We are committed to ensuring that your privacy is protected and we will only process personal data in accordance with the current Data Protection Act (1998) and the General Data Protection Regulations which will be in force from 25th May 2018. If you believe that any information we are holding about you is incorrect or incomplete, please write to us or email us as soon as possible. We will make any corrections promptly.
The policy explains how Well Travelled Clinics uses your personal data.
1. What rights does the GDPR provide for individuals?
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
2. Who is in control of my information
For the purposes of the Data Protection Act 1998, due to be updated in May 2018, we are registered as 'Data Controllers' with the Information Commissioner's Office (ICO), principally Well Travelled Clinics Limited. Details are published on a register on the ICO website where you can also find lots of useful information about Data Protection, what it means to you as an individual and how it applies to companies like Well Travelled Clinics.
3. Who is the data controller and what are their contact details?
Well Travelled Clinics
Email: tropshop [at] lstmed [dot] ac [dot] uk
Tel: 0151 705 3223
Fax: 0151 705 3365
The data controller for this website is
Manta Ray Media Ltd
Telephone: +44 (0)20 3815 7155
Email: hello [at] mantaraymedia [dot] co [dot] uk
4. How do I make a complaint?
We have a leaflet in all our clinics and on our website about how to make a comment, complaint or compliment. You do not have to put your complaint in writing to get it heard, please let any member of our team know if you have a complaint and they will try to resolve it for you there and then. If you remain dissatisfied our complaints leaflet outlines our process
If you're unhappy with any aspect of how we handle your personal information you have the right to contact the Information Commissioner’s Office (ICO), the supervisory authority that regulates handling of personal information in the UK. You can contact them by:
Website at https://ico.org.uk.
Telephone: 0303 123 1113.
Post to: Information Commissioner’s Office
Wilmslow, SK9 5AF
5. What are the 'Legitimate interests' for processing my data?
We will only process sensitive personal data (e.g. medical history) if it can satisfy at least one of the following conditions in relation to that sensitive personal data:
a) Explicit consent – the data subject whom the sensitive personal data is about has given explicit consent to the processing
b) Employment laws – processing is necessary so that the business can comply with employment laws
c) Vital interests – processing is necessary to protect the vital interests of the data subject (in a case where the data subject’s consent cannot be given or reasonably obtained), or another person (in a case where the data subject’s consent has been unreasonably withheld)
d) Public – the data subject has deliberately made the information public
e) Legal matters – processing is necessary in relation to legal proceedings, for obtaining legal advice or otherwise for establishing, exercising or defending legal rights
f) Public tasks – processing is necessary for administering justice, or for exercising statutory or governmental functions
g) Medical purposes – processing is necessary for medical purposes, and is undertaken by a health professional or by someone who is subject to an equivalent duty of confidentiality
h) Equal opportunities – processing is necessary for monitoring equality of opportunity, and is carried out with appropriate safeguards for the rights of data subjects.
6. What information do you collect about me?
Well Travelled Clinics collects personal information about you whenever you use our services. Some of it is information you give us directly when, for example, you submit details online through our request form or complete our registration form, consent forms, or give medical information to our clinical staff or when you write to us. Other information is collected indirectly, for example when you post comments on our Facebook, Twitter or other social media page.
7. What reasons/purposes do you have for processing my information?
We process personal information to enable us to provide safe high-quality health services to our patients, to maintain our accounts and clinical and administrative records so that we can communicate with our patients and clients and document the care of our patients.
8. What type/classes of my information is processed?
We process information relevant to the above reasons/purposes. This information may include:
- your name
- date of birth
- job title
- contact information including email addresses and telephone numbers
- location information such as address and postcode
- If applicable, the name of your company or organisation
- medical data, such as information about allergies; also, your age (for ease of reference in addition to your date of birth) – to help the doctor or nurse perform their medical duties and assess your suitability for vaccination or other requested services
- family details
- goods and services
- financial details
- other information relevant to customer surveys and/or offers.
- employment and education details
- your signature
We may also process sensitive classes of information that may include:
- physical or mental health details
- information related to your sexual health
- racial or ethnic origin
- religious or other beliefs of a similar nature
- offences and alleged offences
9. Who is this information processed about?
We process personal information about our:
- patients, customers and clients
- business contacts
- professional advisers
10. What information do you obtain from other sources?
When you use our services, some of the information we collect may be about your health and include data from NHS bodies such as your GP or your hospital doctor. We understand the sensitivity of this information and will only use it to ensure that we our services in a safe manner and fulfil our legal obligations to the NHS or similar bodies.
11. What about information provided by other people on my behalf?
If someone books an appointment on your behalf we will ask them for basic details about you, which may include health details. This is to ensure we book you in for the right type and length of appointment. Of course, we'll check with you when you come to your appointment to make sure the information we've been given is accurate.
If you're booking an appointment for someone else, please make sure they are happy for you to provide this personal information on their behalf and that they understand why we need to ask for it.
12. How do you use my personal information?
Providing our products and services
We use your personal information to provide our services, respond to queries and comments and provide you with the best possible level of customer service. We may use it to contact you about appointments you have booked or to send you reminders (e.g. about when your next vaccination is due). We may also contact you in emergency situations such as an urgent vaccine recall or where we have a duty of care to notify you of information that relates to your health. If you choose to complete and submit our contact form and provide personally identifying information (typically your name and email address), this data is stored on our site, which is hosted on a secure server, with an SSL certificate.
Individuals can also request access, updates, deletion or more information about the data held about them at any time by emailing tropshop [at] lstmed [dot] ac [dot] uk
Website visits tracking
Like most websites, our site uses Google Analytics to track user interaction. We use this data to determine the number of people using our site, to better understand how they find and use our web pages and to see their journey through the website.
Although Google Analytics records data such as your geographical location, device, internet browser and operating system, none of this information personally identifies you to us. Google Analytics also records your computer’s IP address which could be used to personally identify you but Google do not grant us access to this. We consider Google to be a third party data processor.
Should you choose to contact us using an email link, none of the data that you supply will be stored by our website. Instead the data will be collated into an email and sent to us.
About our website's server
This website is hosted by Linode within a UK data centre run by Telecity.
Telecity implements high-end physical security in their data centres: All facilities are well protected by 24×7 human security, biometrics, secure monitored single person entry and video surveillance (source: Telecity).
All traffic (transferral of files) between this website and your web browser is encrypted and delivered over HTTPS.
Website third party data processors
We use a number of third parties to process personal data on our behalf. These third parties have been carefully chosen and, to the best of our belief and understanding, all of them comply with current legislation. Both third parties are based in the USA and are EU-U.S Privacy Shield compliant.
Our site may, from time to time, contain links to and from the websites of partner networks and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Learning more about you
We'll consolidate the information we hold about you across the two clinics of Well Travelled Clinics and the different channels you use to interact with us (e.g. website, clinics, correspondence etc.). We do this to keep our records accurate and up to date, provide you with a seamless and consistent service and build a clearer picture of our customers both as a group and as individuals. By understanding you better we can offer you the best and most personalised service we can, but don't worry - we will only ever send you marketing material if you have agreed that we can.
If you’ve given us consent to process your personal information, you have the right to withdraw that consent at any time by contacting us.
You can also ask for access to the personal information we hold about you and request that we correct any mistakes, restrict or stop processing or delete it. It’s worth noting that in some cases if you do ask us to correct, delete or stop processing it, we won’t always be required to do so. If that is the case, we will explain why.
We will try to ensure that we deliver the best levels of customer service but if you think we are falling short of that commitment, please let us know by contacting us.
13. Do you use my personal data for crime prevention and detection?
To protect our customers, our staff and our business, we may use your personal data to help prevent and detect crime. We use CCTV to record images in our clinics. If you require access to CCTV footage (for example, if you are the victim of a crime that takes place on Well Travelled Clinics premises), you should write to us at:
Well Travelled Clinics
We will ask you to provide proof of your identity, the date and approximate time of the incident you wish to view and as much detail as you can to help us locate the correct footage. We will do our best to help, but there are situations in which we may be unable to make CCTV footage available to you, such as where the incident occurred some time ago or if we believe that allowing you to view it would breach someone else's privacy.
14. Do you share my information outside Well Travelled Clinics
We share your personal information with companies that provide services on our behalf, such as a courier who may deliver something to you, or a laboratory that is processing your blood test for you. We always ensure these companies give your information the same level of care and security as we do. If your information is to be sent outside Europe, we make sure it will be subject to standards of protection and security that are as high as those Well Travelled Clinics uses here in the UK.
15. Do you share my information with the NHS or other statutory body?
Where we have a duty of care to do so, we share information with NHS bodies to fulfil our legal obligations. We may share your personal information with third parties where required or permitted by law, if we believe we need to do so to protect our rights, or to comply with legal proceedings. In such cases, we will always do so legally and with due regard to your privacy.
16. What happens to my data if there are changes to your business?
If ownership of all or part of our business changes or we undergo a reorganisation, we will transfer your personal information to the new owner or successor company so we can continue to provide our services.
17. How long do you keep my personal information for?
We hold your personal information for as long as we have a legal or business reason to do so, which generally means as long as you remain a Well Travelled Clinics customer/colleague or as required to meet our legal obligations, resolve disputes or enforce our agreements. To fulfil our obligations to NHS, regulatory or similar bodies, health-related personal information may need to be retained for a period of time after you cease to be a Well Travelled Clinics customer/colleague. We will always store it securely and will not use it for any other purpose.
18. Do I have the right to be 'Forgotten'
Yes. Under Article 17 of the GDPR you have the right to have your personal data erased. This is also known as the ‘right to be forgotten’. The right is not absolute and only applies in certain circumstances.
19. When does the right to be 'Forgotten' apply?
You have the right to have your personal data erased if:
- your personal data is no longer necessary for the purpose which we originally collected or processed it for
- we are relying on your consent as the lawful basis for holding the data, and you withdraw your consent
- we are relying on legitimate interests as our basis for processing, you object to the processing of your data, and there is no overriding legitimate interest to continue this processing
- we are processing your personal data for direct marketing purposes and you object to that processing
- we have processed your personal data unlawfully (i.e. in breach of the lawfulness requirement of the 1st principle)
- we have to erase it to comply with a legal obligation
20. Do you send reminders?
Unless you ask us not to, our normal practice is to try to send you reminders about booked appointments or when your current vaccine protection runs out, or when you are due for tests or further examinations.
21. What security do you have in place to protect my information?
We are committed to ensuring that your information is secure. To prevent unauthorised access or disclosure we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect.
22. What about links to other websites?
Our website contains links to other relevant websites. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
23. What about my privacy and shared computers?
If you access Well Travelled Clinics from a shared computer, such as in an internet cafe or from a colleague's computer at work, Cookies may cause your e-mail address to display in the login field to anyone who uses the site on that computer after you. You can avoid this by clearing the Cookies stored by the web browser. The option to do this is normally in the 'Tools' dropdown menu at the top of the browser window.