Privacy Policy -

Who we are

Our website address is: https://www.hsadermalclinic.co.uk/

What personal data we collect and why we collect it

Personal Data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We may collect, use, store and transfer different kinds of Personal Data about you which we have grouped together as follows:

Identity Data includes first & last name, your email, telephone number and treatment types
Contact Data includes billing address, delivery address, e-mail address and telephone numbers.
Data includes full medical history including DOB
Technical Data includes internet protocol (IP) address, your browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our websites.
Usage Data includes information about how you use our websites, products and services.
Marketing & Communications Data includes your preferences in receiving marketing from us and our third-parties and your communication preferences.

This allows us to:

Communicate effectively with you confirming and reminding you of appointments with us
Provide you with information on our products and services via email & text if you choose to receive such information

All data processing undertaken by HSA Dermal Clinic is carried out on a lawful basis as per the General Data Protection Regulation, Article 6(1).

How we store and protect your data?

We use a Private Practice Software provided by Pabau, who is working closely with Data Protection Authorities in Europe, and have already implemented strong privacy protections that reflect their guidance.

We are committed to complying with the new legislation, and therefore, HSA Pharmacare Limited is registered with The Information Commissioner’s Office (ICO), Certification Reference Number ZA234822.

Here is what HSA Dermal Clinic and Pabau have been doing to achieve compliance:

Mail encryption– Pabau is using a provider Mandrill who is GDPR compliant, and who also enforces encryption upon email send. You will even notice the ‘Sensitive Data’ feature found when sending an email.
Audit Logs– Pabau is slowly rolling out audit logs across the entire platform, whilst this is not a specific requirement, it is something that will allow for better transparency further down the line.
Sharing – any email that is sent or shared via Pabau can be seen under the communications tab.
Data File Request– Pabau has introduced procedures in order for us to be able to cope with a data file request.
Consent – Pabau introduced a feature into step 1 of the paperless app, which allows our staff to withdraw consent. You will notice you can also withdraw consent via the client card.
Data Breach– Our staff at HSA Dermal Clinic know how to escalate a security incident to our Clinic Manager/Director to determine whether a breach has occurred.
Our Partners– All partners and suppliers who are handling data are also compliant with GDPR.
Appointed DPO– Pabau has appointed a data protection officer.
Lead API– HSA Dermal Clinic can use Pabau’s Lead API for our inbound website inquiries.
EU Hosted– Pabau guarantee that data does not transfer outside the EU unless the transfer complies with chapter V of the GPDR.

Pabau is an ISO 9001 accredited & registered with the ICO. Pabau’s hosting partner has achieved the following accreditations and certifications:

PCI DSS Level 1
ISO 27001 (Information Security Management System)

Data Backups

The data used in our clinic software data is always backed up daily. Backups are redundantly stored in multiple physical locations provided by Pabau.

GDPR

Pabau is GDPR compliant. Some of the methods that the software ensure that your data is kept safe, secure, and accessible, including:

Database encryption at the storage level.
We have breach policies in place.
The ability for auditing specific circumstances such as a patient record being accessed.
We have customised permissions for our user groups and what they can access on a client card.
The software is hosted within the EU.
The ability to pull out a record in its entirety if a patient was to request.
Date and audit stamps for most activity.
Paperless

The Software at HSA Dermal Clinic is used to store all clinical records for our clients that include the following:

Client registration forms including medical history
The personal needs assessment form
Treatment plans
Before and After photos
Consent forms for the services clients have with us
Any other correspondence related to products and services they have with HSA Dermal Clinic
Purchase records

We keep our clerical data for ten years, which confirms with the guidelines from the Care Quality Commission for the management of medical records. If clients do not engage with our services for three years, they will become inactive clients, and we will arrange for their clerical data will be deleted from our database and the clinic software hosted by Pabau.

Disclosing your information

In line with GDPR Article 6(1)(c) we may pass on your personal information and exchange any of your details if we have a legal obligation to do so, or if we have to enforce or apply our terms and conditions or other agreements.

Your rights

You can find out what information we hold about you and ask us to delete any of the information we collect. All enquiries should be made in writing to:

Clinic Manager

HSA Dermal Clinic

3 Paradise Road

Richmond Upon Thames

Surrey

TW9 1RX

Links to other websites

www.hsadermalclinic.co.uk may contain links to and from other websites. This privacy policy only applies to our website only.

Who we are

What personal data we collect and why we collect it

How we store and protect your data?

Data Backups

GDPR

Disclosing your information

Your rights

Links to other websites

How to find us

Call Us Now On

Email Address

Stay Connected

MON & FRI	10am - 6pm
WED,TUE & THU	10am - 8pm
SAT	9:30AM - 4:30PM