LEGALS

Privacy Policy

At Align Weight Loss, we are committed to protecting the privacy and confidentiality of our customers’ personal information. This Privacy Policy outlines how we collect, use, disclose, and protect personal information in compliance with applicable data protection laws. Please read it carefully. If you have any questions or concerns about this policy please contact us at info@alignweightloss.co.uk

About us

The Align Weight Loss website is owned and operated by Align Medical LTD, a company incorporated in England and Wales with company number 15573976 and registered at 37 Histon Road, Cambridge, CB4 3JB.

For the purpose of the Data Protection Act 2018, we are the controller of your personal data. Our nominated representative for the purpose of the Act is Dr Flora Bailey. Dr Flora Bailey also acts as the Caldicott Guardian.

Your data will be processed in accordance with the relevant legislation and our procedures are General Data Protection Regulation (GDPR) compliant.

Data collection

We will collect personal information from customers when they register for our services, make a purchase, or interact with our website.

The types of personal information we collect may include the following:

  • Personal data – such as name, date of birth, address, contact information and ID data such as a passport photo.
  • Health data – such as medical history provided by you during a consultation process and your GP’s details.
  • Technical data – such as your IP address, browser type, operating system and other technical information about the devices you access our website from.
  • Usage data – which relates to how you use our website such as pages visited, clickstream to and through, response times and page interaction data.
  • Marketing preference data

Align Weight Loss is a service for adults over the age of 18 years. We do not knowingly collect the data of children.

In order to use Align Weight Loss services there is data that you may provide to us voluntarily e.g. health, personal and marketing preference data. Health information collected is used for medical evaluation and treatment purposes only, in accordance with applicable laws and regulations. All data you supply to us must be accurate and up to date and it is your responsibility to ensure that it is so. Your health data is private and we will ensure its security in line with the relevant legislation. Access to your data is restricted. Only authorised and suitably trained persons will be allowed to view your data. We will never share your health or personal data with a third party without your express consent.

Some data will be collected automatically e.g. technical and usage data for the purposes of analysis of website usage and better client engagement. Clients may choose to disable cookies in their web browser settings, although this may affect the functionality of our website.

By continuing to interact with our website and by engaging the services of Align Weight Loss you consent to use of your data in accordance with this Policy.

The legal basis for processing your data

Your data is processed in accordance with the relevant UK legislation and guidance pertaining to data protection. We will only use your data where we have a lawful purpose for doing so. GDPR outlines several lawful bases for processing personal data. These lawful bases are as follows:

  1. Consent – The individual has given clear consent for the processing of their personal data for a specific purpose. By completing data entry where you are asked for it, you consent for Align to use your data in accordance with this Policy.
    By interacting with our website you consent to automatic collection of your technical and usage data.
  2. Contractual Necessity – The processing is necessary for the performance of a contract to which the individual is a party, or to take steps at the request of the individual prior to entering into a contract. At Align we will enter into a contract with you whereby you are required to voluntarily provide your data in order that we can fulfil that contract.
  3. Legal Obligation – The processing is necessary for compliance with a legal obligation to which the data controller is subject. From time to time we may be required to share your data under a legal obligation to do so e.g. in order to co-operate with anti-money laundering legislation or other lawful purpose.
  4. Legitimate Interests – The processing is necessary for the legitimate interests pursued by the data controller or a third party, except where such interests are overridden by the interests, rights, or freedoms of the individual. At Align legitimate interests means our legitimate business interests to allow the normal running of our company, which may include but is not limited to: to improve our website and our services, to address comments, concerns or complaints you may raise with us, or for audit purposes.

Data sharing

We will share your health data and personal data only in accordance with the relevant legislation. In order to provide medical weight loss services we will share your data with our suitably trained and authorised clinical team and only where this is strictly necessary e.g. we will share your prescription which includes your personal and medication data, with our partner pharmacy team in order that they can dispense your medication. What data and with whom we share it will be guided by the Caldicott principles:

Principle 1: Justify the purpose(s) for using confidential information

Every proposed use or transfer of confidential information should be clearly defined, scrutinised and documented, with continuing uses regularly reviewed by an appropriate guardian.

Principle 2: Use confidential information only when it is necessary

Confidential information should not be included unless it is necessary for the specified purpose(s) for which the information is used or accessed. The need to identify individuals should be considered at each stage of satisfying the purpose(s) and alternatives used where possible.

Principle 3: Use the minimum necessary confidential information

Where use of confidential information is considered to be necessary, each item of information must be justified so that only the minimum amount of confidential information is included as necessary for a given function.

Principle 4: Access to confidential information should be on a strict need-to-know basis

Only those who need access to confidential information should have access to it, and then only to the items that they need to see. This may mean introducing access controls or splitting information flows where one flow is used for several purposes.

Principle 5: Everyone with access to confidential information should be aware of their responsibilities

Action should be taken to ensure that all those handling confidential information understand their responsibilities and obligations to respect the confidentiality of patient and service users.

Principle 6: Comply with the law

Every use of confidential information must be lawful. All those handling confidential information are responsible for ensuring that their use of and access to that information complies with legal requirements set out in statute and under the common law.

Principle 7: The duty to share information for individual care is as important as the duty to protect patient confidentiality

Health and social care professionals should have the confidence to share confidential information in the best interests of patients and service users within the framework set out by these principles. They should be supported by the policies of their employers, regulators and professional bodies.

Principle 8: Inform patients and service users about how their confidential information is used

A range of steps should be taken to ensure no surprises for patients and service users, so they can have clear expectations about how and why their confidential information is used, and what choices they have about this. These steps will vary depending on the use: as a minimum, this should include providing accessible, relevant and appropriate information – in some cases, greater engagement will be required.

(https://assets.publishing.service.gov.uk/media/5fcf9b92d3bf7f5d0bb8bb13/Eight_Caldicott_Principles_08.12.20.pdf)

With your consent, we will share your health data with your GP.

For our legitimate interests, we may share your data with our service providers, sub-contractors or other agents that we may appoint to perform services on our behalf and in accordance with our instructions. This may include but is not limited to: IT service providers, group companies, accountants and solicitors. We will only share the minimum necessary data needed for them to complete their task and we will use anonymised data where at all possible. If we cease using their services we will request that all data they hold from us is deleted or used in an anonymised form.

We do not sell or rent personal information to third parties for marketing purposes.

Data retention

We retain personal information for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Subject to the provisions of this Policy, we will retain data in accordance with applicable laws. We are required by law to keep your electronic medical record for a minimum of 10 years.

Customers may request the deletion of their personal information, subject to legal and contractual obligations.

Information security

We take your data security seriously and have appropriate security measures in place, both technical and physical, in order to protect against data breaches or destruction of data.

All information you provide to us is stored on secure servers. Any payment transactions will be encrypted using SSL technology.

It is your responsibility to keep your account log in details secure. Please inform us immediately if you suspect your account has been breached.

Your rights

UK citizens the the following rights with regards to their data in line with GDPR, which was incorporated into UK law through the Data Protection Act 2018:

  1. Right to be Informed: Individuals have the right to be informed about the collection and use of their personal data. This information should be provided in a clear and transparent manner.
  2. Right of Access: Individuals have the right to request access to their personal data and information about how it is being used by an organisation.
  3. Right to Rectification: Individuals have the right to request the correction of inaccurate or incomplete personal data.
  4. Right to Erasure (Right to be Forgotten): Individuals have the right to request the deletion or removal of personal data when there is no compelling reason for its continued processing.
  5. Right to Restrict Processing: Individuals can request the restriction or suppression of their personal data. This means that an organisation can store the data but not use it.
  6. Right to Data Portability: Individuals have the right to obtain and reuse their personal data for their own purposes across different services.
  7. Right to Object: Individuals have the right to object to the processing of their personal data in certain circumstances, such as for direct marketing purposes.
  8. Rights in Relation to Automated Decision Making and Profiling: Individuals have the right not to be subject to decisions based solely on automated processing, including profiling, which have legal or similarly significant effects on them.
  9. Right to Complain: Individuals have the right to lodge a complaint with a supervisory authority if they believe their data protection rights have been infringed.

You can contact us about your rights. We may charge a fee to process your request if your request is likely to cause excessive workload for the company.

If you would like to comment or have any complaints about this policy please contact us at info@alignweightloss.co.uk. If yuo are making a complaint we will handle it in accordance with our complaints policy. You have the right to contact the Information Commissioner (see www.ico.org.uk) if you feel you would like to take the matter further.

General

Our website may contain links to third party websites, plug-ins and applications. We are not responsible for the content of such third party content, or their privacy statement/s. Please make sure that you read, understand and agree with any privacy statement of a third party before you provide your data to them. If any provision of this Policy is held by a court of competent jurisdiction to be invalid or unenforceable, then such provision shall be construed, as nearly as possible, to reflect the intentions of the parties and all other provisions shall remain in full force and effect.

This Policy shall be governed by and construed in accordance with English law and you agree to submit to the exclusive jurisdiction of the English Courts.

Updates to our Privacy Policy

We will review our Privacy Policy regularly to ensure it is up to date fit and for purpose. We reserve the right to update this Privacy Policy to reflect changes in our data processing practices or legal requirements. Any updates will be posted on our website and are in effect from the time they are published on the website.