GDPR POLICY
General Data Protection Regulation (GDPR) Policy
The Endo Fertility Specialist (EFS) general data protection regulation (GDPR) policy is the responsibility of the Data Protection Lead.
Personal information means any information that relates to an individual that may be used either directly or indirectly to identify them.
A privacy statement describing how EFS protects personal information is available here.
Whose information does this privacy notice apply to?
This privacy notice applies to information we collect from:
- Clients
- Prospective clients
- Former clients
- People who subscribe to our newsletters
- Visitors to our website
What is Personal Information?
There are two types of personal information that EFS may store about individuals that it is in contact with.
- EFS stores general contact information provided by individuals, with their consent.
- EFS stores special category data that is a sub-category of personal information, including client notes and provided by individuals with their consent.
Personal information may be stored either electronically or on paper.
A person’s details may be collected by The Endo Fertility Specialist to undertake its business activities.
Business activities include:
- Marketing and information
- Appointments
- Application forms
- Consultation forms
- Client notes
How do we process personal data?
Any information stored electronically will be secured by encryption and/or password protection.
Any information stored on paper will be protected by restricted physical access.
Who has access to personal data?
The only people that may have access to personal information are members of EFS.
No personal information is passed on to any other individuals or organisations unless:
- It is at the request of the individual
- The EFS Team is legally required to do so
How long do we keep personal data?
EFS will keep personal data for no longer than reasonably necessary. EFS will keep client records for a period of 7 years.
Data will be kept up to date and changes made as required. If the EFS business ceases trading then all personal data will be deleted or destroyed.
Consent
Requests by individuals to obtain their contact or personal information held by the EFS, will will be provided.
EFS will destroy contact or personal information about individuals if requested by them but this might mean that EFS can no longer provide certain services to them.
EFS will update any contact or personal information that we know to be incorrect.
For further details about these rights please see the Information Commissioner’s website.
Data Breach
If a data breach means that any contact or personal information has been passed to others without consent, the individual and EFS Data Protection Lead will be informed. EFS Data Protection Lead will determine in conjunction with the EFS Team what further action may be required. Individuals whose data has been compromised will be informed.
Testimonial
Testimonial videos, photos and statements are provided by clients who have given their permission for testimonials to be used on the EFS website. EFS will delete and stop using an individual’s video or image at the individual’s request.
Website Information
EFS uses products to analyse traffic to its website in order to understand visitor needs and to improve the site for them. EFS collects anonymous, aggregate statistics as well as individual user activities.
EFS publishes how it makes use of cookies on the website privacy statement page.