Medical information provided by www.theclaydonclinic.com in the absence of consultation with one of our physiotherapists , must be considered as an educational service only. The information sent through e-mail should not be relied upon as a medical consultation.We will do our best to provide you with information that will help you make your own health care decisions.
Our data protection declaration should be legible and understandable. To ensure this, we would like to first explain the terminology used.
Here are the meanings of terms used.
Information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.
A natural person whose personal data is processed by a controller or processor
Any operation performed on personal data, whether or not by automated means, including
collection, use, recording, etc.
Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting their
processing in the future.
Any automated processing of personal data intended to evaluate, analyse, or predict data subject
The processing of personal data such that it can no longer be attributed to a single data subject
without the use of additional data, so long as said additional data stays separate to ensure non
The entity that determines the purposes, conditions and means of the processing of personal data
Processor is a natural or legal person, public authority, agency or other body which processes
personal data on behalf of the controller.
Entity to which the personal data are disclosed
Third party is a natural or legal person, public authority, agency or body other than the data subject
controller, processor and persons who, under the direct authority of the controller or processor, are
authorised to process personal data.
Consent of the data subject is any freely given, specific, informed and unambiguous indication of
the data subject's wishes by which he or she, by a statement or by a clear affirmative action,
signifies agreement to the processing of personal data relating to him or her.
For the purpose of the DPA and GDPR we ( The Claydon Clinic) are the data controller and any enquiry regarding the collection or processing of your data should be addressed to The Claydon Clinic, Old Southend Rd, Howe Green, CM2 7TB.
By using the Website you consent to this policy. We are registered with the Information Commissioner’s Office for this purpose.
Information we collect
We will collect personal data on this Website only if it is directly provided to us by you the user for the purpose of processing or contacting the data subject. The website of The Claydon Clinic contains information that enables a quick electronic contact to our clinic as well as direct communication with us via email.
There is no transfer of this personal data to third parties.
When you access www.theclaydonclinic.com we use technology to collect information indirectly, such as your internet address, which is then kept in our internet access logs.
We collect information directly from you in a number of ways. One way is by using cookies. Cookies are small files of information that save and retrieve information about your visit to our site, such as how you entered our site, how you navigated through the site and what information was of interest to you. In addition to this, if you customise the homepage, we will store the information you give us in a cookie.
Use of your information
We may hold and process personal data that you provide to us in accordance with the DPA and GDPR.
The personal information that we collect and store relating to you is primarily used to enable us to provide our services to you, and to meet our contractual commitments to you.
Indirect data stored is used by us to analyse the effectiveness of our website and to help us identify ways to improve it.
Photos:We will ask for your express consent to post any photos of you on our website and you will always be given the option to opt-out or remove any photos displayed. We will not give any further personal details alongside any photos used on our website gallery.
Phone calls: Any data relating to phone calls, to and from us, may be recorded and retained by us if voice message as been left. The data will be held on the basis of being for our legitimate business needs or in order to fulfil our contractual obligations if you are a client of ours.
The data controller shall process and store the personal data of the data subject only for the period necessary to achieve the purpose of storage, or as far as this is granted by the European legislator or other legislators in laws or regulations to which the controller is subject to.
If the storage purpose is not applicable, or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data are routinely blocked or erased in accordance with legal requirements.
Disclosure of your information
We do not share data with other organisations unless the law permits us to do so. We may disclose your information to regulatory bodies to enable us to comply with the law and to assist fraud protection and minimise credit risk. We do not sell individual information. We will share it only with our authorised Data Processors, who must act at all times on our instructions as the Data Controller under the The General Data Protection Regulation (GDPR) 2018.
If you have consented for us to do so, we may provide your data to selected third parties who may contact you about their goods or services that you may be interested in.
If you do not want us to use your data for our use, you have the right to withdraw your consent. You can do this by writing to us at the address The Claydon Clinic, Old Southend Rd, Howe Green, Chelmsford, CM2 7TB.
Where we store and transfer your data
As part of the services offered to you, for example through our Website, the information you provide to us may be transferred to and stored in countries outside of the European Economic Area (EEA) as we use remote website server hosts to provide the website and some aspects of our service, which may be based outside of the EEA, or use servers based outside of the EEA. It may also be processed by staff operating outside the EEA who work for one of our suppliers, e.g. our website server host, or work for us when temporarily outside of the EEA.
We do not use or disclose sensitive personal data, such as race, religion, or political affiliations, without your explicit consent.
The transmission of information via the Internet or email is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of data while you are transmitting it to our site; any such transmission is at your own risk. Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorised access.
Third party links
You might find links to third party websites on our website. These websites should have their own privacy policies, which you should check. We do not accept any responsibility or liability for their policies whatsoever as we have no control over them.
Your rights as a data subject
As a data processor we understand that we have an obligation under the GDPR to comply with our obligations to the following:
Subject Access Requests
The General Data Protection Regulation (GDPR) gives individuals (‘data subjects’), the right to access personal data that is held by organisations by a subject access request (SAR). We will endeavour to respond quickly to any such requests, which legally require us to respond within one month of receiving the request and necessary information.
Right to Rectification
Data subjects have the right to request that we amend or change personal information that we, that is inaccurate or incorrect. We will act on any request without delay as instructed by you as Data Controller.
Right to erasure
Data subjects have the right to ask us to delete personal information from our systems without giving any reason and at any time. We will act on any request without delay as instructed by you as Data Controller.
Right to restrict processing
Data subjects have the right to rectification or erasure of personal data certain circumstances. We will act on any request without delay as instructed by you as Data Controller
Right to data portability
Data subjects have the right to obtain and transfer their data to different service providers. We will act on any request without delay as instructed by you as Data Controller.
Right to object
Data subjects have the right to object to the processing of data at any time based on their particular situation. This includes objecting to profiling unless it is in the ‘public interest’ or exercised lawfully by an official authority. We will only process data where we can demonstrate lawful grounds for doing so. We will act on any request without delay as instructed by you as Data Controller.
Right not to be subject to decisions based on automated processing
We do not use any automated processing that results in any automated decision based on a data subject’s personal information.
Legal basis for the processing
GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose.
Processing shall be lawful only if and to the extent that at least one of the following applies:
1 the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
2 processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
3 processing is necessary for compliance with a legal obligation to which the controller is subject;
4 processing is necessary in order to protect the vital interests of the data subject or of another natural person;
5 processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
6 processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
Period for which the personal data will be stored
The criteria used to determine the period of storage of personal data is the respective statutory retention period. After expiration of that period, the corresponding data is routinely deleted, as long as it is no longer necessary for the fulfillment of the contract or the initiation of a contract.
Changes to this policy
We may update these policies to reflect changes to the website and customer feedback. Please regularly review these policies to be informed of how we are protecting your personal data.