Privacy Policy
CM London Medical understands that your privacy is important to you and that you care about how your personal data is used and shared online. We respect and value the privacy of everyone who visits this website www.cmlondonmedical.com and will only collect and use personal data in ways that are described here, and in a manner that is consistent with our obligations and your rights under the law.
This Privacy Policy (the “Policy”) does not apply to any third-party websites, services, products or mobile applications maintained by other companies, which are linked to from our Services.
Please read this Privacy Policy carefully and ensure that you understand it. By visiting Our Site, providing your information to us through the services offered or otherwise using our Services, you understand and acknowledge that CM London Medical may process your personal information in accordance with this Privacy Policy. If you do not want this Privacy Policy to apply to you, please discontinue using Our Site immediately and do no use the Services or communicate with us. If required by applicable law, we will obtain your consent to our collection, use, transfer and disclosure of your personal information.
In this Policy, the following terms shall mean:
“Account” means an account required to access and/or use certain areas and features of Our Site;
“Cookie” means a small text file placed on your computer or device by our site when you visit certain parts of our site and/or when you use certain features of Our Site.
“Personal data” means any and all data that identifies, relates to, describes, or is reasonably capable of being associated, or reasonably linked or linkable with a particular person. In this case, it means personal data that you give to us via Our Site or through use of the Services.
In this Policy, use of terms such as “personal information” and “personally identifiable information” shall be included in this definition of “personal data”.
Any capitalised terms that are not defined terms in this Policy shall be interpreted to adopt the meaning specified in the Terms & Conditions available here.
What does this policy cover?
This Privacy Policy applies only to your use of Our Site. Our site may contain links to other websites. Please note that we have no control over how your data is collected, stored, or used by other third-party websites and we advise you to check the privacy policies of any such websites before providing any data to them.
Data privacy rights:
As a data subject, you have the following rights under the GDPR, which this Policy and Our use of personal data have been designed to uphold:
Right of access. If you ask, we will confirm whether we are processing personal data and if necessary, provide you with a copy of that personal data;
Right to rectification. If any of the personal data we hold about you is inaccurate or incomplete, you are entitled to request to have it corrected. If you are entitled to have information corrected and if we have shared your personal information with others, we will let them know about the rectification where possible;
Right to erasure. You can ask us to delete any personal data we hold about you in some circumstances, such as where we no longer need it or, where applicable, if you withdraw your consent;
Right to restrict (i.e., prevent) processing. You can ask us to restrict the processing of your personal data in certain circumstances, such as where you challenge the accuracy of that personal data or you objected to our use or stated legal basis;
Right to data portability. You have the right to, in certain circumstances, obtain a copy of your personal data in a structured, commonly used and machine-readable format, and to re-use it elsewhere or to ask us to transfer this to a third party of your choice;
Right to object. Your right to opt out or object to certain processing. You may have the right to opt out of the sale of your personal information to third parties, if applicable, or object to some processing of your data, where such requests are permitted by law.
Rights with respect to automated decision making and profiling. You have the right not to be subject to a decision when it is based on automatic processing if it produces a legal effect or similarly significantly affects you, unless it is necessary for entering into or performing a contract between us. CM London Medical does not engage in automated decision-making.
Right to withdraw consent. If your personal data is being processed on the basis of consent, you have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before it is withdrawn.
Right to lodge a complaint. If you have any cause for complaint about our use of your personal data, please contact us using the details contained in the “Contact Us” section below, and we will do our best to solve the problem for you. Please note that we will need to verify your identity before we can comply with any requests pertaining to the assertion of your data privacy rights. If we are unable to help, you also have the right to lodge a complaint with the UK’s supervisory authority, the Information Commissioner’s Office.
For further information about your rights, please contact the Information Commissioner’s Office or your local Citizens Advice Bureau.
What data do we collect and how do we collect it?
Depending upon your use of Our Site or use of our Services, we may collect some or all of the following personal [and non-personal] data:
Information you provide to us directly, including the following:
Type of personal information | Description | How we collect it |
Personal details | Contact information including your name, date of birth, email address, residential address(s), telephone number(s). | When you provide it to Us, for example when you visit Our clinics, request an online consultation, contact the clinic, book an appointment, subscribe to our mailing list, contact us via social media. |
Information about your treatment(s) and images taken | Before and after photos, Our notes and advice, cost of treatment(s), your emails to us, and your comments and reviews | When you provide it to Us, for example when you fill out a patient information form at one of Our clinics or submit an online consultation or when you attend a consultation at one of Our clinics or when you provide a review in Our comments book or on social media. That we record when you attend a consultation (in person or online). |
Information about your lifestyle | Occupation, stress levels, cigarette use, chemical exposure, alcohol intake and dietary habits, | When you provide it to Us, for example when you fill out a patient information form at Our clinic(s) or have a consultation at one of Our clinics or submit an online consultation. |
Information about your health | Information about your medical history, current medical conditions, current treatments, allergies, pregnancy/breastfeeding, other symptoms, medications, procedures and where relevant, Covid-19 screening. | When you provide it to Us, for example when you fill out a patient information form at our clinic(s) or have a consultation at one of our clinics or submit an online consultation. |
Financial information | Medical insurance details, details of a referrer, your credit or debit card details or other payment details | When you provide it to us, for example when you pay for Our services in Our clinic or online. |
Emergency Contact Details | Your GP details, emergency contact details including next of kin |
Information we collect when you visit us including:
Technical information | Your IP address, device type, unique device identification numbers, (such as when you use our Services, read our emails, through social media channels), browser-type, broad geographic location (e.g., country or city-level location) and other technical information. Information about how your device has interacted with our website, including the pages accessed and links clicked. Collecting this information enables us to better understand the visitors who come to Our website, where they come from, and what content on our website is of interest to them. We use this information for our internal analytics purposes and to improve the quality and relevance of Our website to Our visitors | We collect this information automatically or indirectly collected when you visit Our website. We (and out third-party providers) may record log files and collect this information using cookies, pixel tags, local shared objects, java script and similar tracking technology, as explained further under the heading “Our use of cookies’’. |
CCTV images | CCTV recordings | We collect this information automatically when you visit our clinics. |
Special categories of Personal data
Certain types of personal information are treated as special under the governing privacy laws. The following types of special category data is collected and use only to the extent permitted by the governing law:
- Data revealing racial or ethnic origin
• Health data
How do we use your data?
All personal data is processed and stored securely, for no longer than is necessary in light of the reason(s) for which it was first collected. We will comply with our obligations and safeguard your rights under the GDPR and similar applicable laws that may apply to you.
Our use of your personal data will always have a lawful basis, either because it is necessary for our performance of a contract with you, because you have consented to our use of your personal data (e.g., by subscribing to emails), or because it is in our legitimate interests. Specifically, we may use your personal data for the following purposes:
Legal basis for processing | Purposes of processing |
Contract | • Providing you with treatment or Our Services • Providing you with updates to Our treatments/services • Referrals made by you |
Health care | • Providing most appropriate and safe treatment(s) to you |
Legitimate interests | • Security of our clients and premises (e.g., CCTV images) |
Legal obligation | • Complying with applicable governing laws, such as in relation to prescriptions that we provide to you |
Vital interests | • Protecting your vital interests in times of emergency |
Consent | • If you have provided us with a review and your explicit consent to use your pictures, we may use your before/after pictures to market our services |
We do not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected.
We retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax or accounting requirements).
When we have no ongoing legitimate business need to process your personal information, we will retain your data on our records for up to 7 years (as a statutory requirement as per Department of Health guidelines) even after the contractual agreement has ended. After this period, data stored on our servers will either be deleted or anonymised (for example, because your personal information has been stored in backup archives), and securely store your personal information and isolate it from any further processing until deletion is possible.
How and where do we store your data?
We use appropriate technical and organisational measures to protect the personal information that we collect and process about you. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal data.
Some or all of your data may be stored outside of the European Economic Area (“the EEA”) (The EEA consists of all EU member states, plus Norway, Iceland, and Liechtenstein). You are deemed to accept and agree to this by using our site and submitting information to us. If we do store data outside the EEA, we will take all reasonable steps to ensure that your data is treated as safely and securely as it would be within the UK and under the GDPR.
Data security is very important to us, and to protect your data we have taken suitable measures to safeguard and secure data collected through our site.
Do we share your data?
In certain circumstances, we may be legally required to share certain data held by us, which may include your personal data to the following categories of recipients:
to your healthcare providers, for example if you ask us share information with your GP or surgeon;
to any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person;
to our third party services providers and partners who provide data processing services to us (for example, to support the delivery of, provide functionality on, or help to enhance the security of our Site), or who otherwise process personal information for purposes that are described in this Policy or notified to you when we collect your personal information;• to an actual or potential buyer(and its agents and advisers) in connection with any actual or proposed purchase, merger or acquisition of any part of our business, provided that we inform the buyer it must use your personal information only for the purposes disclosed in this Policy; and• to any other person with your consent to the disclosure.
Your personal information may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different to the laws of your country (and, in some cases, may not be as protective).
We may sometimes contract with third parties to supply products and services to you on our behalf. These may include payment processing, prescription services, delivery of goods, search engine facilities, advertising, and marketing. In some cases, the third parties may require access to some or all of your data. Where any of your data is required for such a purpose, we will take all reasonable steps to ensure that your data will be handled safely, securely, and in accordance with your rights, our obligations, and the obligations of the third party under the law.
We may compile statistics about the use of our site including data on traffic, usage patterns, user numbers, sales, and other information. All such data will be anonymised and will not include any personally identifying data, or any anonymised data that can be combined with other data and used to identify you. We may from time to time share such data with third parties such as prospective investors, affiliates, partners, and advertisers. Data will only be shared and used within the bounds of the law.
When you pay via our portal, your transactions will be completed by one of our partners, such as Stripe or WorldPay.
CM LONDON MEDICAL will limit the use of your Personal Data by our partners, vendors and suppliers according to this Privacy Policy, contractual restrictions, and applicable law. When using a payment method through the third-party mechanism offered via the portal, the information you choose to share with that third-party will be treated in accordance to that third-party’s privacy policy.
However, we will endeavour to take appropriate safeguards to require that your personal information will remain protected in accordance with this Policy.
What happens if our business changes in ownership?
We may, from time to time, expand or reduce our business and this may involve the sale and/or the transfer of control of all or part of our business. Any personal data that you have provided will, where it is relevant to any part of Our business that is being transferred, be transferred along with that part and the new owner or newly controlling party will, under the terms of this Privacy Policy, be permitted to use that data only for the same purposes for which it was originally collected by us.
In the event that any of your data is to be transferred in such a manner, you will not be contacted in advance and informed of the changes.
How can you control your data?
In addition to your rights under the relevant laws and you submit personal data via our site, you may be given options to restrict our use of your data. In particular, we aim to give you strong controls on our use of your data for direct marketing purposes (including the ability to opt-out of receiving emails from us which you may do by unsubscribing using the links provided in our emails and at the point of providing your details
Your right to withhold information
You may access certain areas of our site without providing any data at all. However, to use all features and functions available on our site you may be required to submit or allow for the collection of certain data, such as submitting an online enquiry.
You may restrict our use of Cookies.
How can you access your data?
You have the right to ask for a copy of any of your personal data held by us (where such data is held). Under the GDPR, no fee is payable and we will provide any and all information in response to your request free of charge. Please contact us for more details at cmmedicalacademy@gmail.com.
Our use of cookies
Our site may place and access certain first party cookies on your computer or device. First party cookies are those placed directly by us and are used only by us. We use cookies to facilitate and improve your experience of our site and to provide and improve our (products) and/or (services). We have carefully chosen these cookies and have taken steps to ensure that your privacy and personal data is protected and respected at all times.
By using Our Site, you may also receive certain third-party cookies on your computer or device. Third party cookies are those placed by websites, services, and/or parties other than us. Third party cookies are used on our site for Google analytics. These cookies are not integral to the functioning of our site and your use and experience of our site will not be impaired by refusing consent to them.
All Cookies used by and on our site are used in accordance with the governing law and regulation as relevant.
Before any non-essential cookies are placed on your computer or device, you will be shown a pop-up message requesting your optional consent to set those cookies. You may, if you wish, deny consent to the placing of cookies, and must not continue to use our site.
Our site uses analytics services provided by Google. Website analytics refers to a set of tools used to collect and analyse anonymous usage information, enabling us to better understand how our site is used. This, in turn, enables us to improve Our Site and the Services offered through it. You do not have to allow Us to use these cookies, however whilst our use of them does not pose any risk to your privacy or your safe use of our site, it does enable us to continually improve our site, making it a better and more useful experience for you.
The analytics service(s) used by our site use(s) cookies to gather the required information.
In addition to the controls that we provide, you can choose to enable or disable cookies in your internet browser. Most internet browsers also enable you to choose whether you wish to disable all cookies or only third-party cookies. By default, most internet browsers accept cookies but this can be changed. For further details, please consult the help menu in your internet browser or the documentation that came with your device.
The links below provide instructions on how to control cookies in all mainstream browsers:
Google Chrome: https://support.google.com/chrome/answer/95647?hl=en-GB
Microsoft Internet Explorer: https://support.microsoft.com/en-us/kb/278835
Microsoft Edge: https://support.microsoft.com/en-gb/products/microsoft-edge (Please note that there are no specific instructions at this time, but Microsoft support will be able to assist)
Safari (macOS): https://support.apple.com/kb/PH21411?viewlocale=en_GB&locale=en_GB
Safari (iOS): https://support.apple.com/en-gb/HT201265
Mozilla Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-Cookies-website-preferences
Android: https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DAndroid&hl=en (Please refer to your device’s documentation for manufacturers’ own browsers)
For further details, please consult the help menu in your internet browser or the documentation that came with your device.
You can choose to delete Cookies on your computer or device at any time, however you may lose any information that enables you to access our site more quickly and efficiently including, but not limited to, login and personalisation settings.
It is recommended that you keep your internet browser and operating system up-to-date and that you consult the help and guidance provided by the developer of your internet browser and manufacturer of your computer or device if you are unsure about adjusting your privacy settings.]
Contacting us
Our site is owned and operated by CM London Medical; a limited company registered in England
Our Data Protection Officer is Mohammed M Rahman, and can be contacted by email at cmmedicalacademy@gmail.com.
If you have any questions about our site or this Privacy Policy, please contact us by email at cmmedicalacademy@gmail.com. Please ensure that your query is clear, particularly if it is a request for information about the Personal Data, we hold about you.
Changes to our privacy policy
We may change this Privacy Policy from time to time (for example, if the law changes). Any changes will be immediately posted on our site and you will be deemed to have accepted the terms of the Privacy Policy on your first use of our site following the alterations. We recommend that you check this page regularly to keep up-to-date.
Communication from us to you
If we have your contact details, we may from time to time send you important notices by email. Such notices may relate to matters including, but not limited to, service changes and changes to these Terms and Conditions.
We will never send you marketing emails of any kind without your express consent. If you do give such consent, you may opt out at any time. Any and all marketing emails sent by us include an unsubscribe link. For questions or complaints about communications from us (including, but not limited to marketing emails), please contact us at cmmedicalacademy@gmail.com.