Privacy and cookies policy
We take the privacy and security of personal information very seriously.
If you have any question about this policy or the data we hold about you, please contact firstname.lastname@example.org
Who We Are
Kent TN30 6PR
Company number: 12112987
ICO Registration number ZB319547
You can contact us with queries
Via this website
By post at the above address
By telephone: +44(0) 1580 762900
By email email@example.com
The information we collect and how we use it
We are committed to safeguarding and preserving the privacy of our visitors. You may visit this site as often as you like without providing any information such as your name, address or email address. Certain services provided via the site, as detailed below, do however require the provision and processing of personal data.
By using our online form, you will be asked to provide the following:
This information is used for the sole purpose of contacting you to describe and sell our services. By sending us a message using the online form, you consent to the use of your details for this purpose and accept GPsurgery.net may respond to you using the contact details provided.
By contacting us via email
This information is used for the sole purpose of contacting you to describe and sell our services. By sending us a message by email, you consent to the use of your details for this purpose and accept GPsurgery.net may respond to you using the contact details provided.
The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the usage data is our analytics tracking system. This usage data may be processed for the purposes of analysing the use of the website and services to improve the user experience.
Our usage of your data for delivering GPsurgery.net services
We may process information that you provide to us for the purpose of subscribing to our email notifications and/or newsletters (“notification data“). The notification data may be processed for the purposes of sending you the relevant notifications and/or newsletters.
Providing your personal data to others
National Data Opt-Out
We do not use your information for any additional purpose beyond delivering our services. Because of this, the National Data Opt-Out does not apply to our service. We only deliver the web forms to your GP Surgery and remove this information from the website as soon as it is delivered to them.
We hold your data on services run by Dewar Green Limited. This includes sub processors that act on our written instruction as Data Controller.
- Freshworks Ltd for purposes of technical support
- WP Engine for purposes of receiving sales and technical requests
- Google Analytics for purposes of improving website navigation
- Google G Suite for communication purposes
- Xero for accounting purposes
- Mailchimp for system updates and announcements
Retaining and deleting personal data
This Section sets out our data retention policies and procedure, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data.
Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
We will retain your personal data as follows:
Your personal or company contact details will be retained for a minimum period of three years following the date you stop receiving services from us.
Security of personal data
Your data is stored in UK data centres. It is encrypted when stored, and in transit such as when you submit a form to us.
You should ensure that your password is not susceptible to being guessed, whether by a person or a computer program. You are responsible for keeping the password you use for accessing our website confidential and we will not ask you for your password.
Access to information
In accordance with the Data Protection Act 2018 you have the right to access any information that we hold relating to you and Dewar Green Limited shall charge no fee for the processing of this request. You can make a request by emailing firstname.lastname@example.org. If the nature of the request is unusually complex, way may write to you to explain this may delay our response. We may also charge a reasonable fee to complete the request in full if it is prohibitively time-consuming. We will explain these costs and will only be for the effort of meeting the data request.
Correcting your data
At any time, you may contact us to request your data be corrected if you believe it to be incorrect. To do so, contact us at email@example.com and include who you are, and what type of data you believe needs to be corrected. To protect your data, as part of this activity we may need to ask you for identifying documents to confirm who you are.
Erasure of Data
Also known as “The Right to Be Forgotten”. You have a right to have your data erased if:
- The personal data is no longer necessary for the purpose which we originally collected or processed it for;
- We are relying on consent as our lawful basis for holding the data, and you withdraw your consent – we will specifically mention if we rely on consent;
- We are processing the personal data for direct marketing purposes and you object to that processing – we will specifically mention if we will use your data for direct marketing;
- We are determined to have processed the personal data unlawfully;
There may be times when we are unable to comply with your request, such as having to do it to comply with a legal obligation
To request erasure of your data, please email firstname.lastname@example.org, and include the types of data about you that we need to erase, and the reason from the above list that you believe relates to the requirement for us to erase your data. To protect your data, as part of this activity we may need to ask you for identifying documents to confirm who you are.
Restriction of processing
You have the right to request that we restrict processing your data if:
- You contest the accuracy of your personal data and we are verifying the accuracy of the data;
- The data has been unlawfully processed (i.e. in breach of the lawfulness requirement of the first principle of the GDPR) and the individual opposes erasure and requests restriction instead;
- We no longer need the personal data, but you need us to keep it in order to establish, exercise or defend a legal claim; or
- You have objected to us processing your data under Article 21(1), and we are considering whether our legitimate grounds override yours.
To place such a request please email email@example.com, and include the types of data about you for which we need to restrict processing. To protect your data, as part of this activity we may need to ask you for identifying documents to confirm who you are.
Objecting to processing
You have the right to object to:
- Processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
- Direct marketing (including profiling); and
- Processing for purposes of scientific/historical research and statistics.
For an objection against the first point, you must provide a reason relating to your own situation that warrants an objection to the processing. In the case of legitimate reason, we must stop processing the personal data unless:
- We can demonstrate compelling legitimate grounds for the processing, which override the interests, rights and freedoms of the person objecting; or
- The processing is for the establishment, exercise or defence of legal claims.
For an objection against processing for direct marketing, we must stop processing your data.
For an objection against processing for scientific/historical research and statistics, you must provide a reason relating to your own situation that warrants an objection to the processing. In the case of legitimate reason, we must stop processing the personal data unless the processing is necessary for the performance of a public interest task.
The object to processing, please email your request to firstname.lastname@example.org, and include your objection, reason for objecting, and the types of data about you that you object to the processing of. To protect your data, as part of this activity we may need to ask you for identifying documents to confirm who you are.
Automated decision making
This notice identifies any instances of automated decision making that is related to the processing described.
How we respond to requests to exercise your rights to your personal data
We are required by law to comply with your requests. In certain circumstances, however, we have the right to reject such a request.
We may refuse to comply with a request for erasure if it is manifestly unfounded or excessive, taking into account whether the request is repetitive in nature.
In such a case that we consider a request is manifestly unfounded or excessive we can:
- Request a “reasonable fee” to deal with the request; or
- Refuse to deal with the request.
In either case we must justify your decision and will inform you of our reasons for doing so.
Any such fees will be based on the administrative costs of complying with your request. If we decide to charge a fee, we shall contact you promptly and inform you of such. We do not need to comply with the request until we have received the fee.
Lodging a complaint about handling of your data
If you believe you have an issue with how your data is being processed, we would encourage you to contact us first, putting your complaint in writing to email@example.com. We will take any such complaints seriously and do our best to resolve them.
Under the EU General Data Protection Regulation 2016 you have the right to lodge a complaint with the supervisory authority (the organisation responsible for enforcing data protection in your country) applicable to you. If you are a UK resident, your supervisory authority is the Information Commissioner’s Office (or ICO). You can find more details about how to do this on the ICO’s website, here: https://ico.org.uk/concerns/
- A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
- Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
- Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.
Cookies that we use
Cookies used by our service providers
- Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can however obtain up-to-date information about blocking and deleting cookies via these links:
- https://support.google.com/chrome/answer/95647?hl=en (Chrome);
- https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences (Firefox);
- http://www.opera.com/help/tutorials/security/cookies/ (Opera);
- https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies (Internet Explorer);
- https://support.apple.com/en-gb/guide/safari/sfri11471/mac (Safari); and
- https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy (Edge).
- Blocking all cookies will have a negative impact upon the usability of many websites.
- If you block cookies, you will not be able to use all the features on our website.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.