The name and contact details of our organisation
ADAM is a company listed as A&J Sphynx on the Government’s Companies House website. This is our privacy notice.
The name and contact details of our Data Protection Officer
To speak to us about privacy and data protection, you can contact James Swinburne (Data Protection Officer) at info@GoToAdam.com or by calling 0161 920 6108.
The purposes of the processing
We collect contact information so that we can get in touch with you, for example to arrange your first appointment, to remind you about follow-up appointments, or to discuss your treatment with you.
If you have a treatment with us, we may collect information about your health to help ensure we provide safe treatments and to follow nursing regulation in the UK.
We may use your personal data to prescribe medications for you.
We also use data we collect for statistical analysis (for example, we may want to see which of our treatments is the most popular amongst female customers for marketing purposes and use your data in the calculation). We also collect information about you that is more general, for example we may record your profession, the names of your pets, or your relationship to another customer to provide a better, personalised service to you.
The lawful basis for the processing
The lawful bases of us processing your data are ‘legitimate interest’ and ‘contract’ (these are recognised terms in the General Data Protection Regulation (GDPR)).
The legitimate interests for the processing
Registered nurse independent prescribers must follow the UK nursing regulator’s code of conduct (The Code). The Code states that nurses need to document certain details of medical procedures that they perform. We may need to store your personal data, including health data, to satisfy this requirement.
We may prescribe medications for you and, to be compliant with the Human Medicines Act 2012, we may need to collect some personal data for the prescription to be lawful.
We may record some other aspects of your health data (for example, any chronic or long-term health conditions you may have), which will help ensure you receive safe treatment and a better service.
We may also use your personal data to keep an accurate appointment diary, confirm your appointment with you, or answer any enquiries by text, email, or phone.
We may also contact you for post-treatment follow up and care, including survey requests to improve our service.
Other sources of your personal data (if we don’t receive you personal data from you)
The categories of personal data obtained (if we don’t receive you personal data from you)
When you call us on 0161 920 6108, alldayPA may collect your name, contact number, or email address to enable us to get back in touch with you.
Other recipients of your personal data.
We may share your data with the following:
PA service — When you call us on 0161 920 6108, alldayPA, a third-party company, may collect your name, contact number, or email address to enable us to get back in touch with you. We have a written contract with that company that gives us assurance about the security of your personal data. You can read their data protection policy here to understand how they handle your personal data.
Pharmacies to obtain prescribed medications for you. The pharmacies we use have given us written assurance and details of how they secure the personal data we share with them. If you’d like to read their data protection policies, please get in touch with us here.
Other data processors: we may store your data in ‘the cloud’. This allows us to give a better, safer service as we can access your data from anywhere. We take data security very seriously and any third-party company who holds your personal data will have a written contract with us that ensures they keep your data securely.
We regularly audit any systems we store your data on to ensure your data is secure. Any of your personal data held on our mobile devices (such as contact details or text message conversations, including photography) is encrypted. Back-ups of these conversations are stored securely. If you’d like more information on this, please get in touch with us here.
Details of transfers of your personal data to any third countries or international organisations.
We may store backups of text message and email conversations that contain your personal data on third-party servers situated abroad. The mobile device company we use encrypts the text message backups in transit and in storage. Email conversation backups are only encrypted in transit (this is common practice). The servers the backups are stored on use high levels of security. If you’d like more information on this, please get in touch with us here.
The retention periods for the personal data.
We will keep your data for eight years after the last treatment or contact you have with us. We choose to follow guidelines regarding health data as per the Department of Health publication, Records management: Code of practice.
Your rights as a data subject
At any point whilst we are in possession of your personal data, you have the following rights:
Right of access – you have the right to request a copy of the information that we hold about you.
Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
Right to restriction of processing – where certain conditions apply you have a right to restrict the processing.
Right of portability – you have the right to have the data we hold about you transferred to another organisation.
Right to object – you have the right to object to certain types of processing such as direct marketing.
Right to object to automated processing, including profiling – you also have the right not to be subject to the legal effects of automated processing or profiling.
You can read more about these rights on the Information Commissioner’s Office website. If we refuse your request under rights of access, we will provide you with a reason as to why, which you have the right to legally challenge.
At your request, we can confirm what information we hold about you and how it is processed.
You can request the following information:
- Identity and the contact details of the person or organisation that has determined how and why to process your data.
- Contact details of the data protection officer, where applicable.
- The purpose of the processing as well as the legal basis for processing.
- If the processing is based on the legitimate interests of A&J Sphynx, information about those interests.
- The categories of personal data collected, stored and processed.
- Recipient(s) or categories of recipients that the data is/will be disclosed to.
- How long the data will be stored.
- Details of your rights to correct, erase, restrict or object to such processing.
- Information about your right to withdraw consent at any time.
- How to lodge a complaint with the supervisory authority (Data Protection Regulator).
- Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and the possible consequences of failing to provide such data.
- The source of personal data if it wasn’t collected directly from you.
- Any details and information of automated decision making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing.
The right to lodge a complaint with a supervisory authority.
If you have any questions or concerns about our privacy notice or data processing, you would like to contact our Data Protection Officer, or if you would like to make a complaint about a possible breach of local privacy laws, please contact us.
You can always contact us by phone on 0161 920 6108.
If you are unsatisfied with the reply received, you may refer your complaint to the Information Commissioner’s Office, the UK’s regulator for data protection.