1 What is this Notice?
The MW Clinic London (“The MW Clinic London”, “we”, “our” and “us”) is a registered company in England and Wales (14822652).
This Privacy Notice relates to our website (www.mwcliniclondon.com) (the “Website”).
The MW Clinic London may collect personal information about users of the Website (“you”). When we mention “personal information” in this Notice, we mean any information that relates to an identifiable natural person (also known as “personal data”). Your name, address, date of birth and contact details are all examples of your personal information, if they identify you. Where we talk about where we “process” your personal information (and “processing” and “processed”) we mean any activity relating to personal information, including, by way of example, collection, storage, use, consultation and transmission.
The MW Clinic London takes the lawful and correct treatment of personal information very seriously. The MW Clinic is fully committed to treating your personal information in accordance with the principles of data protection, as set out in the General Data Protection Regulation (EU) 2016/679 (the “GDPR”).
This Privacy Notice describes why and how we collect and use personal information and provides information about your rights. It applies to all the personal information you provide to us. We may use personal information provided to us for any of the purposes described in this Privacy Notice or as otherwise stated at the point of collection.
You should read this Notice so that you know what we are doing with your personal information. Please also read any other privacy notices that we give you that might apply to our use of your personal information in specific circumstances in the future.
Please note that this Privacy Notice covers our Website only. Other websites linked to or from this Website are not covered by this Notice. Such other sites may also make use of their own cookies and will have their own privacy policies. You should carefully review the privacy policies and practices of other sites, as we cannot control or be responsible for their privacy practices. We do not accept any liability for the privacy practices of third-party websites and your use of such websites is at your own risk.
2 What information do we collect about you and how do we use this?
Under the GDPR, The MW Clinic London is a ‘data controller’, which means that we make decisions about how and why we process your personal information and, because of this, we are responsible for making sure it is used in accordance with data protection laws.
We collect various types of personal information about you for different reasons. We cannot provide treatment without your personal information. Where we don’t need your personal information, we will make this clear, for instance we will explain if any data fields in our application forms or member surveys are optional and can be left blank.
We collect the following personal information from you, for example, when you visit our Website, request an appointment, and communicate with us.
Category of personal information
Examples of your personal information
Name, title, address, email address, telephone number, social media handle
Gender/sex, date of birth, national residency information
Equal opportunities information
Health conditions religion or belief, sexual orientation and ethnic origin
Bank details, direct debit information, treatment payment records
Your account settings and communication preferences
Communications between you and us
Website usage information
Please refer to Cookies Policy here
Information you provide us when you give us feedback on our Website
Information submitted during the registration process
If any of the personal information you have given to us changes, such as your contact details, please inform us without delay by contacting: firstname.lastname@example.org.
Where we collect information that you voluntarily provide when you complete surveys and feedback forms, the personal information you provide is anonymised, unless you choose to provide your contact information.
3 What do we do with your personal information?
We process your personal information for various purposes.
We are required by law to always have a permitted reason or justification (called a “lawful basis”) for processing your personal information. There are six such permitted lawful bases for processing personal information. The table below sets out the different purposes for which we process your personal information and the relevant lawful basis on which we rely for that processing.
Lawful basis and purpose
What categories of personal information do we use (see 2 above)?
Administration of treatment - management and administration of treatment records; promotion of MW Clinic products and services; sharing information about MW Clinic activities.
To provide you with appropriate products, services and benefits e.g. special offers. To share information with you about MW Clinic activities.
To provide you with information about MW Clinic events that are relevant to you
To provide you with any information you request
So that we can communicate with you as necessary
To carry out analysis about the use of our website
Website usage information
To carry out research and statistical analysis
Website usage information
We may also convert your personal information into statistical or aggregated form to better protect your privacy, or so that you are not identified or identifiable from it. Anonymised data cannot be linked back to you. We may use it to conduct research and analysis, including to produce statistical research and reports.
4 Special category personal information (including criminal information)
We are required by law to treat certain categories of personal information with even more care than usual. These are called sensitive or special categories of personal information and different lawful bases apply to them. The table below sets out the different purposes for which we process your special category personal information and the relevant lawful basis on which we rely for that processing. For some processing activities, we consider that more than one lawful basis may be relevant – depending on the circumstances.
Lawful basis and purpose
What categories of personal information do we use
(see 2 above)?
To admit you as a patient, assess and deliver your treatment and consult with your clinician
To conduct clinical research with your (explicit) consent
Equal opportunities information
To authorise treatment and enable payment with insurers and handle any ongoing claims
Sensitive personal information
To comply with a legal obligation to which we are subject
To protect your vital interests or those of another natural person
5 Who do we share your personal information with?
Sometimes we need to share your personal information with other people.
From time to time we may ask third parties to carry out certain functions for us, such as payment processing or mailing. These third parties will process your personal information on our behalf (as our processor). We will disclose your personal information to these parties so that they can perform those functions. Before we disclose your personal information to other people, we will make sure that they have appropriate security standards in place to make sure your personal information is protected and we will enter into a written contract imposing appropriate security standards on them. Examples of these third-party service providers include service providers and/or sub-contractors, such as third-party payment processors, mailing houses and IT systems software and maintenance, back up, and server hosting providers.
In certain circumstances, we will also disclose your personal information to third parties who will receive it as controllers of your personal information in their own right for the purposes set out above, in particular:
- if we transfer, purchase, reorganise, merge or sell any part of our business or the business of a third party, and we disclose or transfer your personal information to the prospective seller, buyer or other third party involved in a business transfer, reorganisation or merger arrangement (and their advisors); and
- if we need to disclose your personal information in order to comply with a legal obligation, to enforce a contract or to protect the rights, property or safety of our employees, customers or others.
We have set out below a list of the categories of recipients with whom we are likely to share your personal information:
- third party service providers (see above);
- consultants and professional advisors including legal advisors and auditors;
- courts, court-appointed persons/entities, receivers and liquidators;
- business partners and joint ventures;
- trade associations and professional bodies;
- insurers; and
- governmental departments, statutory and regulatory bodies including the General Medical Council, Department for Work & Pensions, Information Commissioner’s Office, the police and Her Majesty’s Revenue and Customs.
We may also share your personal information with third parties, as directed by you.
We will only disclose your personal information in accordance with applicable laws and regulations.
6 Where in the world is your personal information transferred to?
If any of our processing activities require your personal information to be transferred outside the European Economic Area, we will only make that transfer if:
- the country to which the personal information is to be transferred ensures an adequate level of protection for personal information;
- we have put in place appropriate safeguards to protect your personal information, such as an appropriate contract with the recipient.
- the transfer is necessary for one of the reasons specified in data protection legislation, such as the performance of a contract between us and you; or
- you explicitly consent to the transfer.
7 How do we protect your data?
The MW Clinic London takes the security of your personal information seriously. In order to prevent unauthorised access or disclosure and unlawful or unauthorised processing and accidental loss, destruction or damage, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online. For example, we have adopted internal data protection procedures and trained our staff on them with a view to preventing breaches of security.
We take all reasonable steps to protect any personal information you submit via the website. However, as our Website is grouped to the internet, which is inherently insecure, we cannot guarantee the information you supply will not be intercepted while being transmitted over the internet. Accordingly, we have no responsibility or liability for the security of personal information transmitted via our website.
8 For how long does The MW Clinic keep data?
We hold your personal information only as long as necessary and in line with UK Data Protection legislation.
We will only retain your personal information for a limited period of time. This will depend on a number of factors, including:
- any laws or regulations that we are required to follow;
- whether we are in a legal or other type of dispute with each other or any third party;
- the type of information that we hold about you; and
- whether we are asked by you or a regulatory authority to keep your personal information for a valid reason.
9 Your rights
You have certain legal rights, which are briefly summarised in the table below, in relation to any personal information about you which we hold.
What does it mean?
Limitations and conditions of your right
Right of access
Subject to certain conditions, you are entitled to have access to your personal information (this is more commonly known as submitting a “data subject access request”).
If possible, you should specify the type of information you would like to see to ensure that our disclosure is meeting your expectations.
We must be able to verify your identity. Your request may not impact the rights and freedoms of other people, e.g. privacy and confidentiality rights of other staff and patients.
Right to data portability
Subject to certain conditions, you are entitled to receive the personal information which you have provided to us and which is processed by us by automated means, in a structured, commonly used, machine-readable format.
If you exercise this right, you should specify the type of information you would like to receive (and where we should send it) where possible to ensure that our disclosure is meeting your expectations.
This right only applies if the processing is based on your consent or on our contract with you and when the processing is carried out by automated means (i.e. not for paper records). It covers only the personal information that has been provided to us by you.
Rights in relation to inaccurate personal or incomplete data
You may challenge the accuracy or completeness of your personal information and have it corrected or completed, as applicable. You have a responsibility to help us to keep your personal information accurate and up to date.
We encourage you to notify us of any changes regarding your personal information as soon as they occur, including changes to your contact details and telephone number.
Please always check first whether there are any available self-help tools to correct the personal information we process about you.
This right only applies to your own personal information. When exercising this right, please be as specific as possible.
Right to object to or restrict our data processing
Subject to certain conditions, you have the right to object to or ask us to restrict the processing of your personal information.
This right applies where our processing of your personal information is necessary for our legitimate interests. You can also object to our processing of your personal information for direct marketing purposes.
Right to erasure
Subject to certain conditions, you are entitled to have your personal information erased (also known as the “right to be forgotten”), e.g. where your personal information is no longer needed for the purposes it was collected for, or where the relevant processing is unlawful.
We may not be in a position to erase your personal information, if for example, we need it to (i) comply with a legal or statutory obligation, or (ii) exercise or defend legal claims.
Right to withdrawal of consent
Where our processing of your personal information is based on your consent you have the right to withdraw your consent at any time.
If you withdraw your consent, this will only take effect for future processing.
Where our processing of your personal information is based on your consent, you have the right to withdraw your consent at any time. If you do decide to withdraw your consent we will stop processing your personal information for that purpose, unless there is another lawful basis we can rely on – in which case, we will let you know. Your withdrawal of your consent won’t impact any of our processing up to that point.
Where our processing of your personal information is necessary for our legitimate interests, you can object to this processing at any time. If you do this, we will need to show either a compelling reason why our processing should continue, which overrides your interests, rights and freedoms or that the processing is necessary for us to establish, exercise or defend a legal claim.
If you wish to exercise any of your rights please contact email@example.com in the first instance.
10 Who can I contact about this Notice?
Questions, comments and the exercise of your rights regarding this Privacy Notice and your personal information are welcomed. You can contact us at the following:
- email address: firstname.lastname@example.org
- telephone number: 0800 772 0300
- address: 42 Harley Street, London W1G 9PR.
If you wish to make a complaint on how we have handled your personal information, you can contact us. If you are not satisfied with our response or believe we are processing your personal information in a way that is not in accordance with the law, you have the right to lodge a complaint with the supervisory authority in the UK responsible for the implementation and enforcement data protection law: the Information Commissioner’s Office (the “ICO”). You can contact the ICO via their website – https://ico.org.uk/concerns/ - or by calling their helpline – 0303 123 1113.
11 Changes to our Privacy Notice
We keep our Privacy Notice under regular review and we will always include the latest version of the Privacy Notice on this web page. We encourage you to check this notice on a regular basis.