GDPR Privacy Policy

Effective Date: 03.08.2025

1. Introduction

This privacy policy sets out how Ear Refresh Clinic (the "Company", "we", "us") collects, uses, and protects any personal information that you provide to us when you use our ear wax removal services. We are committed to ensuring that your privacy is protected and that we comply with the General Data Protection Regulation (GDPR).

2. Who We Are

Company Name: Ear Refresh Clinic
Address: available upon request via email (admin@ear-refresh-clinic.co.uk)
Phone: 01329 273 973
For the purposes of the GDPR, Ear Refresh Clinic is the data controller. This means we determine the purposes and means of processing your personal data.

3. The Data We Collect

We may collect the following types of personal data from you, which are necessary for us to provide our services and meet our legal obligations:

Standard Personal Data:

Identity Data: Your full name, date of birth.
Contact Data: Your postal address, email address, and telephone number.
Financial Data: Payment information such as credit/debit card details, though this is typically processed securely by a third-party payment provider and not stored by us.
Appointment Data: Records of your scheduled appointments.

Special Category Data (Health Data):

Medical History: Details of your relevant medical history.
Ear Health Information: Specific information about your ear condition, symptoms, and previous treatments.
Treatment Records: Detailed notes and records from your appointments, including pre-treatment checks, treatment administered, and post-treatment advice.
The collection and processing of this special category health data are essential for us to provide safe and effective treatment.

4. How We Collect Your Data

We collect data from you in the following ways:

Direct Interactions: When you book an appointment with us via phone, email, or online.
Forms: When you complete a medical history or consent form, either online or in person.
During Consultation: When you provide information to our practitioners during your appointment.
Communication: When you contact us with questions or feedback.

5. How We Use Your Data

We use your personal data for the following purposes:

Service Provision: To provide the ear wax removal service and to ensure the treatment is safe and appropriate for your needs.
Appointment Management: To schedule, confirm, and remind you of your appointments.
Clinical Record Keeping: To maintain accurate and detailed clinical records in compliance with professional and legal standards.
Billing and Payments: To process payments for services rendered.
Communication: To contact you about your appointments or any follow-up care.
Legal Compliance: To meet our legal obligations as a healthcare provider, including record-keeping requirements.

6. The Legal Basis for Processing Your Data

Under GDPR, we must have a legal basis to process your data. For the purposes outlined above, we rely on the following:

Contractual Necessity: Processing your data to provide our services and fulfil our obligations under a contract with you (e.g., booking an appointment).
Legitimate Interests: Processing data for the purposes of managing and operating our business effectively, provided your rights and freedoms are not overridden (e.g., securing our systems, communicating service updates).
Legal Obligation: Processing your data to comply with legal requirements, such as maintaining clinical records for a specified period.
Explicit Consent: For processing your special category health data, we will obtain your explicit consent on your medical and consent forms. This consent is essential for us to legally and ethically provide you with treatment.

7. Data Retention

We will retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

Health Records: Clinical records are typically retained for a minimum of 8 years after your last appointment, or longer if required by law or professional guidelines.
Appointment & Contact Data: This data is typically held for as long as you are a client and for a reasonable period thereafter for administrative purposes.

8. Data Security

We have implemented appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. Access to your personal data is limited to employees, agents, contractors, and other third parties who have a business need to know.

9. Your Data Protection Rights

Under the GDPR, you have the following rights:

The Right to Access: You have the right to request a copy of the personal data we hold about you.
The Right to Rectification: You have the right to request that we correct any information you believe is inaccurate or incomplete.
The Right to Erasure: You have the right to request that we erase your personal data, under certain conditions.
The Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
The Right to Object to Processing: You have the right to object to our processing of your personal data, under certain conditions.
The Right to Data Portability: You have the right to request that we transfer the data that we have collected to another organisation, or directly to you, under certain conditions.
The Right to Withdraw Consent: Where we have relied on your consent to process your special category health data, you have the right to withdraw that consent at any time.

10. Disclosure of Your Data

We will not share your personal data with any third party without your explicit consent, except where required by law.

11. How to Contact Us

If you have any questions about this privacy policy or how we handle your data, please contact us at:

Data Protection Contact: Ear Refresh Clinic
Email: admin@ear-refresh-clinic.co.uk
Phone: 01329 273 973

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues.