Who are we?
We are Research Medical Centre based in London, England, UK. We are the data controller of your personal data, which means that we are responsible for deciding how and why we use your data. You can contact us by email at email@example.com or by post at 461 Romford Rd, London E7 8AB.
What data do we collect and why?
We collect different types of personal data from you depending on how you interact with us, such as:
- When you contact us by email, phone, or post, we collect your name, contact details, and the content of your communication. We use this information to respond to your queries or complaints, to provide customer support, and to improve our services.
We only collect the personal data that is necessary for the purposes stated above. We do not collect any special categories of personal data (such as health data or biometric data) or any data relating to children under 16 years of age.
How do we protect your data?
We take appropriate technical and organisational measures to protect your personal data from unauthorised access, use, disclosure, alteration or destruction. These measures include:
- Encrypting your data in transit and at rest using secure protocols and algorithms
- Limiting access to your data to authorised personnel who need it for legitimate purposes
- Implementing firewalls, antivirus software, and other security tools to prevent cyberattacks
- Conducting regular backups and testing of our systems and databases
- Training our staff on data protection principles and best practices
However, no method of transmission or storage of data is 100% secure. Therefore, we cannot guarantee the absolute security of your data. If we become aware of any breach of your data that poses a high risk to your rights and freedoms, we will notify you and the relevant authorities as soon as possible.
How long do we keep your data?
We only keep your personal data for as long as necessary for the purposes for which we collected it or as required by law. The retention period may vary depending on the type of data and the purpose of processing. For example:
- We keep your communication information for one year after the last contact with you
- We keep your web browsing information for one month after your last visit to our website
When we no longer need your personal data, we will securely delete or anonymise it.
Who do we share your data with?
We may share your personal data with third parties who provide services on our behalf or who have a legitimate interest in accessing it. These third parties include:
- Our service providers who help us with web hosting, payment processing, delivery, marketing, analytics, customer support, etc.
- Our professional advisers who assist us with legal, accounting, auditing or other matters
- Our regulators or law enforcement agencies who require us to disclose your data for legal or compliance reasons
We only share your personal data with third parties who respect your privacy and comply with applicable laws and regulations. We do not sell or rent your personal data to anyone.
Some of the third parties we share your data with may be located outside the UK or the European Economic Area (EEA). In such cases, we will ensure that there are adequate safeguards in place to protect your data, such as:
- The third party is based in a country that has been deemed to provide an adequate level of protection by the European Commission
- The third party has entered into a contract with us that incorporates the standard contractual clauses approved by the European Commission
- The third party is certified under the EU-US Privacy Shield framework or a similar mechanism
You can contact us to obtain more information about the safeguards we use when transferring your data outside the UK or the EEA.
What are your rights and choices?
Under the General Data Protection Regulation (GDPR) and other applicable laws, you have certain rights and choices regarding your personal data, such as:
- The right to access: You have the right to request a copy of the personal data we hold about you and to check that we are processing it lawfully
- The right to rectification: You have the right to request that we correct any inaccurate or incomplete personal data we hold about you
- The right to erasure: You have the right to request that we delete or remove your personal data from our systems, unless we have a valid reason to keep it
- The right to restrict processing: You have the right to request that we limit the way we use your personal data, for example, if you dispute its accuracy or object to its processing
- The right to data portability: You have the right to request that we transfer your personal data to you or another party in a structured, commonly used and machine-readable format
- The right to object: You have the right to object to our processing of your personal data for direct marketing purposes or for other reasons based on your specific situation
- The right to withdraw consent: You have the right to withdraw your consent at any time where we rely on your consent to process your personal data, such as for sending you newsletters or offers
- The right to lodge a complaint: You have the right to lodge a complaint with the Information Commissioner’s Office (ICO) or another supervisory authority if you are unhappy with how we handle your personal data
You can exercise your rights and choices by contacting us using the details below. We may ask you to verify your identity before processing your request. We will respond to your request within one month, unless it is complex or we receive multiple requests from you. In such cases, we will inform you of any delay and the reasons for it.
How can you contact us?
If you have any questions or comments about this policy or our use of your personal data, please contact us by email at firstname.lastname@example.org or by post at 461 Romford Rd, London E7 8AB. We will do our best to resolve any issues or concerns you may have.