Call Now
Send mail
whatsapp
Privacy Policy

1. Introduction

The names ‘MEDINEEDS Health & Wellness’ and ‘MEDINEEDS’ are used synonymously.

This privacy policy explains how we use any personal information we collect about you when you interact with MEDINEEDS either online or offline (at the clinic).

1.1. Topics

2. What information about you do we collect and process?

2.1. Contact information
2.1.1. Personal Contact Information

We collect personal contact information (name, telephone number, email address and a free text comment) about you when you contact us via the web form on our website.

2.1.2. Patient-generated feedback and content

Contact forms

This includes information that you voluntarily share directly with us via a contact form. This is usually your name, telephone number, clinic day preference and an optional free comment field.

Reviews and feedback

This includes information that you voluntarily share directly with us or on a review site such as Yell, Google, Facebook etc., about your experience of using our products and services.

2.1.3. Patient generated blog content

This refers to any content that you create and upload directly to our Website (such as our blog), or else share with us on a social network like Facebook. Examples include comments, photos, videos, personal stories, or other similar media or content.

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

2.1.4. Website tracking data

Cookies

See Cookies section.

Website Analytics

See Website section.

2.1.5. Payment Information

Any information that we need in order to fulfil an order, or that you use to make a purchase, such as your debit or credit card details (if applicable). We handle payment and financial information in a manner compliant with applicable laws, regulations and security standards. No card details are stored or collected by this website. The card processing agencies, such as WorldPay, Paypal and Stripe etc., handle all card transactions.

2.2. Clinical information
2.2.1. Personal Data

We collect personal information (name, date of birth, address, telephone number and email address) about you when you register with us at the clinic in order to have sufficient information with which to create a unique patient record.

2.2.2. Special category personal data

When you interact with MEDINEEDS representatives by telephone or in person at the clinic we may collect special categories of personal information regarding your health. These include your medical history, allergies, list of medications, examination data, photographs, GP name, GP practice address.

2.2.3. Payment Information

Any information that we need in order to fulfil an order, or that you use to make a purchase, or pay for treatment such as your debit or credit card details (if applicable). We handle payment and financial information in a manner compliant with applicable laws, regulations and security standards. No card details are stored or collected by MEDINEEDS. The card processing agencies, such as WorldPay, Paypal and Stripe etc., handle all card transactions.

3. How will we use the Information we collect about you?

3.1. Contact information

We collect personal contact information about you in order to manage your patient record and contact you to arrange appointments.

Legal grounds:

The legal ground for processing your name, telephone number and email address for this purpose is based on MEDINEEDS’s legitimate interest in contacting you to arrange appointments and your consent for us to contact you.

If you provide your opt-in consent to receiving marketing emails from MEDINEEDS, MEDINEEDS may send you information about special offers and promotions, educational information, or to ask you to provide feedback on your treatment.

Legal grounds:

The legal ground for processing your email address for this purpose is your consent. You may withdraw your consent or update your preferences at any time through the links provided at the bottom of our marketing emails.

3.2. Clinical information

We collect personal contact information and special category personal data about you in order to manage your patient record. We use this information to maintain patient records and to provide you with appropriate healthcare and to monitor the quality of healthcare we provide to our patients.

Legal grounds:

The legal ground for processing this information for these purposes is MEDINEEDS’s legitimate interests in providing quality healthcare and your consent for us to use this information.

4. Storage of Personal Data

4.1. Website data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

4.2. Clinical information

The retention period of patient records is normally a minimum of 8 years after the last appointment. For customers who are not patients but may have bought products from our business we will keep any data you may have provided for a minimum of 6 years in line with tax legislation.

Your medical records are electronic-based and stored securely by a third party provider. The third party provider system we currently use is Cliniko. Cliniko is owned and maintained by Red Guava Pty Ltd. Cliniko is the custodian of your data but MEDINEEDS own’s the data. Your data is encrypted and stored securely on Cliniko’s servers which are located in the UK. Data is encrypted and transmitted to Cliniko’s servers using 2048-bit SSL certification and encrypted at rest and backed up daily using standard AES-256 bit encryption. Cliniko’s datacentres are state-of-the-art. Physical access is controlled at the perimeter and building entry points by professional security staff using video surveillance, intrusion detection systems, and other electronic means. For more information on Cliniko security please visit: https://www.cliniko.com/security/.

5. Electronic Transfer of Personal Data

5.1. People who can access your Personal Data

Your personal information will be processed by our authorised staff, on a need to know basis, depending on the specific purposes for which your personal information has been collected.

5.2. Transfer of your medical data over the Internet

Your data is encrypted and stored securely on Cliniko’s servers which are located in the UK. Data is encrypted and transmitted to Cliniko’s servers using 2048-bit SSL certification and encrypted at rest and backed up daily using standard AES-256 bit encryption. Cliniko’s datacentres are state-of-the-art. Physical access is controlled at the perimeter and building entry points by professional security staff using video surveillance, intrusion detection systems, and other electronic means. For more information on Cliniko security please visit: https://www.cliniko.com/security/.

5.3. Transfer of other personal data over the Internet

Whilst your medical information is stored and transmitted securely, the transmission of information via our website will not be as secure, and although we will do our best to protect your personal information, we cannot guarantee the security of the data during transmission through our public website or by email. Please remember this when adding optional comments on any website forms. Please also note that these protections do not necessarily apply to information you choose to share in public areas such as social networks or review sites.

Although MEDINEEDS is a local business, in order to communicate with you by email limited personal data (such as your email address) may be handled by servers located outside of the EEA e.g. in the United States. Examples include website hosting servers and web-based forms used by potential patients visiting our website in order to communicate with us.

5.3.1. Visitor comments on our blog

Visitor comments may be checked through an automated spam detection service.

6. Disclosure of Information

6.1. Employees of MEDINEEDS

Everyone working for MEDINEEDS has a legal duty to keep information about you CONFIDENTIAL

You may be receiving care from other people as well as MEDINEEDS, for example your GP or the hospital. So that we can all work together for your benefit we may need to share information about you. We only ever use or pass on information about you if people have a genuine need for it. Anyone who receives information from us has a legal duty to keep it confidential. Your relatives, friends and carers will only be given information about you if you have given us permission to share it with them.

6.2. Other healthcare professionals

In order to maintain continuity of care, we may disclose personal data and special category personal data regarding your health to your General Practitioner, consultant or other allied healthcare professionals (if applicable) who work on behalf of MEDINEEDS, only if directly involved in your care.

6.3. Service providers

We may engage certain trusted third parties to perform functions and provide services to our business, such as external reception services. We will share your personal contact information with these third parties, but only to the extent necessary to perform these services.

6.4. Business transfers

If we sell or merge our business, we may disclose your information as part of the transaction, only to the extent permitted by law and with your consent.

6.5. Compliance with laws

We may collect, use, retain, and share your information if we are required to.

7. Marketing

We would like to send you information about products and services of ours which may be of interest to you. If you have consented to receive marketing, you may opt out at a later date.

You have a right at any time to stop us from contacting you for marketing purposes and can do so by clicking the unsubscribe link at the bottom of any marketing email you receive from us.

Your care will not be impacted in any way if you refuse consent to receive marketing type emails.

8. Closed Circuit Television Technology (CCTV)

MEDINEEDS places the health, safety and welfare of its staff, patients, contractors and visitors amongst its priorities and aims to ensure it maintains safe and secure conditions throughout our premises. To assist with these responsibilities, MEDINEEDS uses CCTV in our clinical and retail premises. MEDINEEDS complies with all of the requirements of the Information Commissioners Office (ICO) Code of Practice in regards to use of CCTV.

MEDINEEDS CCTV will only be used for the following purposes:

  • Crime prevention, detection and security
  • Apprehension and prosecution of offenders (including use of images as evidence in criminal proceedings)
  • Interest of public and employee health and safety
  • Protection of MEDINEEDS property and assets
  • Assist in lone working safety

Cameras and other associated recording technologies are not used to record conversations between individuals as this is highly intrusive and is unlikely ever to be justified. CCTV installed with voice recording facility will be switched off or disabled at all times. Voice recording will not be used by MEDINEEDS unless its purpose complies with legislation as part of a criminal investigation.

9. Access to your information and correction

You have a number of rights in relation to your personal information.

9.1. Access

You have the right to access and receive a copy of the personal information we hold about you by contacting us using the contact information below.

9.1.1. Website data

If you have created an account on our website, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

9.2. Change, restrict or deletion

You may also have rights to change, restrict our use of, or delete your personal information. In the case of health records these are normally exempt from change and deletion requests.

9.3. Object

You can object to receiving marketing messages from us after providing your express consent to receive them. In such cases, we will delete your personal information unless we have compelling and legitimate grounds to continue using that information or if it is needed for legal reasons.

9.4. Complain

If you wish to raise a concern about our use of your information (and without prejudice to any other rights you may have), you have the right to do so with the Information Commissioner www.ico.org.uk.

10. Website

10.1. Website Usage Information

As you navigate through and interact with our website or newsletters, we may use automatic data collection technologies to collect certain information about your actions. This information may include browser type, browser language, date and time of your request, time(s) of your visit(s), page views and page links that you click. This information is captured using automated technologies such as cookies (browser cookies), Facebook pixels and web beacons, and is also collected through the use of third-party tracking services (such as Google Analytics). We may use this information to provide better, more relevant content on our site, to identify and fix problems, and to improve your overall experience on our site.

If you do not want information collected through the use of these technologies, there is a simple procedure in most browsers that allows you to automatically decline many of these technologies, or to be given the choice of declining or accepting them.

Here are examples of third-party providers of analytics and similar services we currently use:

Google Analytics

Google Analytics is used to track site statistics and user demographics, interests and behaviour on websites. We may also use Google Search Console to help understand how our website visitors find our website and to improve our search engine optimisation. Once you leave our site, we do not track you. The analytics data are aggregate and anonymous and do not identify any individual user.

Find out more information about how this analytics information may be used, how to control the use of your information, and how to opt-out of having your data used by Google Analytics.

10.2. Email campaigns

Email campaigns track the activities associated with marketing emails, such as whether they were opened, whether links in the emails were clicked on, and whether purchases or reviews were made following clicks on those links. MEDINEEDS may use this data to analyse the level of engagement with its emails.

10.3. Embedded content from other websites

See Other Websites (section 11).

11. Cookies

Please also review our Cookie Policy.

11.1. What is a cookie?

Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity. All cookies are used in accordance with current UK and EU Cookie Law. Before the website places cookies on your computer, you will be presented with a pop-up requesting your consent to set those cookies. Some cookies are required for core functionality of the website.

For further information visit www.aboutcookies.org or www.allaboutcookies.org.

You can set your browser not to accept cookies and the above websites tell you how to remove cookies from your browser. We only use cookies to maintain core site functionality. By disabling cookies some of our website features may not function as a result.

11.1.1. Website Cookies

Leaving comments

If you leave a comment on our website, you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

Logging in to your account

If you have created an account on our website and you log in, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies usually last for two days, and screen options cookies last for a year. If you select "Remember Me", your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

Editing or publishing articles

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

12. Other Websites

Our website may contain links to other websites. This privacy policy only applies to our website so when you link to other websites you should read their respective privacy policies.

12.1. Embedded content from other websites

Articles on our website may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

13. Changes to our Privacy Policy

We keep our Privacy Policy under regular review. We may update this Privacy Policy from time to time as we add new functionality to our website or offer new services and products, or as laws change. Any changes will become effective upon our posting of the revised Privacy Policy.

We will provide notice to you if these changes are material and, where required by applicable law, we will obtain your consent. This notice will be provided by email or by posting notice of the changes on the MEDINEEDS website. This Privacy Policy is available at the clinic and on our website.

This Privacy Policy is effective from 01 Jul 2021.

14. Data Controller

Your personal data collected by MEDINEEDS is controlled by Mr. Paul Eyers, located at 3 Bridge Street, Taunton, Somerset TA1 1JY. The Data Controller is MEDINEEDS and can be contacted by email at enquiries@medineeds.co.uk.

15. How to Contact Us

Please contact us if you have any questions about our privacy policy or information, we hold about you: