this way by any means with personal data about specific individuals.
Other Information we Collect
In order to receive or use our services, when you make an enquiry through our websites or make a booking on the telephone, you will be asked to submit personal information about yourself or the patient. The information we require will include your name, address, date of birth, phone number and email address. We may also record all your appointments, medical examination notes, complaints and we will transcript any telephone conversations. Payments and or refunds made will be recorded but we will not hold any bank or credit/debit cards about you.
By entering your details in the fields requested, you enable Thornhill Clinic and its service providers to provide you with the services you select. Any information you provide to Thornhill Clinic will only be used by us, our agents and service providers and will not be disclosed unless we are obliged or permitted to by law to do so.
If you post or send any offensive or inappropriate content anywhere on our social media sites or websites or act in any disruptive way we may use whatever information is available to us, about you, to stop such behaviour. We will hold your personal information on our systems for as long as you use or services or for a period of a minimum of 7 years from your last appointment.
All your personal data and other information is stored with Blue Zinc securely in off-site ISO27001 certified data centres with appropriate technical and organisational security measures in place, including redundancy and back up.
The Data Protection Act
Under the Data Protection Act 1998, we have to provide you, as a “data subject” with a readable copy of all personal data which we may hold about you, we will do this within one month of receiving your written request for us to provide it, in most cases we will not charge for this request. However, if we feel that the request is manifestly unfounded or excessive then we may apply a charge or refuse the request. Evidence or proof of your identity (for example, a copy of your passport, driver’s licence or current bills) will be required for any data requests.
If we need to access your NHS medical records, you will need to give us your written consent for this on each occasion.
It is both in our interest and yours to store and process accurate personal data. If the data we hold about you is inaccurate in any way, where appropriate, you may have your personal data corrected by us on request by having it:
- amended; and/or
Please contact us to update any of your personal data or to request access to your personal data by addressing the “Information Officer” via:
We reserve the right to refuse to provide you with a copy of your personal data based on the exemptions set out in the Data Protection Act 1998, but if we do refuse we will give full reasons for our refusal and allow you to challenge our decision.
When you e-mail us please remember that the content of your e-mail is not secure and could be intercepted. Accordingly, please keep the amount of confidential information to a minimum and we will do likewise when we reply.
Changes to our policy
This site has security measures in place to protect the loss and alteration of information under our control.