Paradigm Clinic is committed to protecting the privacy and security of your personal information. This fair processing notice describes how we collect
This issue is very important to us, so we have set out full details in this policy.
Please take the time to read this policy in full and understand it.
You have complete control over your personal data processed by us and you have a genuine choice to accept or decline our requests to process your data.
We will only process your personal data with your consent, which we will confirm is freely given, specific, informed and unambiguous. You may withdraw your consent at any time where our right to process your personal data is based only on your consent.
To be helpful, we’ve included some links to other websites in this policy. Please note that these websites are controlled by other people, not us, and we are not responsible for them.
WHO ARE WE?
Paradigm Clinic is a company incorporated by the name Paradigm Vitality Limited in Northern Ireland (registration number NI643846) and having its registered office at 3a Upper Dunmurry Lane, Dunmurry, Belfast, BT17 0AA.
Our websites www.paradigmclinic.co.uk (the “Website“) is owned and operated by Paradigm Clinic.
We are what is known as ‘data controller’ of the information you provide to us. This term is a legal phrase used to describe the person or entity who controls the way information is used and processed. We will never wilfully disclose your personal data to any third parties without your prior consent.
We reserve the right to update this privacy notice at any time. We may also notify you in other ways from time to time about the processing of your personal data.
DATA PROTECTION PRINCIPLES
We will comply with data protection law. This says that the personal information we hold about you must be:
- Used lawfully, fairly and in a transparent way.
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
- Relevant to the purposes we have told you about and limited only to those purposes.
- Accurate and kept up to date.
- Kept only as long as necessary for the purposes we have told you about.
- Kept securely.
the kind of INFORMATION we collect and hold about you
We only collect information that we will genuinely use for the purposes set out in this policy.
Specifically, we collect:
- All information you choose to submit to us. You can choose to submit information to us through a lot of different ways:
- Through hard copy paper agreements and/or consent forms signed by you,
- By entering your details at our website, www.paradigmclinic.co.uk,
- Through forms, for example in signing up for medical advices and/or treatment,
- By writing to us with communications containing personal data,
- By sending us emails and text messages (SMS or MMS),
- By interacting with us on social media platforms (such as Facebook, Twitter or LinkedIn);
- By speaking to us in our offices or over the telephone, for example in making an enquiry about medical advices and/or treatment, or in consultation with our staff at our premises.
- By way of a referral letter, medical insurance provider or, in some instances, from a legal representative.
(Please note: If you submit details to us of any other person (e.g. a friend) please make sure you have their permission before doing so.)
- Non-sensitive personal data:
- Personal contact details such as name, title, addresses, telephone numbers and personal email addresses,
- Personal details such as date of birth, gender and marital status,
- Next of kin and emergency contact information,
- Payment information, including payment methods and your billing address.
- ‘Sensitive’ or 'special category' information on you, but far less frequently than the above information. ‘Sensitive’ or 'special category' information includes your health and/or biometric data. This information will be supplied by you to us via forms so you have the choice as to whether to provide this information and we will only process it with your express consent.
- Full details of your health, comprising records of treatments and care received, including in some cases notes and reports about your health from third parties, such as your GP.
- Results of x-rays, blood tests and other relevant medical examinations.
HOW do we use your information?
We use the information we collect for many different things. We need all the categories of data in the list above primarily to allow us to provide any agreed healthcare services and to enable us to comply with legal obligations. In some cases we may use your personal information to pursue legitimate interests of our own or those of third parties, provided your interests and fundamental rights do not override those interests.
The situations in which we will process your personal information are listed below:
- To administer our healthcare services as agreed,
- To help inform the decisions your consultant and healthcare team make about your treatment,
- To ensure that your treatment is safe and effective,
- To work effectively with other data controllers and/or data processors who may be involved in your care,
- To provide you with our website, which require a certain amount of technical information in order to work properly;
- To comply with a legal obligation, including in relation to a legal claim or where it is needed to protection your interests (or those of a third party),
- To keep you safe and to comply with health and safety obligations,
- To enable you to obtain services from us, which again requires a certain amount of information to be collected, for example your payment card details so we can take payment and so we can provide you with a receipt;
- To gather feedback from you about our services and your aftercare.
- To contact you from time to time about things you have told us you want to hear about,
- To respond to any questions, suggestions, issues or complaints you have raised with us;
- To perform any agreements we have entered into with you but also to enforce a contract against you if you do not honour it, including seeking to collect any debts that we may be owed;
- To monitor use of our website to see if it is being abused or threatened,
- To protect you and our business against any other potential criminal behaviour, including potential identity theft and fraud.
- To maintain administrative and statutory records about our business to enable us to understand what services we have provided, how, when, where and at what price and account to the tax authorities for the related taxes that we have to pay,
- To enable us and our third party service providers to plan and manage our day-to-day business and related services as effectively as possible,
- In the process of anonymising your information so that you are no longer identifiable to us or our third party service providers.
WHO DO WE SHARE YOUR INFORMATION WITH?
We cannot run our business or provide many of the healthcare services and benefits you expect to receive without involving other people and businesses, and sometimes we pass your information to these other people and businesses as set out below.
We only share your information where we can do so in accordance with our legal data protection and privacy obligations.
We share the information we collect with:
- other people and businesses who help us provide our services to you, for example, information technology companies who design and host our websites, and payment services companies who enable you to use credit or payment cards with us;
- our insurers and insurance brokers where required in order for us to be able to obtain insurance against risks we face in running our business. [They may retain this information for the purpose of ongoing risk assessment and insurance broking and underwriting services].
- banks and finance companies
- credit reference agencies who provide anti-fraud and credit-insight information to us, central and local government departments, for example, banks and finance companies who also provide anti-fraud services, and customer insight companies (as set out above) in each case as necessary in order to benefit from their services. [Where we do so for anti-fraud purposes, the recipient organisation may hold your information on file for the purpose of their fraud-prevention services in future].
- our professional advisors for example our lawyers, accountants, auditors, and technology consultants when they need it to provide advice to us.
- the Police, local authorities, the Courts and any other central or local government bodies where they request it and we may lawfully disclose it, for example for the prevention and detection of crime.
- other people who make a subject access request or "SAR" to us, where we are allowed to do so by law (see “Managing Your Information” below for what we mean by a “subject access request”).
We also may share the information we collect where we are legally obliged to do so, for example e.g. to comply with a court order.
SECURITY OF YOUR INFORMATION
Much of the information we receive is provided in paper form, on our contracts, or electronically, originating with your relevant device and then transmitted to us by your relevant telecoms network provider.
Where it is within our control, we put measures in place to ensure this “in flight” data is reasonably secure.
Once your information is received by us, we take its security very seriously.
We use appropriate procedures and technical security measures (including strict encryption, anonymisation and archiving techniques) to safeguard your information across all our computer systems, networks, websites, mobile apps, offices and stores as much as possible.
In particular, we follow an internationally recognised security standard known as ISO 27001.
We also use secure means to communicate with you where appropriate, such as ‘‘https’’ and other security and encryption protocols.
INTERNATIONAL TRANSFER OF YOUR INFORMATION
Although we are a business based in Northern Ireland, we need to use suppliers who are of an international standing on occasion to help ensure you receive the very best in services from us.
To allow us to run our business on this basis, the information we collect may be transferred to, stored and used at premises in countries around the world, outside of the EEA.
Please note that information protection laws do vary from country to country. In particular, the law of the country in which you are resident or domiciled may offer a higher standard of protection than the laws of those other countries in which we store and use the information we collect. Our transfer of information to other countries could result in that information being available to government and other authorities in those countries under their laws.
Paradigm will never transfer data abroad without strict adherence to the requirements of the General Data Protection Regulation ("GDPR") and EU law to ensure your personal data enjoys the same safeguards elsewhere as it would at home.
HOW LONG DO WE KEEP YOUR INFORMATION FOR?
In accordance with our legal data protection, marketing and privacy obligations, we will only retain your information for as long as we actually need it to achieve the purpose(s) for which we obtained it in the first place.
We will then either securely delete it or anonymise it so that it cannot be linked back to you.
See ‘How do we use your information?’ above for full details of those purposes.
MANAGING YOUR INFORMATION
You can contact us to discuss your information at any point in time using the details provided above.
It is very important to us that all the information we hold about you remains accurate and up-to-date at all times to reduce the chances of us having a misunderstanding. We try hard to make sure this is the case at all times regardless of what information we hold about you.
We need your help in doing so though. If you have any account or health record with us, please ensure that the information you provide to us through that account (e.g. any contact information you provide) remains accurate and up-to-date. Please review and update it regularly.
You have a number of rights which we respect and aim to uphold in all that we do.
These rights include:
- Request a transfer of your information to another party.
- Request correction of inaccurate information. If you have reason to believe any of the information we collect on you may be inaccurate, and you cannot correct such inaccuracy yourself through your registered accounts with us, please contact us (see below for how to do this).
- Asking us about your information. You have the right to ask us whether we hold information about you and if so, for us to give you certain details about that information and/or the information itself. This right is commonly known as a ‘subject access request’ or SAR. Certain exemptions and conditions apply to this right, including that it should be in writing and that you give us reasonable details about the information you seek.
- Reviewing our use of automatic computer processing. You can ask us to have one of our staff review a decision about you which has been taken automatically by computer. One common example is if we decline an order for supply you place with us for anti-fraud or credit check reasons. Please note that these decisions can come about due to policy decisions taken by banks, card and payment processing companies, and credit reference agencies who separately hold information about you and to resolve them you may have to speak to them directly.
- Asking us to forget you. You have the "right to be forgotten" and we will erase your personal data held and processed by Paradigm where we do not need to hold it for regulatory or legislative reasons.
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact Mr Fogarty.
RIGHT TO WITHDRAW CONSENT
As stated above, in the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact Mr Fogarty. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
We reserve the right not to comply with any requests we receive where we may lawfully do so, for example if we reasonably believe a request to be malicious, technically very onerous, to involve disproportionate effort or harmful to the rights of others.
If you have any complaints about our use of your information, please contact us. We will do our very best to resolve any complaint to your satisfaction.
Thank you for taking the time to read about how we use your information.