This privacy notice is provided to inform about how and why your personal data is used so that we can be as transparent as possible, and to ensure that you are aware of your rights under data protection legislation.
We are Janmi, a trading style of Paulius Jurasius, of 225 White Foot Lane, Bromley, BR1 5SE. We are registered with the ICO under registration ZB263808. We can be contacted on 07446133337 or at firstname.lastname@example.org.
The purpose for processing your data and our basis for doing so
We process personal data so we can provide our services to our clients. This includes obtaining medical data so that we can properly identify the most appropriate treatment for you. We also process your personal data to maintain communication and to send information about ourselves and our services which we believe is relevant. We also process your data when we provide exercise plans as part of our contracted services to you.
When we process your personal data, we must establish our legal basis for doing so and that legal basis can be different depending on circumstances in which we process it. You will see references to the basis of processing e.g.,"(Article. 6.1.f)" and this is a reference to the article of the UK General Data Protection Regulation under which we undertake the processing in question.
We process the data you provide through our contact forms, or directly on email or telephone. This data is: your name, email address, telephone number and data of birth (we do not treat persons under the age of 18). We also use your personal data to make payments through our payment provider portal online and at our clinic premises. We do this under the legal basis of Article 6.1.b of the UK GDPR ‘Performance of a Contract’.
We collect and process medical data, such as existing conditions, medications, surgical procedures from you to ensure we provide the most appropriate treatment for you and avoid exacerbating existing conditions. Medical data is defined as special category data and as such requires additional conditions in relation to our use of it. We will collect your explicit consent (Article 9.2.1 UK GDPR) to use your medical data to inform our treatments. You can withdraw your consent at any time by contacting us but if you do, we may not be able to continue with your treatment.
As a client, we will process your name and email address, for the purpose of communication you for the duration of our commercial relationship.
If you fail to provide the information required, we will be unable to provide the agreed services to you.
Janmi may conduct direct marketing activities and send you email updates and information about our services. As an existing client we can send you these emails without further consent, as allowed by the Privacy and Electronic Communications Regulations 2003. You can withdraw your consent at any time and we will immediately stop marketing to you.
If you withdraw consent for marketing, we will retain the minimum amount of your data on our system to ensure your email is supressed from our marketing activity. Our legal basis for this is Article 6.1.c – we have a legal obligation not to continue to send you direct electronic marketing without a lawful basis.
Recipients of your data
As a general principle, we will not share your personal data to other recipients without your permission. There are some exceptions to this:
It is possible, that we might be obliged to disclose personal information in response to a court order or other lawful obligation. Our lawful basis for this is Article 6.1.c -legal obligation.
If you do not pay your bills, we may choose to engage a third party to recover any money you owe us. Our lawful basis Article 6.1.f (legitimate interest) as we have a legitimate interest to recover any money owed to us.
We use the services of an external accountant who may have limited access to your data. Our lawful basis for this is legitimate interest (Article 6.1.f UKGDPR) as we have a legitimate interest in the management of our accounts.
Data processed by third parties on our behalf and Cookies
We use the services of other organisations in the processing your data. We use email, video conference platforms, an outsource digital marketing provider and an exercise programme platform. Our website also processes limited personal data such as IP address and contract details through our contact form. Our web host service processes this information for us.
Those organisations that process personal data on our behalf are subject to a data processing contract as required by Article 28 of the UK GPDR. This ensures that your data is handled in accordance with the UK GPDR.
Transferring your data outside of the UK
We do transfer data outside of the UK as some of our cloud platforms are located overseas in Canada, Israel and the USA. We ensure that there are approved mechanisms to do so, such as adequacy decisions under Article 45 UK GDPR, standard contractual clauses under Article 46.2 UK GDPR or in exceptional circumstances, allowable derogations under Article 49 UK GDPR.
We will retain your data only for the time we require it for the purposes stated and / or where we have a legal obligation or other legitimate purpose. We will retain client data for seven years post termination of contract.
The UK GDPR requires us to implement technical and organisational measures to protect your data. We have developed policies and procedures to ensure we treat personal data lawfully and keep it secure. We train our staff on the requirements of the legislation and the need for data protection. Our IT systems have protection installed and our online platforms are accessed through user authentication, and we have access controls in place. We use Transport Layer Security (TLS, also known as SSL) to encrypt any data you supply to us through our website.
The UK GDPR provides you with several rights in relation to the data of your we process. The rights relevant to our activities are:
You have the right to get access to and copies of your personal data.
You can in certain circumstances, restrict our processing of your data and request us to erase it (although we may have to retain some for legal reasons).
You can ask us to rectify any inaccurate information we may be holding.
If you want to exercise any of these rights, contact us on the above email address.
You also have the right to lodge a complaint about our processing with a supervisory authority — the UK's Information Commissioner's Office.
Information Commissioner's Office
Telephone: 0303 123 1113