For the purposes of the Data Protection Act 1998 we confirm that the proprietor and operator of the Thornhill Clinic website at www.thornhillclinic.o.uk (the “Website”) is Thornhill Clinic Limited a company registered in England with company number 7912078 whose registered address is 1-3 Thornhill Road Luton, Bedfordshire LU4 8EY (“we,” “us,” “our” or “Thornhill Clinic”). Thornhill Clinic can be contacted via the contact section on the Website.
Processing of Personal Data
Personal data about you or any minor for whom you are parent or legal guardian will be collected when you contact Thornhill Clinic via the above-mentioned online information request form or otherwise. You will be required to give us certain personal details which may include medical details comprising sensitive personal data under the Data Protection Act 1998. The types of personal information you provide to us in such circumstances may include name, address, telephone number, e-mail address, contact preferences, age, sex and details relating to medical history.
We collect your personal data for the purpose of processing your requests for information and providing cost quotes for Thornhill Clinic’s services to carry out treatment, in which you have registered your interest. We will not disclose your personal data or any other personal data provided by you to us to any third party.
We do not collect additional information about you from other sources, such as public records or bodies, or private organisations.
Specifically, we may use your personal data to communicate with you, provide information and cost quotes to you pursuant to your requests. Contact with Thornhill Clinic will be at your discretion. Thornhill Clinic may also use your telephone number to follow up your information request by telephone for the purposes of discussing any treatment or service for the purpose of booking an appointment for you. You hereby consent to this use of your personal data.
With regard to any sensitive personal data (as defined in the Data Protection Act 1998) which we collect from you, which may include details of medical conditions or medical history, upon submission of an information request via the Website, you hereby expressly consent to our processing of such sensitive personal data for the sole purpose of responding to your information request. You acknowledge and agree that in the event that Thornhill Clinic requires any sensitive personal data from you, it will be your responsibility and at your discretion to disclose such sensitive personal data to the Third Part Provider in question.
We may also use your personal data to better understand who uses our Website and the pages they access so as to be able to improve the Website. From time to time, we may also use your personal data to contact you for market research or client care survey purposes, but we will always give you the opportunity to opt-out of such market research and client care surveys. We will otherwise ensure that your personal data will not be disclosed to other organisations, institutions and authorities unless required by law.
You agree to the use of your personal data or other personal data you have provided to us for the above purposes. If we wish to use your personal data or other personal data you have provided to us for new or different purposes, other than for which it was originally supplied, we will request your written permission first. We take seriously the trust you place in us.
You agree that if we transfer ownership or management of the Website or Thornhill Clinic to a third party we may also transfer your personal data or other personal data you have provided to us and any other information about you to such third party, provided such third party agrees to observe this policy.
Security of Personal Data
Transmission of data and information via the information request function on the Website is not a secure or encrypted transmission method for sending your personal data, unless otherwise indicated on the Website. Accordingly, your attention is drawn to the fact that any information and personal data carried over the Internet is not secure. Information and personal data may be intercepted, lost, redirected, corrupted, changed and accessed by other people.
We set strict security standards to prevent any unauthorised access to your personal data once we have received it and wherever possible we will use adequate security software and working procedures to ensure the security of your personal data. To prevent unauthorised access, maintain accuracy, and ensure proper use of personal data, we have employed physical, electronic, and managerial processes to safeguard and secure the information we collect online.
Third Party Websites
Parts of our Website contain links to third party websites (“Third Party Websites”) for your convenience and information. If you use these links, you will leave the Website. When you access a Third Party Website, please understand that we do not control the content of that Third Party Website and are not responsible for the privacy practices of that Third Party Website.
Automatic Collection of Data
All networks connected to the Internet communicate in “IP” (Internet Protocol), which is a technical standard that allows data to be transmitted between two devices. “TCP/IP” (Transmission Control Protocol/Internet Protocol) is responsible for making sure messages get from one host to another and that the messages are understood. An IP address is a string of code which identifies your personal computer and tells the Internet that you are connected.
The Website does not automatically store or capture personal data except for logging your IP address. This information is not retained after you have logged off. We do not link information automatically logged in this way by any means with personal data about specific individuals.
Subject Access Rights
Under the Data Protection Act 1998, we have to provide you, as a “data subject” with a readable copy of all personal data which we may hold about you, within 40 days of receiving your written request for us to provide it. The Data Protection Act 1998 allows us to charge a fee of £10 pounds for this. Evidence or proof of your identity (for example, a copy of your passport, driver’s licence or current bills) will be required.
It is both in our interest and yours to store and process accurate personal data. If the data we hold about you is inaccurate in any way, where appropriate, you may have your personal data corrected by us on request by having it:
• amended; and/or
Please contact us to update any of your personal data or to request access to your personal data by addressing the “Information Officer” via:
We reserve the right to refuse to provide you with a copy of your personal data based on the exemptions set out in the Data Protection Act 1998, but if we do refuse we will give full reasons for our refusal and allow you to challenge our decision.
When you e-mail us please remember that the content of your e-mail is not secure and could be intercepted. Accordingly, please keep the amount of confidential information to a minimum and we will do likewise when we reply.