Data Protection Policy

Reflect Skin & Laser Clinic Ltd t/a Reflect Skin & Body Clinic takes the protection of your personal and our business’s data seriously.  This policy is designed to give you a brief insight into what information we hold and how we protect all data.

To provide our service to you, we need specific data to fulfill our role.   Also, we need to hold this information to meet our legal obligations to professional bodies, and our insurers, typically this will be ten years.

Data that is not needed, for example, if you cease to be a client will be made inactive on our systems. This means that only the Data Protection Officer will be able to access the data if needed.  And it will not show if authorised staff search for it on our systems.

This policy document has been broken down into headings for your ease of navigation.

Data Protection Officer

Our data protection officer is Jeff Reid.  Should you require any further information, please contact him in writing at our business address along with a cheque for £100 made payable to Reflect Skin & Body Clinic to cover our reasonable administration costs, further administration fees may be required before we can comply with your requests:

Jeff Reid, Data Protection Officer, 8 Victoria Passage, Stourbridge, West Midlands. DY8 1DP

The Data we Hold

We only hold data that you provide us with, during your consultations.  Typically name, address, contact number and email address.  Also, any medical information that is related to achieving the best outcome for your treatment plan.

We do not hold credit card or banking data.  Any such transactions are carried out by third-party providers.

Where Do We Store the Data?

We store most of our data electronically on a cloud-based client management system.  The encrypted data is on secure servers.

Locked filing cabinets are used to hold all paper records.  All paper records are in the process of being transferred to electronic storage.  The completion date is expected to be by 25th May 2019.

Who Has Access to The Data

We control our staffs access to data on our patient management system with individual passwords and permissions.  This protocol ensures that only the people that need the information to complete their role have access to the records.

Protection from Hacking

On outside agency monitors our internet connections and systems 24/7 providing the first level of defense against unwanted intrusion. Additional security measures are in place to ensure there are no data breaches.   These remain confidential for business purposes.

How We Use the Data

Emails and telephone numbers are used to contact you in respect of your treatments/appointments and to update you on services and offers.  Medical and therapy data is used to ensure the best treatment outcome.

Do We Share Data with Third Parties?

We don’t share or sell any information to third parties.

Your Access to The Data We Hold 

You can access and amend your data via our mobile Application.  You can download this from the app stores.  Alternatively, you can request a copy from our Information Officer following a request in writing and on payment of the administration fee.