Edinburgh Psychosexual Clinic (EPC)
Edinburgh Psychosexual Clinic complies with General Data Protection Regulations (GDPR) and is registered with the Information Commissioners' Office (ICO), registration number ZA825157.
We will not divulge your personal data under any circumstances, except if required to do so by Law or under the COSRT Code of Ethics.
Any information relating to an identified or identifiable natural person
A natural person under 16 years of age
The Data Protection Act 2018
At EPC we are committed to protecting and respecting your privacy. This Policy explains when and why we collect personal information about our clients, how we use it, the conditions under which we may disclose it to others and how we keep it secure. We may change this Policy from time to time so please check this page occasionally to ensure that you are happy with any changes.
Tel: 07776 985 955
For the purposes of the Act, EPC is the Data Controller responsible for determining what personal data is collected and what it is used for
HOW WE COLLECT INFORMATION ABOUT YOU
We obtain information about you when you become a client.
Our services are not targeted at children and we do not accept children as clients
WHAT TYPE OF INFORMATION DO WE COLLECT?
We may collect both personal and sensitive information. The personal information we may collect includes:
• Email Address
• Landline Number
• Mobile Number
• Date of Birth
We may also collect sensitive personal information, known as ‘Special Category’ data under the Act:
• Gender, ethnicity and marital status
• Religious or other cultural beliefs
• Physical or mental health or condition
• Offences (including alleged offences)
HOW WE USE YOUR DATA
We may use your personal information to:
• Administer the website;
• Enable your use of the services available on the website;
• Send to you goods purchased via the website, and supply to you services purchased via the website (e.g. appointments) and collect payments from you
• Send you email notifications, which you have specifically requested
Your personal data will be treated as strictly confidential. We will not, without your express consent, provide your personal information to any third parties. Nor will we seek information about you from external agencies or other third parties.
All our website financial transactions are handled through our payment services providers. We do not store card payment information on EPC systems. All transactions are fulfilled by our payment service providers.
HOW LONG DO WE KEEP YOUR DATA
Most records are normally kept for 7 years, after which they will be destroyed. However, in rare circumstances it may be necessary to retain records for longer than this.
There are occasions when we may need to make disclosure to a third party. We may disclose your personal information:
• To the extent that we are required to do so by law, or by regulators, public authorities or government departments;
• In connection with any complaint, legal proceedings or prospective legal proceedings;
• In order to establish, exercise or defend our legal rights
HOW WE LOOK AFTER YOUR DATA
EPC will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information. We will store all the personal information you provide on our secure (password and firewall protected) systems. All electronic transactions containing personal details that you make to or receive from us will be encrypted using SSL technology. It must however be noted that data transmission over the internet is potentially insecure, and we cannot guarantee the security of data sent over the internet.
YOUR RIGHTS AND YOUR PERSONAL DATA
Subject to certain exceptions, you have the following rights with respect to your personal data:
• The right to receive a copy of the personal information we hold on you
• The right to correct and update the information we hold on you
• The right to have your information erased, although basic details will be retained in order to evidence compliance with this request
• The right to data portability
• The right to withdraw your consent at any time
• The right to make a complaint to EPC or to the Information Commissioner’s Office
SUBJECT ACCESS REQUESTS
Should you wish to access your data or have it destroyed before 7 years have elapsed, you may submit your request in writing to our EPC, along with evidence of your identity. We will respond to your request within a month, unless the request is particularly complex or a whole series of requests have been made, when it may take longer to provide all of the information.
If you’d like to opt out of tracking by Google Analytics, visit the Google analytics opt out page.
PERSONAL DATA BREACHES
EPC strives to do its utmost to protect your data and as part of this duty we will have robust breach detection, investigation and internal reporting procedures in place which will facilitate decision-making about whether or not we need to notify the relevant supervisory authority and the affected individuals. However, in the event of a personal data breach the following actions will be taken.
• All breaches will be reported immediately to the EPC contact responsible for data protection
• If the breach is likely to result in a high risk of adversely affecting individuals’ rights and freedoms, EPC will notify the ICO within 72 hours and will inform those individuals affected without undue delay
• A record of any personal data breaches will be kept
CONTACT FOR DATA PROTECTION
REVIEW OF THIS POLICY
We keep this Policy under regular review. This Policy was last updated in January 2022