Stanga Ltd [The Company] PRIVACY POLICY
This privacy policy sets out how Stanga Ltd, trading as The Retina Clinic London, uses and protects any information that you give Stanga Ltd.
This privacy policy (“Policy”) describes the personal data collected or generated when you use The Company’s websites (the “Sites”), for example, retinaspecialist.co.uk and when collected by phone, verbally.
The term “Personal data” refers to any data which relates to a living individual who can be identified from the data, or, from the data and other information which Stanga Ltd may possess.
This policy describes the types of personal data collected when you use our Sites and communicate with Stanga Ltd by phone, and how your personal data is used, shared, and protected. It also explains the choices you have relating to your personal data and how you can contact us.
Stanga Ltd is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified, then you can be assured that it will only be used in accordance with this privacy information notice and for the purpose you specifically requested.
WHO is responsible for the processing of your personal data?
The entity responsible for the processing of your personal data is Stanga Ltd, Macclesfield, Cheshire, SK10 4SE. We are registered with the Information Commissioner’s Office, our registration number isZ1634082, and this is renewed every year in February as an ongoing policy.
WHAT personal data do we collect and WHEN
We ask you for certain personal data to provide you with the services you request. For example, when you request to receive communications, book an appointment, or interact with our Sites. We will never share your personal data with a 3rd party without your explicit permission to provide you with access to that service unless we are required to do so by law. We may also collect special category data.
“Special category data” means personal data consisting of information including racial or ethnic origin, religious beliefs genetic data, biometric data, data concerning the health of the individual.
Data collected:
Contact details: including name, email, telephone number and physical address
Personal details: including gender and date of birth
Special category data: Specific eye history, including vision prescriptions and previous eye surgery: These are collected to inform your treatment path. General health conditions and allergies: These are collected to inform your treatment path.
Payment or credit card information: this is taken at the point of booking appointments.
Personal preferences: including your marketing and cookie preferences, IP addresses, referrer headers, data identifying your web browser and version, and web beacons and tags. When interacting with our Sites, data is automatically collected and shared with The Company by the technology platforms providing the experience. For example, your web browser or mobile device may share certain data with The Company as those devices interact with our Sites. More information about these practices is included in the Cookies and Pixel Tags section below.
We may also ask you to complete surveys that we use for medical research purposes, although you do not have to respond to them.
We document all forms of communication between you and Stanga Ltd on your record held internally. We may make notes on relevant patient files enabling us to provide better care for medical, customer-service, legal, compliance, and regulatory purposes. We do not record calls but may save contact numbers onto our telephone system.
WHY and HOW we use (process) your personal data
We use the personal data we collect from you in the following ways:
To provide the features of the Sites and Services you request
When you use our Sites, we will use your data to provide the service you have selected.
To communicate information about our services and other promotional purposes
We use the data to send you personalised communications on services that may be interesting for you.
To operate, improve and maintain our business and services
We may use the data you provide to us to operate our business. For example, when you make a purchase, we may use that information for accounting, auditing, and other internal functions. Specifically, we may temporarily store unidentifiable payment details, so we can match payment confirmation. This is only kept for a short period. As another example, we may use data about how you use our products and services to enhance your user experience and to help us diagnose technical and service problems and administer our Sites.
To protect our or others’ rights, property, or safety
We may also use data about how you use our Sites to prevent or detect fraud, abuse, illegal uses, and violations of our Terms of Use and to comply with court orders, governmental request, or applicable law.
For general research and analysis purposes
We use data about how our visitors use our Sites and Services to understand customer behaviour or preferences. For example, we may use information about how visitors to retinaspecialist.co.uk search for and find information to better understand the best ways to organise and present service offerings in any of our communication channels.
Other purposes
We may also use your personal data in other ways and will provide specific notice at the time of collection and obtain your consent where necessary.
Tools to manage what we collect
In many cases, your web browser or mobile device platform will provide additional tools to allow you to control when your device collects or shares particular categories of information. For example, your mobile device or web browser may offer tools to allow you to manage cookie usage or location sharing. We encourage you to familiarise yourself with and use the tools available on your devices.
Data minimization
We aim to never collect or store any information that is not required for the delivery of the services to which you subscribe. Any information that we do collect is and will always be explicitly accounted for in this Privacy policy. We will take reasonable steps to destroy or de-identify personal information we hold if it is no longer needed for the purposes set out above, or required for us to maintain a high level of care, in accordance with EU General Data Protection (GDPR) regulation and Privacy and Electronic Communications Regulations (PECR).
SHARING of your personal data
We may share your personal data with:
Company affiliates for the purposes outlined above
Third party service providers processing personal data on The Company’s behalf, for example, to process credit cards and payments, deliveries, manage and service our data, distribute emails and research and analysis as well as administering certain services and features
Connected-UK may act as data processors for the purpose
PPM Software for scheduling and medical records
Healthcode for private medical insurance billing
We are not responsible for the privacy policies of the third-party service providers but do check from time to time that our partners and suppliers are compliant with local privacy and data protection laws and that may include GDPR, PECR, Privacy Shield, and Safe Harbour.
We may also transfer personal data we have about you in the event we sell or transfer all or a portion of our business or assets (including in the event of a reorganisation, spin-off, dissolution, or liquidation).
PROTECTION and MANAGEMENT of your personal data
The confidentiality of your personal information is of paramount concern to us and we comply with UK data protection law and all the applicable medical confidentiality guidelines issued by professional bodies such as the General Medical Council and The Royal College of Ophthalmologists.
Your confidential medical information will only be disclosed to those involved with your treatment or care, or in accordance with UK law and guidelines from professional bodies, or for the purposes of clinical audit (unless you object).
If you receive services from us and that service transfers to a new provider, we may share your personal and confidential medical information with the new provider.
We invest appropriate resources to protect your personal information, from loss, misuse, unauthorised access, modification, or disclosure.
Encryption & Security: We use a variety of security measures, including encryption and authentication tools to maintain the safety of your personal data. Your personal data is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems. Appropriate, industry-standard, security measures are in place to protect your data, details are available upon request. This includes the encryption of all data held within our Electronic Medical Records and Practice Management System – PPM Software.
Where it is stored: The personal data we collect or generate (process) will be stored in the UK. Your data is stored on site.
We will never sell your data on, but we may share your data with data recipients for processing purposes only. We may disclose your personal information to any member of our group, which means our subsidiaries, our ultimate holding company, and its subsidiaries, as defined in section 736 of the UK Companies Act 1985.
Some of the data recipients with whom The Company shares your personal data may be located in countries other than the country in which your personal data originally was collected. The laws in those countries may not provide the same level of data protection compared to the country in which you initially provided your data.
Nevertheless, when we transfer your personal data to recipients in other countries, including the USA, we will ensure your data is protected as described in this Policy and in compliance with EU General Data Protection (GDPR) regulation and the Privacy and Electronic Communications Regulations (PECR).
Retention of your data: We have a strict retention schedule which outlines how long we retain data for, and this is in line with the original purpose for which the information has been obtained. Please refer above to the Data Minimization section.
Your rights related to your personal data: You have the right to withdraw your consent with respect to our use of your personal data at any stage for marketing purposes. Stanga Ltd.’s policy is to retain all patient data in order to uphold the medical duty of care.
You also have the right to access your data and to modification or deletion, in the event your data is incorrect or otherwise unlawful. You can request a subject access request, of no charge and Stanga Ltd will provide all data held within 1 month of request, where possible.
No service Stanga Ltd use requires the compulsory use of email and you may opt out of using email services to communicate with us.
You can contact us to exercise your rights of access, modification, and deletion or to object to the processing of your personal data via the contact details in the Question and Feedback section below or by sending an email to info@theretinacliniclondon.com
COOKIES and pixel tags
The Company receives and records information, which may include personal data, from your browser when you use our Sites. We use a variety of methods, such as cookies and pixel tags to collect this information, which may include your (i) IP-address; (ii) unique cookie identifier, cookie information and information on whether your device has software to access certain features; (iii) unique device identifier and device type; (iv) domain, browser type and language, (v) operating system and system settings; (vi) country and time zone; (vii) previously visited websites; (viii) information about your interaction with our Sites such as click behaviour, purchases and indicated preferences; and (ix) access times and referring URLs.
Third parties may also collect information via Sites through cookies, third-party plug-ins, and widgets. These third parties collect data directly from your web browser and the processing of this data is subject to their own privacy policies. More information on the identity of these third parties and their privacy policies is provided below.
We use cookies and pixel tags to track our customer’s usage of the Sites. This enables us to provide services to our customers and improve their online experience. We also use cookies and pixel tags to obtain aggregate data about site traffic and site interaction, to identify trends and obtain statistics so that we can improve our Sites. There are generally three categories of cookies used on our Sites:
Functional: These cookies are required for basic site functionality and are therefore always enabled. These include cookies that allow you to be remembered as you explore our Sites within a single session or, if enabled, from session to session.
Performance: These cookies allow us to improve our Sites’ functionality by tracking usage. In some cases these cookies improve the speed with which we can process your request, allow us to remember site preferences you have selected. De-selecting these cookies may result in poorly-tailored recommendations and slow site performance.
Social media and Advertising: Social media cookies offer the possibility to connect you to your social networks and share content from our Sites through social media. Advertising cookies (of third parties) collect information to help better tailor advertising to your interests, both within and beyond our Sites. In some cases, these cookies involve the processing of your personal data. De-selecting these cookies may result in seeing advertising that is not as relevant to you or you not being able to link effectively with Facebook, Twitter, or other social networks and/or not allowing you to share content on social media.
For a comprehensive and up-to-date summary of every third-party accessing your web browser, we recommend installing a web browser plugin built for this purpose. You can also choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser settings on each browser and device that you use. Each browser is a little different, so look at your browser Help menu to learn the correct way to modify your cookies. If you turn cookies off, you may not have access to many features that make our Sites more efficient and some of our services will not function properly.
COMPLIANCE with regulators
We will obey a valid court order or subpoena if these require us to provide the information that we store to law enforcement authorities or a court of law. We will only do so upon legal scrutiny and confirmation of the validity of such requirement in the country where we are deemed to provide operate.
CHANGES to our privacy policy
Applicable law and our practices change over time. If we decide to update our Policy, we will post the changes on our Sites. We strongly encourage you to read our Policy and regularly check for any changes.
This policy is effective from 25th May 2018.
QUESTIONS and feedback
This is intended to provide and clear, transparent, and GDPR compliant policy. We welcome questions, comments, and concerns about our Policy and privacy practices. If you wish to provide any feedback or if you have questions or concerns, please contact us at info@theretinacliniclondon.com or Stanga Ltd, Macclesfield, Cheshire, SK10 4SE.
This is intended to provide and clear, transparent, and GDPR compliant policy.
Cookies
| Cookie | Description | Duration | Type |
| _ga | This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site’s analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors. | 2 years | Analytics |
| _gid | This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visited in an anonymous form. | 1 day | Analytics |
| _gat | This cookie is installed by Google Universal Analytics to throttle the request rate to limit the collection of data on high traffic sites. | 1 minute | Performance |
| _gat_gtag_UA_164030177_1 | Google uses this cookie to distinguish users. | 1 minute | Analytics |
| lang | This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website. | Functional |
The Retina Clinic London