You have provided Wayne Halfpenny and his secretarial team at KMS Professionals with some personal data relating to you.
Under the European Union directive known as the General Data Protection Regulation (“GDPR”) which is due to be incorporated into UK law by the Data Protection Act 2018 we, as the data controller in respect of that personal data, are required to provide you with a set of specific information about how we will use, hold and retain this data as well as making you aware of various rights that you have under the related legislation. We have set this information out below in this note.
Should you have any queries about the manner in which we process your personal data please contact Wayne Halfpenny as follows:
Post: Wayne Halfpenny
The Wagon Lodge, Court Lodge Farm, Forge Lane,
Maidstone ME15 0HQ
The identity of the Data Controller: Wayne Halfpenny
The contact details of for the Data Controller: As above
Why we process your personal data:
We process your personal data for the following purposes:
- In order to meet our legal obligations;
- Where the processing we carry out is necessary for the performance of a contract we have with you or in order to take steps at your request prior to entering into a contract with you; including to enable us to enter into, administer and perform a contract with you.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; and
- Where you have given us your consent to the processing of your personal data for one or more specific purposes.
- We may use your personal data to provide you with marketing information, promotions and new events and offerings information. We will only use your personal data to provide you with marketing information, promotions and new events and offerings information where you have given us your specific consent to do so.
The legal basis on which we are processing your personal data:
Consent: means that you, the “data subject” have given us your consent to the processing of your personal data for one or more specific purposes.
Where we process your personal data on the basis of Consent you have the right to withdraw that consent at any time.
Necessity: means that the processing we carry out is necessary for the performance of a contract we have with you or in order to take steps at your request prior to entering into a contract with you.
Legal Compliance: means that the processing we carry out is necessary for compliance by us with a legal obligation placed on us.
Legitimate Interests: means that the processing of your personal data is necessary for the purposes of our legitimate interests or by a third party and those interests are considered to be sufficient to override your interests or fundamental rights and freedoms which require protection of your personal data.
What data may be collected?
Any of the following data may be collected:
- Name and title
- Contact information including an email address and telephone number
- IP address
- Web browser type and version
- Operating system
Is it a legal (statutory or contractual) requirement for you to provide us with your personal data?
Where we process your personal data on the basis of Necessity or Legal Compliance please be aware that if you object to our processing your personal data on this basis (and no other lawful basis for that processing applies) it is likely that we will not be able to provide you with (or continue providing you with) the goods or services that will or are providing to you.
Who we may pass your personal data to:
- Private hospitals to make/amend appointments/book surgery
- Medical colleagues as part of your treatment/ongoing care
- Members of our secretarial team as above
Do we pass your personal data outside of the European Union:
We do not pass your personal data outside of the European Union.
How long do we keep your personal data for:
We will keep your personal data for 7 years, thereafter it will be destroyed.
Your Data Protection Rights:
As a “data subject” under the DPA and GDPR you have a set of specific rights. We are required to make you aware of the existence of these rights. They are in outline:
- The right to request from us, as the Data Controller, access to your personal data;
- The right to request rectification of your personal data;
- The right to request erasure of your personal data;
- The right to request a restriction on the processing of your personal data
- The right to object to the processing of your personal data; and
- The right to data portability
Your right to withdraw consent where processing is based on consent.
Where any part of our processing of your personal data is based on your consent you may withdraw your consent to that processing at any time.
For example, if you no longer wish to receive email updates using the email address that you submitted to us, you can do this at anytime using the contact details above.
Your right to complain to the Information Commissioners Office.
You have the right to lodge a complaint about our compliance with the DPA with the applicable regulator for data protection.
This is the Information Commissioners Office. For more information you can visit their website at ico.org.uk
Use of automated decision making or profiling
We do not carry out automated decision making or profiling.