Wimpole ClinicExternal Privacy NoticeLast Updated: 21/02/2024 1. Who we are and what we doWho we areWe are Wimpole Clinic (“[Wimpole Clinic”, “us”, “we”, “our”). We are a limited company registered in England and Wales under registration number 08072544 and we have our registered office at Suite F, 1st Floor, 22 Harley Street, West Central, London, England, W1G 9PL.What we doWimpole Clinic is registered with the Care Quality Commission (CQC) as an independent healthcare provider in England. We provide independent healthcare services in the form of the following regulated activities:Treatment of disease, disorder or injuryThis includes private outpatient consultations in relation to hair restoration surgical treatments, physical examinations, prescribing of medicines and referrals to other healthcare specialists as necessary.Surgical proceduresThis includes day case surgical treatments for hair restoration called Follicular Unit Extraction (FUE) and Follicular Unit Transplant (FUT) using local anaesthetic.Diagnostic and screening proceduresThese include blood and urine tests and referrals to other healthcare specialists where necessary.We are a leading hair transplant clinic. We are committed to protecting the privacy and security of the Personal Data we process about you.ControllerUnless we notify you otherwise, we are the controller of the Personal Data we process about you. This means that we decide what Personal Data to collect and how to process it.2. Purpose of this privacy noticeThe purpose of this privacy notice is to explain what Personal Data we collect about you and how we process it. This privacy notice also explains your rights, so please read it carefully. If you have any questions, you can contact us using the information provided below under the ‘How to contact us’ section.3. Who this privacy notice applies toThis privacy notice applies to you if: You visit our website You purchase goods or services from us You enquire about our products and/or services You sign up to receive newsletters and/or other promotional communications from us4. What Personal Data is‘Personal Data’ means any information from which someone can be identified either directly or indirectly. For example, you can be identified by your name or an online identifier.‘Special Category Personal Data’ is more sensitive Personal Data and includes information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purposes of uniquely identifying someone, data concerning physical or mental health or data concerning someone’s sex life or sexual orientation. 5. Personal Data we collectThe type of Personal Data we collect about you will depend on our relationship with you. For the type of Personal Data we collect see the table below in the section entitled ‘Purposes, lawful bases and retention periods’.6. How we collect your Personal DataWe collect most of the Personal Data directly from you in person, by telephone, text or email and/or via our website.However, we may also collect your Personal Data from third parties such as: reputable companies who provide lead generation contact lists others to whom you have provided consent publicly available sources such as social media platforms7. Purposes, lawful bases and retention periodsWe will only use your Personal Data when the law allows. Most commonly, we will use your Personal Data in the following circumstances: Categories of individualsCategories of Personal DataPurpose of ProcessingLawful BasisProspective CustomersGeneral contact information: Name, address, email address, phone numberTo provide you with information about our servicesConsentCustomersGeneral contact information: Name, address, email address, phone numberAdditional: Medical information, photographsTo provide you with our servicesConsent & Performance of a contract Where Personal Data is processed because it is necessary for the performance of a contract to which you are a party, we will be unable to provide our services without the required information. 8. Sharing your Personal Data We may share your Personal Data with our carefully selected third parties who process your personal data on our behalf. We only do business with companies that meet our standards on the processing of data and security, and we only share data that is necessary for the service. 9. International Transfers Your Personal Data will not be processed outside the UK. 10. Your rights and how to complain You have certain rights in relation to the processing of your Personal Data, including to: Right to be informed You have the right to know what personal data we collect about you, how we use it, for what purpose and in accordance with which lawful basis, who we share it with and how long we keep it. We use our privacy notice to explain this. Right of access (commonly known as a “Subject Access Request”) You have the right to receive a copy of the Personal Data we hold about you. Right to rectification You have the right to have any incomplete or inaccurate information we hold about you corrected. Right to erasure (commonly known as the right to be forgotten) You have the right to ask us to delete your Personal Data. Right to object to processing You have the right to object to us processing your Personal Data. If you object to us using your Personal Data for marketing purposes, we will stop sending you marketing material. Right to restrict processing You have the right to restrict our use of your Personal Data. Right to portability You have the right to ask us to transfer your Personal Data to another party. Automated decision-making. You have the right not to be subject to a decision based solely on automated processing which will significantly affect you. We do not use automated decision-making. Right to withdraw consent If you have provided your consent for us to process your Personal Data for a specific purpose, you have the right to withdraw your consent at any time. If you do withdraw your consent, we will no longer process your information for the purpose(s) you originally agreed to, unless we are permitted by law to do so. Right to lodge a complaint You have the right to lodge a complaint with the relevant supervisory authority, if you are concerned about the way in which we are handling your Personal Data. The supervisory authority in the UK is the Information Commissioner’s Office who can be contacted online at: Contact us | ICO Or by telephone on 0303 123 1113 For supervisory authorities in other countries within the EU see the link below: https://edpb.europa.eu/about-edpb/about-edpb/members_en How to exercise your rights You will not usually need to pay a fee to exercise any of the above rights. However, we may charge a reasonable fee if your request is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances. If you wish to exercise your rights, you may contact us using the details set out below within the section called ‘How to contact us and our Data Protection Officer’. We may need to request specific information from you to confirm your identity before we can process your request. Once in receipt of this, we will process your request without undue delay and within one month. In some cases, such as with complex requests, it may take us longer than this and, if so, we will keep you updated. 11. Children’s Privacy We do not offer our products and services to children and we do not knowingly collect Personal Data of children without parental consent, unless permitted by law. If you are a child, you must have your parent’s permission to use our services. If you learn that a child has provided us with their Personal Data without parental consent, you may contact us, as described below, and if appropriate, we will securely and permanently delete it, in accordance with applicable law. 12. How to contact us and our Data Protection Officer If you wish to contact us in relation to this privacy notice or if you wish to exercise any of your rights outlined above, please contact us as follows: Wimpole Clinic 22 Harley Street, First Floor London, W1G 9PL +44 020 8038 9753 (London) Email: info@wimpoleclinic.com We have also appointed a Data protection Officer (“DPO”). Our DPO can be contacted as follows: Data Protection Officer Evalian Limited West Lodge, Leylands Business Park, Colden Common, Hampshire, SO21 1TH Email: dpo@evalian.co.uk [Please mark your communications FAO the ‘Data Protection Officer’.] 13. Changes to this privacy notice We may update this notice (and any supplemental privacy notice), from time to time as shown below. We will notify you of the changes where required by applicable law to do so. Last modified 21/02/2024