Data Protection Code of Practice
Our data protection code of practice lays out our procedures that ensure Rachel Staggs Aesthetics and our employees comply with The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679).
What data do we store?
To provide clients with a high standard of care and attention, we need to hold their personal information.
This personal data can include:
- past and current medical conditions; personal details such as age, address, telephone number, email address and general medical practitioner
- before and after treatment photographs
- information about treatments that we have provided or propose to provide and its cost
- treatment invoices
- past product purchases
- notes of conversations or incidents that might occur for which a record needs to be kept
- records of consent to treatment, and consultation forms
We do not store payment details such as card or bank details.
What do we use the data for?
We need to keep comprehensive and accurate personal data about patients to provide you with safe and appropriate treatments. We will ask you yearly to update your medical history and contact details. We only use data to manage your treatments and stay in touch with you. We do not sell or forward on the data to any other parties.
SMS/email notifications and marketing, recall cards
We occasionally send you information via the above media. This information includes appointment reminders and recalls, occasional marketing notifications and holiday wishes. Should you not wish to receive this type of information kindly ask our Reception Team to amend your records.
Security of information
The data is stored on our computer booking system and all paper documents, if retained, are stored in secure filing cabinets. The information is only accessible to authorized team members.
Disclosure of information
We will not, in any circumstances share any of your personal information with a third party.
All data is retained for the appropriate lengths of time in compliance with all applicable legal, regulatory and contractual requirements. We will retain your records while you are a client of Rachel Staggs Aesthetics and after you cease to be a patient, for five years. Once this period has lapsed, your digital data is deleted. This does not apply to old hard copy data which gets destroyed by a professional shredding service.
Access to your records
You have the right of access to the data that we hold about you and to receive a copy. Formal applications for access must be in writing to Rachel Staggs Aesthetics in either an email or letter. Requests cannot be made via the telephone. Please note that you may be asked for ID verification when requesting access to your records.
If you do not agree
If you do not wish personal data that we hold about you to be disclosed or used in the way that is described in this Code of Practice, please discuss the matter with Rachel Staggs Aesthetics. You have the right to object; however, this may affect our ability to provide you with the best care. You can also unsubscribe from our marketing material at any time using the unsubscribe link at the bottom of our emails.