Code of Practice
 
This privacy policy sets out how Este Medical Group (Cosmetic Surgery) Ltd uses and protects any information that you give when you use the service and its website.
The clinic is committed to complying with the Data Protection Act 1998, the General Data Protection Regulation UK (GDPR) and other standards.
The Clinic only keeps relevant information about patients to provide them with safe and appropriate cosmetic/aesthetic care.

The person responsible for Data Protection is Neha Jain

Our legal basis for processing data is:
• Consent
• Processing is necessary for the performance of our care for patients
• And the health care data we process is called special data.

Processing is necessary for the purposes of aesthetic medicine, for assessing the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or management of health or social care systems and services on the basis of Union or Member State law or a contract with a health professional.”

Hard copy and computerised records are stored, reviewed and updated securely and confidentially. Records are securely destroyed when no longer required. Confidential information is only seen by personnel who need to see it and the team are trained on our policies and procedures to keep patient information confidential.

To facilitate patients’ health care, the personal information may be disclosed to a doctor, health care professional, hospital and NHS authorities. In all cases only relevant is shared. In very limited cases, such as for identification purposes, or if required by law, information may have to be shared with a party not involved in the patient’s health care. In all other cases, information is never disclosed to such a third party without the patient’s written authority.

All confidential information is sent via secure methods. Electronic communications and stored data are encrypted. All computerised clinical records are backed up and encrypted copies are kept off-site. No information or comments about patients are posted on social networking or blogging sites.
Access is strictly controlled and limited to persons who need to have access to information in the course of their duties. 

What personal information do we need to hold?
• We need to hold your past and present medical condition. Details such as your age, address, telephone number and your general medical practitioner.
• We will need to keep information about the treatment we have proposed and provided along with its price.
• Notes of conversations or incidents that might occur for which a record needs to be kept.
• Records of permission or consent for treatment.
• Any correspondence relating to you with other health care professionals, for example in the hospital or community services.
 
Why do we hold this information?
We keep accurate personal data about patients in order to provide you with appropriate and safe care.
 
Retaining Information
We are required to retain your treatment records while you are a patient of this Clinic and after you cease to be a patient for a minimum of 11 years or until the age of 25 (whichever is longer). Retention periods may be changed from time to time based on business or legal and regulatory requirements

Security
Information about you is stored in Este Medical (Cosmetic Surgery) Ltd’s computer system and in a secure manual filing system. The information is only accessible to authorised personnel. Personal information will not be removed from this Clinic without the patient’s authorised consent.

Your personal information is protected by the staff at Este Medical (Cosmetic Surgery) Ltd. All access to information is held securely and can only be accessed by password which are routinely changed. Data is encrypted, and computer terminals are locked if unattended.

This includes:
• Password protection
• Two factor authentication
• Locked cabinets/rooms
• Clinic security systems (including CCTV)
• Virus protection
• Secure servers
• Back-up facilities
• Secure cloud-based storage

Access
You have a right to access the information that we hold about you and to receive a copy. You can make a request by contacting the Clinic or by e-mailing ‘anotonia.mariconda@estemedicalgroup.uk’.

Rectification
You have a right to correct any information that you believe is inaccurate or incomplete. Please contact the Clinic to request a change in information.

Erasure
You have a right to request that we delete your personal information, although you should be aware that, for legal reasons, we may be unable to erase certain information (for example, information about your treatment). Please contact the Clinic to make this request.

Restriction
You have the right to request us to restrict the processing of your personal information for example, sending you reminders for appointments or information about our service. Please contact the Clinic to make this request.

Portability
You have a right to data portability; this could include supplying your information to another treatment provider. Please contact the Clinic to make this request.

Concerns
If you have any concerns about how we use your information and you do not feel able to discuss it with your treatment provider or anyone at the Clinic, you can contact our Data Protection Officer via email.

You can also seek advice from The Information Commissioner’s Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, or start a live chat or call helpline on 0303 123 1113.

We may need to disclose your information, in order to provide proper and safe care to other health professionals caring for you including but not limited to your general medical practitioner and the hospital or community services.
 
Disclosure will take place when relevant at a need to know basis. This means only those individuals or organisations that need to know in order to provide care to you and for the proper administration of Government will be given this information. Only information that the recipient needs to know will be disclosed.
 
In very limited circumstances or when required by law of a court order, personal data may have to be disclosed to a third party not connected with your health care. In all other situations, disclosure that is not covered by this Code of Practice will only occur when we have your specific consent. Where possible you will be informed of these requests for disclosure.