Introduction:
Dr. Frank's Weight Loss Clinic is committed to ensuring the protection of personal data and upholding the rights of our clients, staff, and stakeholders in line with the General Data Protection Regulation (GDPR). This document outlines our compliance strategy and commitment to data privacy.
Scope:
This statement applies to all business operations of Dr. Frank's Weight Loss Clinic and covers data processing activities that involve the personal data of EU residents, whether they are clients, staff, or other stakeholders.
Our Commitment:
- Lawful, Fair, and Transparent Processing: We ensure that personal data is processed legally, fairly, and transparently without adversely affecting the individual.
- Purpose Limitation: Personal data is collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.
- Data Minimisation: We only collect data that is adequate, relevant, and limited to what is necessary for the purposes for which they are processed.
- Accuracy: We take all reasonable steps to ensure personal data is accurate and up-to-date.
- Storage Limitation: Personal data is kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed.
- Integrity and Confidentiality: We ensure appropriate security measures are in place to protect against unauthorized or unlawful processing, accidental loss, destruction, or damage.
Rights of the Data Subject:
Under GDPR, data subjects have the following rights:
- Right to access: Individuals can request a copy of their personal data.
- Right to rectification: Individuals can correct any inaccuracies in their personal data.
- Right to erasure ('right to be forgotten'): Under certain circumstances, individuals can request their data be deleted.
- Right to restrict processing: Under specific situations, individuals can request a halt on data processing.
- Right to data portability: Individuals can request their data to be transferred to another service provider.
- Right to object: Individuals can object to the processing of their data in particular situations.
- Rights on automated decision-making and profiling: Individuals have rights in relation to automated decision-making processes.
Data Protection Officer (DPO):
We have appointed a Data Protection Officer (DPO) who oversees our GDPR compliance and ensures data protection principles are upheld. Any concerns or questions regarding data protection should be directed to our DPO at [DPO email address].
Breach Notification:
In the event of a data breach that risks the rights and freedoms of individuals, we will notify the concerned individuals and the relevant supervisory authority within 72 hours of becoming aware of the breach.
Conclusion:
Dr. Frank's Weight Loss Clinic remains committed to upholding the highest standards of data privacy and will continue to monitor and update our processes in line with the GDPR.
For more information or to exercise your data protection rights, please contact our Data Protection Officer.