COVID–19 Data Protection Statement
During these unprecedented times, Schoen Clinic UK’s main priority is the health and safety of our patients, colleagues and the wider community as well as supporting the NHS in responding to the COVID-19 pandemic. We are supporting the NHS in responding to the COVID-19 pandemic and this will remain our focus for the foreseeable future.
As a result of these unique circumstances, Schoen Clinic UK may need to share personal data with the NHS and other regulatory and government bodies for the purpose of supporting the response to the COVID-19 pandemic. Schoen Clinic UK is working in collaboration with our local NHS trusts to ensure we can provide the right help, exactly where and when it is needed and this may involve personal data being shared with us by the local Trusts. This will be done in accordance with data protection laws and will include any amendments to legislation made by the Secretary of State. We will also consider any guidance provided by the Information Commissioner’s Office.
When the NHS and its healthcare professionals provide your healthcare services at a Schoen Clinic hospital, the privacy notice of the relevant NHS Trust may also apply.
If you are a patient at Schoen Clinic UK during the Pandemic, the healthcare services you receive at the hospital may be provided by Schoen Clinic UK or the NHS or, in some cases, a mix of both. As part of this we may need to share your personal data with the NHS and other regulatory and government bodies.
Schoen Clinic UK’s Privacy Notice explains what personal data we collect and hold, how we use your personal data and how we protect it.
Last updated: 15 June 2020
The UK and countries around the world are responding to the far-reaching challenges posed by coronavirus (COVID-19). The situation is evolving rapidly and the health, wellbeing and safety of our patients, their families and our people remains our priority.
During this difficult period we know you may have a number of questions about COVID-19 and how our services and products can support you during this difficult time.
Section 1 Information on the collection of personal data
(1) This document is intended to provide information about the collection of personal data when our website is used. Personal data includes all data related to you personally, such as your name, address, email addresses or user behaviour.
(2) The responsible person under article 4 paragraph 7 of the EU General Data Protection Regulation (GDPR) is Schoen Clinic UK. You can reach our Data Protection Officer at SCHOENUKDPO@schoen-clinic.co.uk or at our London postal address with the words “to the Data Protection Officer ”.
(3) If you contact us by email or using a contact form, the data shared by you (your email address and your name and telephone number if provided) will be stored by us so that we can answer your query. We either delete the data we collect as part of this process once we no longer need to store it or limit data processing if there are statutory retention requirements.
(4) If we employ third-party service providers for individual functions relating to our products or services, or we would like to use your data for commercial purposes, we will inform you as described below about the relevant procedures in detail by email. When we do this, we will also inform you of the specified criteria relating to the duration of storage.
Section 2 Your rights
(1) You have the following rights regarding personal data that relates to you:
- the right of access to the data,
- the right to have data corrected or deleted,
- the right to limit data processing,
- the right to object to data processing,
- the right of data portability.
(2) You also have the right to make a complaint to a data protection authority regarding the processing of your personal data by us.
Section 3 Collection of personal data when you use our website
(1) If you use our website purely for informational purposes, i.e. when you do not register with us or transfer us information in any other way, we only collect the personal data that your browser sends to our server. When you view our website, we collect the following data, which we require for technical purposes to display our website correctly and to ensure stability and security (the legal basis for this is article 6 paragraph 1 page 1 of GDPR):
- IP address
- date and time of request
- time zone difference from Greenwich Mean Time (GMT)
- content of request (specific page)
- access status/HTTP status code
- amount of data transferred
- website from which the request originates
- operating system and associated desktop environment
- language and version of browser software.
(2) In addition to the data listed above, cookies will be stored on your computer when you use our website. Cookies are small text files that are arranged and stored on your hard drive by the browser you use and that can be used by the website that sets the cookie (in this case, us) to collect certain information. Cookies cannot execute programmes or transfer viruses to your computer. They serve to make the internet as a whole more user-friendly and efficient.
a) This website uses the following types of cookies (the scope and functioning of these is explained below):
- transient cookies (see b)
- persistent cookies (see c).
b) Transient cookies are deleted automatically when you close your browser. This includes session cookies in particular. These store a ‘session ID’ that can be used to match the various queries submitted by your browser in one session. This means your browser can be recognised if you return to our website later. Session cookies are deleted when you log out or close your browser.
c) Persistent cookies are deleted automatically after a specified time, which can differ depending on the cookie itself. You can delete cookies in your browser’s security settings at any time.
d) You can configure your browser setup the way you want; for example, you may wish to reject third party cookies or all cookies. Be advised that you may not be able to use all the features of this website if you do this.
e) Flash cookies that are used are not saved by your browser; instead, they are saved by your Flash plug-in. We also use HTML5 storage objects, which are saved on your device. These objects store the required data regardless of the browser you use and do not have an automatic expiry date. If you do not wish to allow processing of Flash cookies, you must install the appropriate add-on, e.g. “Better Privacy” for Mozilla Firefox https://addons.mozilla.org/de/firefox/addon/betterprivacy/ or Adobe Flash Cookie Killer for Google Chrome. You can prevent the use of HTML5 storage objects by setting your browser to private mode. We also recommend regularly deleting your cookies and browser history manually.
Section 4 Other functions and features of our website
(1) In addition to a purely informational use of our website, we offer various services for you to take advantage of if you are interested. To do this, you must usually submit personal data, which we will use to render the selected service and to which the data processing principles described above apply.
(2) We sometimes use external service providers to process your data. We select and commission these service providers carefully; they are bound by our instructions and are monitored regularly.
(3) Furthermore, we may pass on your personal data to third parties with whom we offer participation in sales, competitions, contracts or similar services. You will be provided with more information on this when you submit your personal data or below in the description of our products and services.
(4) Where our service providers or partners have headquarters in a country outside the European Economic Area (EEA), we will inform you of the consequences of this in the description of the service.
Section 5 Revocation or withdrawal from data processing
(1) If you have granted consent to the processing of your data, you can withdraw this at any time. This withdrawal relates to permission to process your personal data after you have given us this permission.
(2) Where we base the processing of your personal data on the balance of interests, you can submit an objection to data processing. This is the case in particular if the processing is not required to fulfil a contract with you; this is explained below in the description of the functions. When submitting your objection, we ask for your reasons for requesting that we do not continue to process your personal data. If the objection is justified, we will check the circumstances and will either cease or adjust the processing of your data or present compelling reasons for continuing to process your data.
(3) You can, of course, revoke your consent to the processing of your data for the purpose of marketing and data analysis at any time. You can find more information about your right to withdraw from marketing using the following contact details:
Special products and services on the website
1. Use of social media plug-ins
(1) We currently use the following social media plug-ins: Facebook.
(2) We do not have any influence on the data collected or the data processing procedures nor are we aware of the full extent of the data collection, purposes of processing or storage periods by the plug-in provider. We also have no information regarding deletion of the data collected by the plug-in provider.
(3) The plug-in provider stores the data collected about you as a user profile and uses this for the purposes of marketing, market research and/or the needs-based design of their website. This analysis is performed (even for users who are not logged in) in particular for the purpose of displaying relevant advertisements and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles; to exercise this right, you must contact the relevant plug-in provider. We offer you the opportunity to interact with the social networks and other users via the plug-ins, so that we can improve our products and services and continue to develop them in a way that is interesting for you as a user. The legal basis for the use of the plug-ins is article 6 paragraph 1 page 1 of GDPR.
(4) Data will be passed on regardless of whether you have an account with the plug-in provider and are logged in. If you are logged in with the plug-in provider, the data we have collected about you will be directly matched to your existing account with the plug-in provider. If you press the activated button and link to the site, for example, the plug-in provider will store this information in your user account as well and will share it publicly with your contacts. We recommend logging out of social networks regularly after using them, but especially before using the button, in order to avoid being matched to your profile by the plug-in provider in this way.
(5) You can find more information on the purpose and extent of data collection and its processing by the plug-in provider in the data protection declarations from these providers linked below. You can also find more information there on your rights relating to this and the settings available to you to protect your privacy.
(6) Address for the plug-in provider and URLs with data protection information:
Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php
Facebook has signed up to the EU-US Privacy Shield; https://www.privacyshield.gov/EU-US-Framework.
2. Incorporation of YouTube videos
(1) We have incorporated YouTube videos in our online services, which are stored on http://www.youtube.com and can be played directly on our website. These are all incorporated in “expanded data protection mode”, i.e. no data about you as a user is transferred to YouTube if you do not play the videos. The data listed in paragraph 2 is transferred only if you play the videos. We have no influence over this data transfer.
(2) When you visit the website, YouTube will be informed that you have requested the corresponding page on our website. In addition, the data listed under section 3 of this declaration will be transferred. This will occur regardless of whether YouTube has provided a user account and you have logged into it or if you do not have an account. If you are logged into Google, your data will be matched directly to your account. If you would not like your data to be matched to your profile with YouTube, you must log out before activating the button. YouTube stores your data as a user profile and uses this for the purposes of marketing, market research and/or the needs-based design of their website. This analysis is performed (even for users who are not logged in) in particular for the purpose of serving relevant advertisements and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles; to exercise this right, you must contact YouTube.
(3) You can find more information on the extent and purpose of data collection and its processing by YouTube in the data protection declaration. You can also find more information there on your rights relating to this and the settings available to you to protect your privacy:
https://www.google.de/intl/de/policies/privacy. Google processes your personal data in the USA as well and has signed up to the EU-US Privacy Shield; https://www.privacyshield.gov/EU-US-Framework.
3. Incorporation of Google Maps
(1) We use Google Maps on this website. This allows us to display interactive maps directly on the website and allows you to use the map function easily.
(2) When you visit the website, Google will be informed that you have requested the corresponding page on our website. In addition, the data listed under section 3 of this declaration will be transferred. This will occur regardless of whether Google has provided a user account and you have logged into it or if you do not have an account. If you are logged into Google, your data will be matched directly to your account. If you would not like your data to be matched to your profile with Google, you must log out before activating the button. Google stores your data as a user profile and uses this for the purposes of marketing, market research and/or the needs-based design of their website. This analysis is performed (even for users who are not logged in) in particular for the purpose of serving relevant advertisements and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles; to exercise this right, you must contact Google.
(3) You can find more information on the purpose and extent of data collection and its processing by the plug-in provider in the data protection declarations from the providers. You can also find more information there on your rights and the settings available to you to protect your privacy:
http://www.google.de/intl/de/policies/privacy. Google processes your personal data in the USA as well and has signed up to the EU-US Privacy Shield; https://www.privacyshield.gov/EU-US-Framework.
4. Online Marketing
4.1 Use of Google Adwords conversion
(1) We use the Google Adwords product to advertise our products and services on external websites using advertising media (‘Google Adwords’). We can determine in relation to the advertising campaign data how successful the specific advertising campaigns are. We are interested in using this to show you advertisements that are interesting to you, to design our website in a more interesting way for you and to achieve a fair calculation of advertising costs.
(2) The advertising media are delivered by Google via an ‘ad server’. For this purpose, we use ad server cookies, which can be used to monitor specific parameters for measuring success, such as the display of advertisements or clicks by the user. If you are brought to our website by a Google advertisement, Google Adwords will store a cookie on your PC. These cookies usually expire after 30 days and should not then be able to identify you personally. The Unique Cookie ID, number of Ad Impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (a marker that the user no longer wants to be contacted) are usually saved to this cookie as analysis values.
(3) These cookies allow Google to recognise your internet browser if you return. If a user visits specific pages on the website of an Adwords customer and the cookie on their computer has not yet expired, Google and the customer can determine that the user has clicked on the advertisement and been forwarded to this page. Each Adwords customer is assigned a different cookie. Cookies cannot be traced back via the websites of Adwords customers. We ourselves do not collect any personal data in the advertising media named above. We are provided only with statistical analysis by Google. We can use this analysis to determine which of the advertising media we use are particularly effective. We do not receive any more data on the use of the advertising media, and in particular we cannot identify users using this information.
(4) Because of the marketing tools used, your browser automatically makes a direct connection to Google's server. We have no influence on the extent and further use of the data collected by Google through the use of this tool and therefore advise you of our understanding of the process: the incorporation of Adwords conversion means that Google is informed that you have requested part of our website or have clicked on one of our advertisements. If you are registered with one of Google's services, Google can match the visit to your account. Even if you are not registered or logged in with a Google service, there is a possibility that the provider might find out and store your IP address.
(5) You can prevent involvement in this tracking process in various ways: a) using the appropriate setting in your browser software; rejecting third-party cookies in particular should mean that you do not receive any advertisements from third-party companies; b) deactivating the cookies for conversion tracking by setting your browser to block cookies from the domain “www.googleadservices.com”, https://www.google.de/settings/ads; this setting will be erased when you delete your cookies; c) by deactivating interest-based advertising from a provider who is part of the “About Ads” self-regulation campaign via the link http://www.aboutads.info/choices; this setting will be erased when you delete your cookies; d) by permanently deactivating it in your browsers, Firefox, Internet Explorer or Google Chrome at the link http://www.google.com/settings/ads/plugin. Please be advised that you may not be able to use all the functions of the products and services if you do this.
(6) The legal basis for the processing of your data is article 6 paragraph 1 page 1 of GDPR. You can find more information on data protection at Google here:
http://www.google.com/intl/de/policies/privacy and https://services.google.com/sitestats/de.html. Alternatively, you can visit the website of the Network Advertising Initiative (NAI) at http://www.networkadvertising.org. Google has signed up to the EU-US Privacy Shield; https://www.privacyshield.gov/EU-US-Framework.
In addition to Adwords conversion, we use the Google Remarketing application. This is a process we would like to use to address you. This application can be used to show you our advertisements on other websites after you have visited our website. This is done using cookies stored in your browser that are used by Google to determine and analyse your user behaviour when you visit various websites. Google can use this information to determine that you visited our website in the past. According to statements made by Google, they do not combine data collected as part of Remarketing with any personal data relating to you that has been stored by Google. In particular, according to Google, pseudonymisation is used for Remarketing.
4.3 Google Marketing Platform
Due to the marketing tools used, your browser automatically establishes a direct connection to the Google server. We have no influence on the extent and the further use of the data collected by Google through the use of this tool and therefore inform you according to our level of knowledge: By integrating Display & Video 360, Google receives the information that you have opened the corresponding part of our Website or clicked on our ads. If you are registered with a Google service, Google may associate your visit with your account. Even if you are not registered with Google or have not logged in, it is possible that the provider may obtain and store your IP address.
In addition, the DoubleClick Floodlight cookies help us understand whether you perform certain actions on our website after you have viewed or clicked on one of our display/video ads on Google or another platform (conversion tracking). Display & Video 360 uses this cookie to understand the content with which you have interacted on our websites in order to be able to send you targeted advertising later.
You can prevent this tracking in various ways:
- by setting your browser accordingly, in particular the blocking of third party cookies means that you will not receive any ads from third party providers;
- by disabling cookies for conversion tracking by setting your browser to block cookies from the "googleadservices.com" domain, https://www.google.de/settings/ads. However this setting will be deleted when you delete your cookies; Google uses different types of cookies. An overview can be found here: https://policies.google.com/technologies/types?hl=EN
- by deactivating the interest-based ads of the providers that are part of the "About Ads" self-regulation campaign via the link http://www.aboutads.info/choices, this setting being deleted if you delete your cookies;
- by permanent deactivation in your browsers Firefox, Internet Explorer or Google Chrome under the link http://www.google.com/settings/ads/plugin.
Please note that in this case you may not be able to use all functions of this website to the full extent. Further information on Display & Video 360 by Google is available at https://marketingplatform.google.com/about/display-video-360/ and https://support.google.com/displayvideo/answer/9059464?hl=en, and on data protection at Google in general: https://policies.google.com/privacy?hl=en&gl=en
5. Implemented Technologies
6. Patient portal
(1) The controller for the patient portal in accordance with Art. 4(7) of the EU General Data Protection Regulation (GDPR) is Schoen Clinic London (66 Wigmore Street, London W1U 2SB, lon-enquiries[a]schoen-clinic.co.uk). You can reach our data protection officer at SCHOENUKDPO@schoen-clinic.co.uk or at our postal address with the words “to the data protection officer”.
(2) If you would like to register with the portal, you must provide the personal data that Schoen Clinic London requires for the patient portal service in order for your registration to be activated. The data provided by you is processed for this service. The legal basis for this is Art. 6(1)(a) GDPR.
(3) We either delete the data we collect as part of this process once we no longer need to store it or limit data processing if there are statutory retention requirements.
Data Privacy Statement for applicants (recruitment)
The purpose behind PeopleHR (a HR software system) is to simplify the employer's recruitment process and to enable efficient assessments of and communication with the candidates in this regard. As part of making use of PeopleHR the employer receives personal data from the candidates, and processes such personal data as part of the assessment of the skills and abilities of the candidates and whether he/she is suited for the announced position.
The legal basis for processing personal data is the candidates consent to such processing as part of applying for the position, where the candidate chooses what kind of personal data he/she decides to share with the employer in this regard, for instance by using the upload functionality from Google or Dropbox. Please note that candidates are entitled to withdraw this consent at any time.
The employer is the data controller for the processing of personal data about candidates and all questions regarding privacy can be directed to the employer through the dedicated communication channels provided by PeopleHR. The personal data is processed for the purpose of providing, executing and developing the services.
PeopleHR has been independently audited, and meets the requirements for ISO 27001 registration. The scope covers how we manage information security in providing online Human Resource Management software and services to our customers. This means that the way we own, store, transfer, access, back up, monitor, test and review our security procedures, has been independently verified to an internationally recognised standard.
Personal data about candidates is processed in PeopleHR during the recruitment process and to the extent this is necessary to fulfil any legal requirements.
Candidates may at any time reach out to the employer in order to exercise the right to access, rectification or erasure of personal data, or to restrict the processing related to the candidate, or to object to the processing, as well as the right to data portability. In addition, candidates have a right to file a complaint to the data protection authorities with regards to the processing of their personal data.
For more information on how PeopleHR process your data please see the following link https://security.peoplehr.com/
Should you wish to have your data removed from our database please send an email to our HR team.