GDPR Privacy Notice
HUM2N GDPR Notice Any reference to ‘the legislation’ shall include the General Data Protection Regulation (GDPR), the UK General Data Protection Regulation (UKGDPR), the Data Protection Act 2018, the Privacy & Electronic Communications Regulation 2003 and any other applicable data protection legislation as introduced from time to time. Who are we? Hum2n Ltd is a healthcare company offering health and well-being services and therapies and aesthetic services. Data protection principles All personal data that is stored and processed by us, is done so by a core set of principles in line with the legislation: Processing is fair, lawful, and transparent. Data is collected for specific and legitimate purposes. Data we collect is adequate, relevant and limited to what is necessary. Data is kept accurate and up-to-date. Any data found to be inaccurate will be erased or rectified without undue delay. Data is not retained for longer than intended or necessary unless we are required by law to do so. Data is processed to ensure appropriate security, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage by using appropriate measures. We comply with the relevant data protection legislation for international transferring of data. Personal data In order to provide you with our services, we may need to control and process your personal data. Personal data is information about you which can be used to identify you, such as your name, date of birth and contact information. We may also require sensitive, ‘special category’ data including, but not limited to, health data, genetic data. Confidentiality Hum2n Ltd considers the confidentiality of your personal data our main priority. We comply with all relevant data protection legislation. We have internal policies, procedures and controls designed to ensure that all personal data is protected and not accidentally destroyed, misused, disclosed, lost etc. Your data is controlled and managed by employees of Hum2n Ltd as part of their duties in their role. Where third party companies are engaged to process your data on our instruction, they do so in line with our procedures and instructions which are set out to include a duty of confidentiality and include technical and organisational measures to ensure the security of your data. We will only keep your data for as long as necessary and in accordance with data protection legislation. Your rights and how to exercise them At any point while we are in possession of or processing your personal data, you – the data subject – have the following rights: The right to request a copy of the information that we hold about you. The right to correct or remove any data we hold about you that is inaccurate or incomplete. In certain circumstances you can ask for the data we hold about you to be erased from our records. You have the right to have your personal data erased if: - the personal data is no longer necessary for the purpose which we originally collected or processed it for unless we are required by law to retain it - we are relying on consent as our lawful basis for holding the data, and you withdraw your consent - we are relying on legitimate interests as our basis for processing, and you object to the processing of your data - we have processed the personal data unlawfully - we must do it to comply with a legal obligation - we have no legal right to retain the personal data The right to restriction of processing. The right to have the data we hold about you transferred to another organisation. The right to object to certain types of processing such as direct marketing. If you request access to the personal data we hold you be will be asked for documentation to prove your identity or, if you are acting on the behalf of another client, we will ask for proof of their consent. Changes to our processing arrangements If anything changes in how we collect, store, control or process your data, we will contact you and let you know. ______________________________________________________________________________ IF YOU ARE A PATIENT/CUSTOMER What data do we collect? - Name, address, contact info, date of birth, name and details of GP - Potentially payment information - Health information How do we collect the data? - Via your order (made online, on the phone, via email or in person) - When you book or attend a consultation or an event Why do we collect the data? - To enable us to respond and deal with any query or request (orders etc.) - To arrange and/or carry out a consultation - To enable us to recommend appropriate products What is our lawful basis for processing your information? We may process your data on the grounds of legitimate interests or performance of a contract. Further, if we are processing sensitive information (known as special category data) such as health or genetic data, our additional condition for processing would be the provision of healthcare. Should you purchase products from us we would process your data on the grounds of performance of a contract. If you subscribe to our newsletters or receive marketing communications from us we are relying on your consent, which can be withdrawn easily at any time by simply letting us know or unsubscribing. Who do we share the data with? The data may be shared internally with any Hum2n Ltd employees or outsourced contractors/partners who view your data as part of their role. All our staff understand the importance of data protection and have undergone suitable training. We have data-sharing agreements in place with our outsourced contractors/partners which detail their responsibilities in respect of data privacy and security. Your data will be shared on our customer portals run by Pabau and Health Path Pro, with whom we have a data processing agreement in place. We may also share your data with: Google Workspace Our website is hosted in Shopify with a www.hum2n.com domain name and are compliant with data protection legislation in line with their privacy policy. External practitioners with whom we have data sharing agreements in place. Healthcare professionals to whom you may require an onward referral (we will ask you to sign a consent before this information is shared). Your own GP in some circumstances. On rare occasions your local authority in the event of a potential safeguarding issue. We will not share your personal data with anyone else outside of Hum2n Ltd, or its partners without your consent. If any data is shared outside of the above it will be: - When we have your consent to do so - To comply with a legal obligation - If we are under a professional duty to share personal data in order to enforce or apply our terms of us/terms and conditions - To protect the rights, property or safety of Hum2n Ltd, our customers or others - If there are any other exceptional circumstances and we are unable, or it is inappropriate, to seek your permission - For the reason of public interest Consent By consenting to this GDPR Policy, you are giving us permission to process your personal and special category data for the purposes identified in the headings above. We keep our privacy notice under regular review. This notice was last updated in March 2023. If, at any point, you would like to exercise any of your rights or wish to make a complaint about how we handle your data, please contact us at Hum2n Ltd 35 Ixworth Place London SW3 3QX Email: concierge@hum2n.com If at any time you are still unhappy with how we manage your personal data you have the right to complain to the Information Commissioner’s Office (ICO) at: Information Commissioner's Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF Telephone: 0303 123 1113 Fax: 01625 524510