At MYA, we are committed to protecting your personal information and confidentiality and we take all reasonable measures to ensure the confidentiality and security of personal data for which we are responsible, whether computerised or on paper.
Our policy complies with UK law accordingly implemented, including that required by the EU General Data Protection Regulation (GDPR).
- MYA’s legal basis for processing your data.
- What information do we collect about you?
- How will we use the information about you?
- Who may we share you information with and why?
- Your rights as a data subject.
- MYA Medical Records
- How to contact us
MYA’s legal Basis for Processing your data
MYA will obtain your consent as the legal basis for us to collect your personal information to send you marketing communications relating to our business which we think may be of interest to you.
MYA’s legal basis for the processing of your personal and sensitive information is to allow us to fulfil or take steps to fulfil any contractual obligation to you. In addition to this, MYA can lawfully process special category data such as your health records, provided by you, in order to provide you with the appropriate healthcare.
What information do we collect about you?
We collect information about you when you enter your details into one of our website forms, when you speak with one of our advisors over the phone, when using the MYA App and in clinic when you are being consulted. We may collect basic details such as full name, email address, phone number, age range and gender along with information relevant to your health, previous medical history and some lifestyle information.
MYA may also collect credit card details, however this information is not stored or processed through MYA’s IT Systems.
If you choose to withhold any Personal Information requested by us, it may not be possible for you to gain access to certain parts of our website, for us to respond to your enquiry or for you to continue your journey with MYA.
Website usage information is collected using cookies.
Information collected from you is stored in a customer/medical record where it is held and processed electronically on secure servers which are subject to the appropriate technical security measures mandated by the EU General Data Protection Regulations.
Our site uses 3 forms that visitors can use:
- Contact Form – to request more information, book a consultation over the phone or sign up to our newsletter
- Online Booking Form – to book a consultation online
- Forum Form – to sign up to our online Forum to access a secure area
For the Contact Form and Online Booking Form, we collect the following information:
- Full Name
- Email Address
- Mobile and Home Phone Number
- Age range
During a call with one of our advisors or on our online booking form, we may collect the following extra information:
- BMI (Body Mass Index)
- Preferred Name
- Previous medical history
- Credit card details, however this information is not stored or processed through MYA’s IT Systems.
When using the MYA App, we collect the following information:
- Marital Status
- GP Information
- Patient Medical History and any other information that may have a bearing on your medical status.
- NHS Number
During a consultation at one of our clinics, we may collect the following extra information:
- Further health information (Why they want it and body type info)
- Financial Status
How will we use the information about you?
MYA Clinics Ltd need to hold and process the personal and health information you have provided us. This is to identify you, contact you during your journey, help us understand your expected outcomes, tailor your journey to offer you the best possible path to your desired results and meet contractual obligations.
Also, if you consent, we may use your contact details for marketing purposes to send you relevant information that you may find interesting.
We use your contact information in two ways:
- For the purposes of staying in touch and communicating with you during your journey with MYA, including appointment information. (Phone, Email, SMS)
- For marketing purposes to send you information about our company if you agree. (Email, SMS)
We use information collected about you for marketing purposes in the following ways:
- We would like to send you information about products and services of ours and other companies in our group, which may be of interest to you. If you have consented to receive marketing, you may opt out at a later date.
- You have the right at any time to stop us from contacting you for marketing purposes. If you no longer wish to be contacted for marketing purposes, please click the ‘Update your communication preferences’ link on the bottom of our emails or visit https://privacy.mya.co.uk to manage your settings.
- For the purpose of improving our services, we request feedback via Third Party review sites like Trustpilot. Trustpilot act as a data processor and assist MYA to collect feedback from our customers on our behalf. You can read Trustpilot’s Data Processing Agreement here
We use information collected from our website in the following ways:
- Cookies are text files placed on your computer to collect standard internet log information and visitor behavior information. This information is used to track visitor use of the website and to compile statistical reports on website activity.
- You can set your browser not to accept cookies and the above website tells you how to remove cookies from your browser. However, in a few cases, some of our website features may not function as a result.
We use your information collected from the website to personalize your repeat visits to our website.
Who may we share your information with and why?
During your journey with MYA, we may need to share your information, including sensitive data, with medical professionals, government agencies and third parties in order to deliver services you have requested.
- Your Surgeon, Medical Practitioner, Healthcare Professional or a member of the MYA medical Team for the purposes of the discussions around your procedure or any follow up treatment or any issue or complaint raised by you.
- Your GP and or other relevant medical practitioners as it is important that they are aware of your intended procedure. Post Operatively, this also gives your GP total visibility of any care given to you by MYA.
- MYA may need to disclose or have a legal obligation to disclose information about you, including sensitive information, to government authorities, such as the General Medical Council (GMC), the Care Quality Commission (CQC) or the Police investigating criminal activity.
- If you consent, we will supply your details to a third party in order to deliver information which you have requested. This is limited to supplying First Clinical Aesthetics with your details to deliver information regarding non-surgical treatments.
- If you consent, we will supply the relevant data required for the application of finance through a lender introduced by MYA. This will be limited to afforditNOW (by PayBreak) and DEKO (By Pay4Later).
Your rights as a Data Subject
You have the right to request a copy of the information that we hold about you. You have the right for your details to be forgotten (right to erasure) for the sole purpose of processing for marketing communications. If you would like a copy, amend or erase some or all of your personal information, please email us, write to us or call 03330141014 and you be directed to the appropriate responsible person. To manage your settings, please click the ‘Update your communication preferences’ link on the bottom of our emails or visit https://privacy.mya.co.uk.
Unless subject to an exemption [under the GDPR], you have the following rights with respect to your personal data:
- The right to request a copy of your personal data which the MYA Clinics Ltd holds about you.
- The right to request that MYA Clinics Ltd corrects any personal data if it is found to be inaccurate or out of date.
- The right to request your personal data is erased where it is no longer necessary for MYA Clinics Ltd to retain such data as per MYA’s legal basis for processing your data. If your personal data is being held as a medical record, MYA can still legally hold your data as per MYA’s retention periods.
- The right to withdraw your consent to the processing at any time for which your consent has been given.
- The right to request that the data controller provide the data subject with his/her personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability).
- The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing.
- The right to object to the processing of personal data.
- The right to lodge a complaint with the Information Commissioners Office.
MYA Medical Records
What is a medical Record?
Once you have seen a surgeon or nurse, the information we hold about you as a customer record becomes a medical record because it will contain information entered by a medical professional.
Why are we processing medical and health information about you?
MYA is committed to providing the best possible care and outcomes for our patients and as such we need to keep records about your health and other personal information for medical purposes. Your personal and sensitive information is collected by MYA staff both electronically and on paper where it is stored within the EU and is subject to the appropriate technical security measures mandated by the EU General Data Protection Regulations.
What Information are we collecting and storing?
MYA will record both personal data and sensitive personal data, such as information about your health and ethnic origin.
The records we keep about you may contain:
- Basic details about you such as name, address, date of birth, next of kin, etc.
- Contact we have had with you such as appointments.
- Notes on your consultations during your journey with MYA. These may include audio recordings for staff training and quality purposes.
- Detailed notes and information about your health and procedure including:
- Information about allergies
- Information about your medical history, including long-term conditions, such as diabetes or asthma.
- Medical test results such as blood tests, allergy tests and other screenings.
- Any clinically relevant lifestyle information, such as smoking, alcohol or weight.
- Hospital records.
- Details of your medicines.
- Pre and Post-Operative photos for clinical assessments to be made of results achieved after surgery.
Data Retention Periods
In accordance with the Records Management Code of Practice for Health and Social Care 2016, Mya has implemented the following retention periods, dependent on the type of record and data being stored:
|Type of Record||Retention Period||Notes|
|Customer Record||6 Years||Records of customers who have made an enquiry, either through MYA’s Website, Third Parties or by phone. They have not seen a medical professional, ie, Seen a Surgeon for a consultation, but they may have attended an initial consultation with a Patient Coordinator.|
|Basic Medical Record||15 Years||Patient has seen a medical professional and the medical record not covered by any other section in MYA retention schedule.|
|Description of Record||Date from which Retention Period calculated||Retention Period||Notes|
|MYA Customer Record – Electronic or Paper||Last contact with MYA||6 Years||These are records of customers who have made an enquiry, either through MYA’s Website, Third Parties or by phone. They have not seen a medical professional, ie, Seen a Surgeon for a consultation, but they may have attended an initial consultation with a Patient Coordinator.|
|MYA Medical Record – Electronic or Paper||Discharge following original procedure or revision surgery or patient last seen||15 Years||Basic Medical Records – This is for future reference concerning any medical issue, complaint or other matter arising.|
|MYA Medical Record where surgery was carried out and involved implants – Electronic or Paper||Discharge following original procedure or revision surgery or patient last seen||Indefinitely||Basic Medical Records – However due to the surgery involving implants, MYA will keep these medical records indefinitely for future reference in case of issues with the implants used during surgery. This is a result of PIP implants being withdrawn in 2010.|
|MYA Telephony Systems||Creation||Store as a customer record|
How to contact us
- By email to [email protected]
- Or write to us at: MYA Clinics Ltd, 1 Cardale Park, Harrogate, HG3 1RY.
- MYA have appointed a Senior Information Risk Officer (SIRO) who is responsible for the management of all information and data under the control of MYA along with any associated risks or incidents. MYA’s SIRO can be contacted by emailing [email protected].
- MYA has also appointed a Caldicott Guardian who is responsible for the management of patient information and patient confidentiality. MYA’s Caldicott Guardian can be contacted by emailing [email protected].