Privacy Policy (May 2018)

--

This document governs the privacy notice of our website drmarkeiwicz.co.uk. Our privacy notice tells you what personal data (PD) and non-personal data (NPD) we may collect from you, how we collect it, how we protect it, how we may share it, how you can access and change it, and how you can limit our sharing of it. Our privacy notice also explains certain legal rights that you have with respect to your personal data. Any capitalized terms not defined herein will have the same meaning as where they are defined elsewhere on our website.

Practically speaking, given this website is a simple web presence for Dr Markiewicz, the amount of personal data we process/possess is low. It is only through Squarespace's (the third party who hosts this website) cookies and our 'Get In Touch' form that they or we are exposed to any of a user's personal data. We have disabled the Squarespace 'Activity Log' so we don’t collect or see visitors’ IP addresses. Additionally we have disabled Squarespace Analytics cookies unless the user opts in via the cookie pop-up message when visiting the website. 

Please view Squarespace's Privacy and Cookie Policy for more information on how they, as a third party, collect/process personal data.

If you have any concerns about your personal data with regard to this website please get in touch here: Christiana@drmarkiewicz.co.uk (DPO)

Your Rights

When using our website and submitting personal data to us, you may have certain rights under the General Data Protection Regulation (GDPR) and other laws. Depending on the legal basis for processing your personal data, you may have some or all of the following rights:

The right to be informed
You have the right to be informed about the personal data we collect from you, and how we process it. 

The right of access
You have the right to get confirmation that your personal data is being processed and have the ability to access your personal data.

The right to rectification
You have the right to have your personal data corrected if it is inaccurate or incomplete.

The right to erasure (right to be forgotten)
You have the right to request the removal or deletion of your personal data if there is no compelling reason for us to continue processing it.

The right to restrict processing
You have a right to ‘block’ or restrict the processing of your personal data. When your personal data is restricted, we are permitted to store your data, but not to process it further.

The right to data portability
You have the right to request and get your personal data that you provided to us and use it for your own purposes. We will provide your data to you within 30 days of your request. To request your personal data, please contact us using the information at the top of this privacy notice.

The right to object
You have the right to object to us processing your personal data for the following reasons:

  1. Processing was based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
  2. Direct marketing (including profiling); and
  3. Processing for purposes of scientific/historical research and statistics.
  4. Rights in relation to automated decision-making and profiling.

Automated individual decision-making and profiling
You will have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

Filing a complaint with authorities
You have the right to file a complaint with supervisory authorities if your information has not been processed in compliance with the General Data Protection Regulation. If the supervisory authorities fail to address your complaint properly, you may have the right to a judicial remedy.

For details about your rights under the law, click here.

Definitions

‘Non-personal data’ (NPD) is information that is in no way personally identifiable. ‘Personal data’ (PD) means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. PD is in many ways the same as Personally Identifiable Information (PII). However, PD is broader in scope and covers more data.

Topics Covered in Our Privacy Notice

  1. Information We Collect
  2. Our Use of Cookies
  3. How Your Information Is Used
  4. Retaining and Destroying Your PD 
  5. Updating Your PD
  6. Revoking Your Consent for Using Your PD
  7. Do Not Track Settings
  8. Links to Other Websites
  9. Protecting Children’s Privacy
  10. Our Email Policy
  11. Our Security Policy
  12. Transferring PD from the European Union
  13. Changes to Our Privacy Policy
  14. Questions about Our Privacy Policy

1. Information We Collect

Our Legal Basis for Collecting and Processing Personal Data
Our legal basis for collecting and processing your PD when you use our contact form or agree to the use of cookies is based on consent.

What Happens If You Don’t Give Us Your PD:
You can access and use most of our website without giving us your PD. 

We Collect Your PD in the Following Ways: 

Automatic Information
Squarespace (the third party who hosts this website) automatically receives information from your web browser or mobile device. 

Please view Squarespace's Privacy and Cookie Policy for more information on how they, as a third party, collect/process personal data.

When Entering and Using Our Website
When you enter and use our website and agree to accept cookies, some of these cookies may contain your PD.

When you Submit an Online Form
When you use our contact form we collect your first and last name, phone number and your email address (if you choose to provide them).

2. Our Use of Cookies

Our website uses cookies. A cookie is a small piece of data or a text file that is downloaded to your computer or mobile device when you access certain websites. Cookies may contain text that can be read by the web server that delivered the cookie to you. The text contained in the cookie generally consists of a sequence of letters and numbers that uniquely identifies your computer or mobile device; it may contain other information as well. 

By agreeing to accept our use of cookies, you are giving us, and (Squarespace who hosts this website), permission to place, store, and access some or all the cookies described below on your computer.  We only use 'Essential Cookies' on this site by default. 

Strictly Necessary Cookies
These cookies are necessary for proper functioning of the website, such as displaying content, logging in, validating your session, responding to your request for services, and other functions. Most web browsers can be set to disable the use of cookies (information on how to do this can be found further down this page). However, if you disable these cookies, you may not be able to access features on our website correctly or at all. 

Performance Cookies
These cookies collect information about the use of the website, such as pages visited, traffic sources, content management, and other website measurements. 

Functional Cookies
These cookies enable the website to remember a user’s choices – such as their language, user name, and other personal choices – while using the website. They can also be used to deliver services, such as letting a user listen to audio, or watch videos on the website.

Media Cookies
These cookies can be used to improve a website’s performance and provide special features and content. 

Session Cookies
These cookies allow websites to link the actions of a user during a browser session. They may be used for a variety of purposes, such as remembering what a user has put in their shopping cart as they browse a website. Session cookies also permit users to be recognized as they navigate a website so that any item or page changes they make are remembered from page to page. Session cookies expire after a browser session; thus, they are not stored long term. 

Persistent Cookies
These cookies are stored on a user’s device in between browser sessions, which allows the user’s preferences or actions across a site (or, in some cases, across different sites) to be remembered. Persistent cookies may be used for a variety of purposes, including remembering users’ choices and preferences when using a website.

All browser technologies enable you to disable/manage the cookies in the cookie folder of your web browser. This means that you can either delete cookies from your cookie folder once you have finished your visit at our website or you can set your preferences with regard to the use of cookies before you begin browsing our website. Please note, as stated above, that deleting or rejecting cookies may adversely affect your user experience of our website.

You can find out further information about blocking/disabling/managing cookies for each of the following browsers:

Both cookies in use on this website are "Essential":

1.) Name: cookieconsent.status
Duration: 1 year
Purpose: Checks if user has consented to cookies.

2.) Name: "Crumb"

Duration: Session

Purpose: Security. Prevents cross-site request forgery (CSRF). CSRF is an attack vector that tricks a browser into taking unwanted action in an application when someone’s logged in.

Defined as a "Required" cookie by Squarespace's Cookie Description.

Squarespace Cookies
You can find more details on the cookies that Squarespace website's use in this article.

This website is hosted by Squarespace. Please see Squarespace's Terms of Use and Privacy Policy for more information.

3. How Your Information Is Used

We use the information we receive from you to:

• Make improvements to our website.
• Contact you to follow up on contact form submissions.

Sharing Information With Affiliates and Other Third Parties
We do not sell or rent your PD to third parties for marketing purposes. For the policy of the third party who hosts this website (Squarespace), please see their privacy policy.

Legally Required Releases of Information
We may be legally required to disclose your PD acquired by using our website if such disclosure is (a) required by law, or other legal process; (b) necessary to assist law enforcement officials or government enforcement agencies; (c) necessary to protect us from legal action or claims from third parties, including you and/or other users or members; or (d) necessary to protect the legal rights, personal/real property, or personal safety of our company, users, employees, and affiliates.

N.B: The above does not apply to any email/communication sent through the third party Egress 'Switch Web Access' medium that we strongly recommend using for confidential patient information on our 'Contact Us' Page. For more information on this please refer to their Privacy Policy.

Disclosures to Successors
If our business is sold or merges in whole or in part with another business that would become responsible for providing the website to you, we retain the right to transfer your PD to the new business. The new business would retain the right to use your PD according to the terms of this privacy notice as well as to any changes to this privacy notice as instituted by the new business. 

We also retain the right to transfer your PD if our company files for bankruptcy and some or all of our assets are sold to another individual or business.

4. Retaining and Destroying Your PD

We retain information that we collect from you through the contact form or contact details on the 'Get In Touch' page only for as long as we need it for legal, business, or tax purposes. Information you submit to us by email is transferred outside the EEA and stored on our third-party email provider’s servers. We use Microsoft's email services. To see Microsofts privacy policy please click here.  There are no cookies/tracking active on this website, first or third party, that would store personal data for longer than 12 months. Your information may be retained in electronic form, paper form, or a combination of both. 

5. Updating Your PD

You can contact us using the contact information found at the top of this privacy notice and we will help you.

6. Revoking Your Consent for Using Your PD 

You have the right to revoke your consent for us to use your PD at any time. If you want to revoke your consent for us to use your PD, send us an email with your request to: Christiana@drmarkiewicz.co.uk 

7. Do Not Track Settings

Some web browsers have settings that enable you to request that our website not track your movement within our website. You can turn off tracking features and other security settings in your browser by referring to your browser’s user manual.

8. Links to Other Websites

Our website may contain links to other websites. These websites are not under our control and are not subject to our privacy notice. These websites will likely have their own privacy notices. We have no responsibility for these websites and we provide links to these websites solely for your convenience. You acknowledge that your use of and access to these websites are solely at your risk. It is your responsibility to check the privacy notices of these websites to see how they treat your PD. 

9. Protecting Children’s Privacy

Even though our website is not designed for use by anyone under the age of 16, we realize that a child under the age of 16 may attempt to access our website. We do not knowingly collect PD from children under the age of 16. If you are a parent or guardian and believe that your child is using our website, please contact us. Before we remove any information, we may ask for proof of identification to prevent malicious removal of account information. If we discover that a child is accessing our website, we will delete his/her information within a reasonable period of time. You acknowledge that we do not verify the age of our users nor do we have any liability to do so. 

10. Our Email Policy

We will not sell, rent, or trade your email address to any unaffiliated third party without your permission. It is your responsibility as a user of the site to refrain from sending confidential patient information using our 'Get In Touch' form. For confidential patient information please use the 'Switch Web Access' Encrypted Messaging service that is clearly recommended on our 'Get In Touch' page. When you send us a message through the 'Get In Touch' form or listed contact details you are consenting to us collecting your first and last name, contact number, email address and message content. 

11. Our Security Policy

Squarespace, the third party who hosts this website, uses industry-standard security measures and authentication tools to protect the security of your PD. We and the third parties who provide services for us, also maintain technical and physical safeguards to protect your PD. With SSL enabled automatically, our visitors can access a constant, secure connection on every page of the site. Through SSL, our visitors see a lock icon next to your URL in the browser, showing that their information is safe.

12. Transferring PD From the European Union

PD that Squarespace (the third party company that hosts this website) collects from you may be stored, processed, and transferred between any of the countries in which Squarespace (the third-party company that hosts this website) operates. As with existing law, the GDPR requires that certain safeguards be put in place when transferring personal data outside the EU. Squarespace have self-certified to the EU-US and Swiss-US Privacy Shield, which allows them to lawfully transfer EU and Swiss personal data to the US, including to our US-based data centers. You can read more about Squarespace’s Privacy Shield certifications here.

13. Changes to Our Privacy Notice

We reserve the right to change this privacy notice at any time. If our company decides to change this privacy notice, we will post those changes on our website so that our users and customers are always aware of what information we collect, use, and disclose. If at any time we decide to disclose or use your PD in a method different from that specified at the time it was collected, we will provide advance notice by email (sent to the email address you used to contact us with). Otherwise we will use and disclose our users’ and customers’ PD in agreement with the privacy notice in effect when the information was collected. In all cases, your continued use of our website, services, and products after any change to this privacy notice will constitute your acceptance of such change.

14. Questions About Our Privacy Notice

If you have any questions about our privacy notice, please contact us using the information at the top of this privacy notice.