Protecting your personal details on this website.
Last updated: 9/12/18
Owner and data controller
Dr. Charlotte Ord, 07736 071931, The Old Steppe House, Brighton Rd, Godalming GU7 1NS,
I believe it is important to protect your Personal Data, as defined in the Data Protection Act 1998 and the General Data Protection Regulations (GDPR) and I am committed to giving you a personalised service that meets your needs in a way that also protects your privacy. This policy explains how I may collect Personal Data about you. It also explains some of the security measures I take in order to protect your Personal Data, and tells you certain things I will and will not do.
When I first obtain Personal Data from you, or when you take a new service, I will give you the opportunity to tell me if you do or do not want to receive information from me about other services. You can normally do this by ticking a box on an application form or contract. You may change your mind at any time.
Some of the Personal Data I hold about you may be ‘sensitive personal data’ within the meaning of the Data Protection Act 1998 and the GDPR, for example, information about your health.
If you are not happy with any aspect of how I collect and use your data, you have the right to inform the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). I would be grateful if you would contact me first if you do have a concern so that I can try to resolve it for you.
The legal bases relied on for processing:
I may process Personal Data relating to Users if one of the following applies:
Users have given their consent for one or more specific purposes;
provision of Data is necessary for the performance of an agreement with the User and any pre-contractual obligations;
processing is necessary for compliance with a legal obligation to which the Owner is subject;
processing is necessary for the purposes of the legitimate interests pursued by the Owner or by a third party;
Upon request, the Owner will help to clarify the specific legal basis that applies to the processing if there is any concern.
When is your personal data collected?
Personal Data is collected in the following methods:
filling in forms on this website
communicating with Dr. Charlotte Ord via post, telephone, or email
purchasing products or services
subscribing to Dr. Charlotte Ord’s newsletter
requesting that resources or marketing be sent to you
automatically collected Technical Data about your equipment, browsing actions and usage patterns. This data is collected by using cookies, server logs and similar technologies.
What personal data is collected?
I collect the following Personal Data from you:
Identity Data may include your first and last names.
Contact Data may include your email address, billing address and telephone numbers.
Technical Data may include your internet protocol addresses, browser type and version, browser plug-in types and versions, time zone setting and location, operating system and platform and other technology on the devices you use to access this site.
Usage Data may include information about how you use this website.
How and why is your personal data used?
The Data is used to respond to your queries or questions about my services or products; as well as for the following purposes: analytics, SPAM protection and managing contacts, sending marketing messages and contacting you.
The Data privacy law allows this as part of our legitimate interest in understanding our clients and delivering the best possible service.
How I protect your personal data
I know how much Data security matters to you. I will treat your Data with the utmost care and have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
Please remember, however, that communications over the internet, such as emails and webmails (messages sent through a website), are not secure unless they have been encrypted. Your communications may go through a number of countries before they are delivered – this is the nature of the internet. I cannot accept responsibility for any unauthorised access or loss of Personal Data that is beyond my control.
All User data is processed in line with the guidelines set out by the Data Protection Act 2018. This means that:
I have registered my practice with the Information Commissioner’s Office.
I take measures to ensure your data remains secure and that no one can access it without your specific consent. In the unlikely event of a data breach, I will contact you and inform the Information Commissioner’s Office within 48 hours.
Website interaction with Users is secured using ‘https’ technology.
How long will my personal data be kept?
I will only retain your personal data for as long as necessary to fulfil the purposes I collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
On completion of our work together, I will hold your records for 7 years in line with professional practice guidelines. After this your data and all electronic communications will be destroyed/erased.
Once the retention period expires, Personal Data shall be deleted.
Who is my personal data shared with?
I do not share your personal data with other parties unless this is considered to be necessary and/or helpful (for example, your General Practitioner/GP), and, should we decide to work together, I will discuss this with you during your first appointment.
I maintain physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of personally identifiable User information. These security procedures mean that I may occasionally request proof of identity before I disclose personal information to you.
What are my rights?
As a User of this website you may exercise certain rights regarding the processing of Personal Data by the Owner.
Right to withdraw their consent at any time. Users have the right to withdraw consent where they have previously given their consent to the processing of their Personal Data.
Right to object to the processing of their Data. Users have the right to object to the processing of their Data if the processing is carried out on a legal basis other than consent.
Right to access their Data. Users have the right to learn if Data is being processed by the Owner and obtain a copy of the Data being processed.
Right to verify and seek rectification. Users have the right to verify the accuracy of their Data and ask for it to be updated or corrected.
Right to restrict the processing of their Data. Users have the right, under certain circumstances, to restrict the processing of their Data. In this case, the Owner will not process their Data for any purpose other than storing it.
Right to have their Personal Data deleted. Users have the right, under certain circumstances, to obtain the erasure of their Data from the Owner.
Right to receive their Data and have it transferred to another controller. Users have the right to receive their Data and, if technically feasible, to have it transmitted to another controller without any hindrance.
Right to object. Users have the right to bring a claim before their competent data protection authority.
How to exercise your rights
Any requests to exercise User rights can be directed to the Owner through the contact details provided in this document. These requests can be free of charge and will be addressed by the Owner within one month.
You can stop any further direct marketing from Dr. Charlotte Ord Limited by:
clicking the unsubscribe link in emails I send at any time
contacting the Data Controller via the details in this document.
I aim to keep the Personal Data I hold about you accurate and up to date. If you tell me that I am holding any inaccurate Personal Data about you, I will delete it or correct it promptly. Please email or write to me at the address above to update your Personal Data.
Definitions and legal references
Personal Data (Data)
Any information that directly, indirectly, or in connection with other information — allows for the identification of a natural person.
Information collected automatically through this website which can include: the IP addresses or domain names of the computers utilised by the Users who use this website, the time of the request, the method utilised to submit the request to the server, the country of origin, the browser and the operating system, the time details per visit and the path followed within the website and other parameters about the device operating system and/or the User's computer environment.
The individual using this website who, unless otherwise specified, coincides with the Data Subject.
The natural person to whom the Personal Data refers.
Data Controller (or Owner)
The Data Controller is the Owner of this Website.
The means by which the Personal Data of the User is collected and processed.
The service provided by this website as described on this site.
European Union (or EU)
Unless otherwise specified, all references made within this document to the European Union include all current member states to the European Union and the European Economic Area.
A small piece of Data stored in the User's device.