Aesthetics clinic & training academy Oldbury Birmingham

Privacy Notice

Empire Medical Clinic

Empire Medical Clinic Limited (Empire Medical Clinic), registered under company number 12519951, is committed to protecting your privacy and maintaining the confidentiality of all individuals who interact with our services. This Privacy Notice explains how we collect, use, store, and protect your personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

By using our services, you acknowledge and consent to the data practices outlined in this Privacy Notice.

Who We Are

Empire Medical Clinic is a cosmetic doctor-led service provider specialising in non-surgical facial aesthetics and cosmetic treatments. We operate as the Data Controller for personal data collected through our services.

If you have any questions regarding this Privacy Notice or how we handle your personal data, you can contact us at:

• Clinic Name: Empire Medical Clinic Limited

• Registered Address: 4-6 Birmingham Road, Oldbury, West Midlands, B69 4ED

• Email: empiremedicalclinic@yahoo.com

What Personal Data We Collect

We may collect and process the following personal data:

• Identity Information: Name, date of birth, gender, and photographic identification.

• Contact Information: Address, phone number, and email address.

• Medical Information: Health history, allergies, prescribed medications, and details of cosmetic treatments received.

• Financial Information: Payment details, billing address, and transaction history.

• Technical Information: IP address, browser type, and cookies when using our website.

• Safeguarding Information: Any information related to safeguarding concerns or incidents.

How We Collect Your Data

We collect personal data through:

• Direct interactions: When you contact us, book an appointment, or complete consent forms.

• Website usage: When you browse our website, we collect data via cookies and tracking technologies.

• Third-party referrals: From healthcare providers, regulatory bodies, or insurance companies.

• CCTV recordings: Used for security purposes within clinic premises.

How We Use Your Data

We process your personal data for the following purposes:

• To provide and manage cosmetic treatments safely and effectively.

• To comply with legal and regulatory obligations, including safeguarding requirements.

• To maintain accurate client records and manage appointments.

• To process payments and issue invoices.

• To improve our services through feedback and quality monitoring.

• To respond to safeguarding concerns and liaise with appropriate authorities.

• To ensure website security and enhance user experience.

• To comply with legal requirements, court orders, and regulatory inquiries.

Legal Basis for Processing Data

We process personal data based on the following lawful grounds under UK GDPR:

• Consent: When you provide explicit consent for specific treatments or marketing communications.

• Contractual Obligation: To provide cosmetic services and manage your appointments.

• Legal Obligation: To comply with healthcare regulations, tax laws, and safeguarding responsibilities.

• Legitimate Interest: To improve clinic services and ensure security.

• Vital Interest: To protect individuals in emergency safeguarding situations.

How We Share Your Data

We do not sell or rent personal data. However, we may share it with trusted third parties under strict confidentiality agreements, including:

• Healthcare professionals and regulatory bodies (e.g., CQC, local safeguarding teams) for medical and legal compliance.

• Payment processors and financial institutions for transaction processing.

• IT service providers for secure data management.

• Law enforcement authorities when required by law.

• Third-party auditors and legal advisors for compliance verification.

Data Security and Retention

We implement strict security measures to prevent unauthorised access, loss, or misuse of personal data. Personal data is retained only for as long as necessary to fulfill the purpose of collection, comply with legal obligations, and meet regulatory requirements. Safeguarding records may be retained for an extended period in line with statutory obligations.

Your Rights Under UK GDPR

You have the following rights regarding your personal data:

• Right to Access: Request a copy of the data we hold about you.

• Right to Rectification: Request correction of inaccurate or incomplete data.

• Right to Erasure: Request deletion of your data where applicable.

• Right to Restriction: Request to limit the processing of your data.

• Right to Object: Object to processing based on legitimate interests.

• Right to Withdraw Consent: Withdraw consent for marketing or optional data processing.

To exercise your rights, contact us at empiremedicalclinic@yahoo.com. We will respond withinone month in accordance with UK GDPR.

Cookies and Website Tracking

Our website uses cookies to enhance user experience and analyse traffic. By using our website, you consent to the use of cookies. You can manage your cookie preferences through your browser settings.

Updates to This Privacy Notice

We may periodically update this Privacy Notice. We encourage you to review it regularly to stay informed about any changes and how we use your personal data.

Complaints and Contact Information

If you have concerns about how we handle your personal data, you can contact us directly at empiremedicalclinic@yahoo.com. If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO): www.ico.org.uk , 0303 123 1113

Acceptance of This Privacy Notice

By using our services, you acknowledge that you have read and understood this Privacy Notice and consent to the collection, processing, and sharing of your data as described.

Effective Date: [01/04/2024]

Approved by: Zubair Hussain