At MYA, we are committed to protecting your personal information and confidentiality and we take all reasonable measures to ensure the confidentiality and security of personal data for which we are responsible, whether computerised or on paper.
Our policy complies with UK law accordingly implemented, including that required by the EU General Data Protection Regulation (GDPR).
- MYA’s legal basis for processing your data.
- What information do we collect about you?
- How will we use the information about you?
- Who may we share you information with and why?
- Your rights as a data subject.
- MYA Medical Records
- How to contact us
MYA’s legal Basis for Processing your data
MYA will obtain your consent as the legal basis for us to collect your personal information to send you marketing communications relating to our business which we think may be of interest to you.
MYA’s legal basis for the processing of your personal and sensitive information is to allow us to fulfil or take steps to fulfil any contractual obligation to you. In addition to this, MYA can lawfully process special category data such as your health records, provided by you, in order to provide you with the appropriate healthcare.
What information do we collect about you?
We collect information about you when you enter your details into one of our website forms, when you speak with one of our advisors over the phone, when using the MYA App and in clinic when you are being consulted. We may collect basic details such as full name, email address, phone number, age range and gender along with information relevant to your health, previous medical history and some lifestyle information.
MYA may also collect credit card details, however this information is not stored or processed through MYA’s IT Systems.
If you choose to withhold any Personal Information requested by us, it may not be possible for you to gain access to certain parts of our website, for us to respond to your enquiry or for you to continue your journey with MYA.
Website usage information is collected using cookies.
Information collected from you is stored in a customer/medical record where it is held and processed electronically on secure servers which are subject to the appropriate technical security measures mandated by the EU General Data Protection Regulations.
How will we use the information about you?
MYA Cosmetic Surgery need to hold and process the personal and health information you have provided us. This is to identify you, contact you during your journey, help us understand your expected outcomes, tailor your journey to offer you the best possible path to your desired results and meet contractual obligations.
Also, if you consent, we may use your contact details for marketing purposes to send you relevant information that you may find interesting.
Who may we share your information with and why?
During your journey with MYA, we may need to share your information, including sensitive data, with medical professionals, government agencies and third parties in order to deliver services you have requested.
Your rights as a Data Subject
You have the right to request a copy of the information that we hold about you. You have the right for your details to be forgotten (right to erasure) for the sole purpose of processing for marketing communications. If you would like a copy, amend or erase some or all of your personal information, please email us, write to us or call 03330141014 and you be directed to the appropriate responsible person. To manage your settings, please click the ‘Update your communication preferences’ link on the bottom of our emails or visit https://privacy.mya.co.uk.
MYA Medical Records
What is a medical Record?
Once you have seen a surgeon or nurse, the information we hold about you as a customer record becomes a medical record because it will contain information entered by a medical professional.
Why are we processing medical and health information about you?
MYA is committed to providing the best possible care and outcomes for our patients and as such we need to keep records about your health and other personal information for medical purposes. Your personal and sensitive information is collected by MYA staff both electronically and on paper where it is stored within the EU and is subject to the appropriate technical security measures mandated by the EU General Data Protection Regulations.
What Information are we collecting and storing?
MYA will record both personal data and sensitive personal data, such as information about your health and ethnic origin.
Data Retention Periods
In accordance with the Records Management Code of Practice for Health and Social Care 2016, Mya has implemented the following retention periods, dependent on the type of record and data being stored:
|Type of Record||Retention Period||Notes|
|Customer Record||6 Years||Records of customers who have made an enquiry, either through MYA’s Website, Third Parties or by phone. They have not seen a medical professional, ie, Seen a Surgeon for a consultation, but they may have attended an initial consultation with a Patient Coordinator.|
|Basic Medical Record||15 Years||Patient has seen a medical professional and the medical record not covered by any other section in MYA retention schedule.|
How to contact us
- By email to firstname.lastname@example.org
- Or write to us at: MYA Cosmetic Surgery, 1 Cardale Park, Harrogate, HG3 1RY.
- MYA have appointed a Senior Information Risk Officer (SIRO) who is responsible for the management of all information and data under the control of MYA along with any associated risks or incidents. MYA’s SIRO can be contacted by emailing email@example.com.
- MYA has also appointed a Caldicott Guardian who is responsible for the management of patient information and patient confidentiality. MYA’s Caldicott Guardian can be contacted by emailing firstname.lastname@example.org