- Why do we use your personal data? We typically use your personal information for purposes related to your health and to provide you with health care services.
- We use your sensitive data: In performing our obligations, AMS Plastic Surgery Ltd may use information about your health, racial and ethnic origin, and sexual orientation.
- Sharing data: We may share your data with third parties, including third-party service providers and regulators if legally required.
- Security: We respect the security of your personal information and treat it in accordance with the law.
- International transfer: We may transfer your personal information outside the EU (for example when storing your data on the cloud content management service Box, which is based in the United States of America) and, if we do, you can expect a similar degree of protection in respect of your personal information.
Who are we?
AMS Plastic Surgery Ltd is the private limited company through which Consultant Plastic Surgeon Mr Adam Sierakowski manages his private practice. AMS Plastic Surgery Ltd is registered in England and Wales under company number 08535704.
Our Data Protection Officer
- AMS Plastic Surgery Ltd is registered as a Data Controller, as defined in the Data Protection Laws, with the Information Commissioner’s Office “ICO”.
- Mr Adam Sierakowski is the Data Protection Officer and is responsible for auditing our compliance with Data Protection Laws.
- If you have any concerns or questions about our use of your personal data, you can contact Mr Adam Sierakowski at firstname.lastname@example.org, or alternatively by writing to him at the following address:
Mr Adam Sierakowski
Consultant Plastic Surgeon
What is the purpose of this privacy notice?
- As a health care service provider in the UK, AMS Plastic Surgery Ltd is subject to legal obligations when processing your personal information, which are contained in the Data Protection Act 2018, the General Data Protection Regulation 2016/679, and any local or European laws on data protection, as amended from time to time (“Data Protection Laws”).
- The purpose of this privacy notice is to explain why we collect your personal information, how we intend to use that information, whether we will share your information with anyone else, as well as your rights with regard to the information that AMS Plastic Surgery Ltd holds about you.
- It is important that you read this statement so that you know how and why we use information about you. It is also important that you inform Mr Adam Sierakowski / AMS Plastic Surgery Ltd of any changes to your personal information during the provision of health care services to you by him so that the information which we hold is accurate and current.
- This statement applies to all current and former patients of Mr Adam Sierakowski.
What type information do we hold about you?
The personal information we may hold about you may include the following:
- Contact details, such as postal address, email address and telephone number
- Emergency contact details, including next of kin
- Background referral details
We may also process the following more sensitive category of personal data:
- Details of your current or former physical or mental health. This may include information about any healthcare you have received (both from Mr Adam Sierakowski directly and other healthcare providers such as GPs, dentists or hospitals (private and/or NHS)) or need, including about clinic and hospital visits and medicines administered.
- Details of services you have received from us
- Details of your nationality, race and/or ethnicity
- Details of your religion
- Details of any genetic data or biometric data relating to you
- Data concerning your sex life and/or sexual orientation
We may also hold clinical photographs of yourself, which relate to the care you have received by Mr Adam Sierakowski. You will be required to indicate your specific level of consent with regards to who may view these photographs and how they are used.
How we collect your personal information
We may collect your personal information including sensitive personal information in a number of different ways, including:
Directly from you
- When you complete an enquiry form on the essexplasticsurgery.co.uk website
- When you submit a query to us either through our website, by email or by social media
- When you correspond with us by letter, email, telephone or social media, including where you reference Mr Adam Sierakowski in a public social media post
Other healthcare providers
We may collect personal information and/or medical records from the persons and bodies below for the purpose of your direct care. These records may include contact details, diagnosis, treatment, hospital visits and medication administered information.
- Your general practitioner
- Your dentist
- Other hospitals or treatment facilities you may have been treated at, both NHS and Private
- Consultants working independently or for third parties, or their medical secretaries
- Commissioners of healthcare services and regulators
Other third parties
- Family members or next of kin, with your consent
- Your private medical insurance policy provider
- NHS health service providers
How we use your personal information
We need to use your personal information to provide healthcare services to you. Reasons for processing your personal information include:
- Contacting you following an enquiry from you by email, through our phone line, our social media pages or our website
- Establishing a patient record
- Maintaining accounting and financial records, internal audit requirements
- To answer any complaint or legal claim from you
- Communicating with a third party, share updates about your care (e.g. insurance companies) and updating other healthcare professionals about your care (e.g. your general practitioner, the NHS).
- Disclose information to regulatory bodies.
Please note that failure to provide us with your personal information (including your sensitive information) may mean that we are unable to set you up as a patient or provide you with the required treatment.
Where your personal information is stored and how long it is kept
We use a paperless storage system. The information we collect and hold about you is stored on the cloud content management service Box, whose servers are based in the United States of America. Box meets and supports some of the highest benchmarks for security and privacy including ISO 27001, ISO 27018, and the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the BSI C5 attestation. For organizations with European data protection obligations, Box has Processor Binding Corporate Rules and Controller Binding Corporate Rules (BCRs) and participates in the E.U.-U.S. and Swiss-U.S. Privacy Shield Frameworks to provide a legally recognized way to transfer data across European borders.
Every file uploaded to the Box Cloud Content Management platform is encrypted at rest using AES 256-bit encryption.
Our retention policy is in line with the Records Management Code of Practice for Health and Social Care 2016, and applicable laws as amended from time to time. Records that have completed the specified retention period will be deleted from Box.
Who has access to my personal information?
The following individuals have access to your personal information if necessary for a specified legal purpose and subject to the necessary safeguards being in place:
- Mr Adam Sierakowski, Consultant Plastic Surgeon
- Mr Adam Sierakowski’s private medical secretary
- If you have provided an email address, we will invite you to access your Patient File on Box, enabling you to view all of the data we have stored in your name.
Sharing of your personal information with third parties
We will share your personal information with third parties when it is appropriate and necessary to do so only, including the following:
- Consultant, nurse, carer, physiotherapist or any other healthcare professional involved in your treatment, including their medical secretaries
- Your emergency contact, for example your next of kin or carer
- NHS organisations and the Department of Health
- Other private sector healthcare providers
- Your general practitioner
- Your Dentist
- Third parties who assist in the administration of your healthcare, such as insurance companies
- Private Healthcare Information Network (“PHIN”)
- National and other professional research/audit programmes and registries
- Government bodies, including the Ministry of Defence, the Home Office and HMRC
- Regulators, including the Care Quality Commission, Health Inspectorate Wales and Healthcare Improvement Scotland, Medicines and Healthcare products Regulatory Agency
- The police and other third parties where reasonably necessary for the prevention or detection of crime
- Private medical insurers
- Suppliers of medical devices
Third parties we contract with are under an obligation to comply with Data Protection Laws at all times.
Your rights regarding your personal information
You have certain rights in relation to the personal information that we hold about you under Data Protection Laws. You may exercise these rights at any time by contacting us using the details set out at the beginning of this privacy notice.
Reasonable requests are free of charge. Requests will usually be processed within one calendar month of receipt, unless it is a complex request. We may reasonably need more information from you to answer your request or to identify you and we will wait until we have the necessary information before dealing with your request.
If we cannot comply with your request to exercise your rights, we will usually tell you why. AMS Plastic Surgery Ltd, as a health care provider, is subject to legal and regulatory obligations which may limit or restrict the enforcement of your rights on some occasions, as stated below.
Your rights include:
The right to request access your personal information (also known as ‘Subject Access Request’)
AMS Plastic Surgery Ltd is committed to facilitate the exercise of your rights as data subjects. You can find out if we hold any of your personal information by making a ‘Subject Access Request’ (“SAR”). You can make a SAR either verbally or in writing. It is recommended that you make your request in writing directly to Mr Adam Sierakowski (contact details provided at the beginning of this privacy notice).
and clearly set out what data you wish to access. Please include the following information when making your request:
- Your name and preferred contact details
- Your date of birth
- Any details relating to your request (type of document requested, and timeframe covered)
The right to rectification
You may ask us to rectify any personal information we hold about you if your circumstances have changed or the information is no longer valid.
The right to erasure (also known as the right to be forgotten)
You may ask us to delete some personal information we hold about you, but this will be subject to any legal obligations we need to comply with in terms of retention period, public interest, public health, or for the purposes of establishing, exercise or defending legal claims.
The right to restriction of processing
We may amend the scope of the processing of your personal information upon your request, unless we need to keep your personal information in order to perform tasks which are in the public interest, including but not limited to public health, or for the purposes of establishing, exercise or defending legal claims.
The right to data portability
You may ask us to transfer personal information that you have provided to us to you or (if this is technically feasible) another individual / organisation of your choice.
The right to object
This includes the right to object to AMS Plastic Surgery Ltd using your personal information in a particular way (such as sharing that information with third parties), and we must stop using it in that way unless specific we need to retain that information to defend a legal claim brought against us, or is otherwise necessary for the purposes of your ongoing treatment.
The right not to be subject to automatic decisions (i.e. decisions that are made about you by computer alone)
We do not use profiling and/or make decisions about you based on wholly automated processing of your personal information.
The right to withdraw consent
When we rely on your consent to process your personal information, you have the right to withdraw your consent to further use of your personal information. You can do this by contacting our Data Protection Officer.
The right to complain to the Information Commissioner’s Office
You may complain to the Information Commissioner’s Office (“ICO”) if you have any questions about the way that we have dealt with a request from you to exercise any of these rights, or if you think we are not compliant with Data Protection Laws. Making a complaint will not affect any other legal rights or remedies that you have.
You may contact the ICO here https://ico.org.uk/make-a-complaint/
Data Security measures
AMS Plastic Surgery Ltd is committed to ensuring the privacy and confidentiality of your personal information within its control. We use technologies and processes such as access control procedures, network firewalls, encryption and physical security to protect the privacy of information. Although the transmission of information via the internet is never completely secure, we will use our best endeavours to protect your information from loss, misuse or alteration when it is within our control in compliance with all applicable and Data Protection Laws.
How we communicate with you
When you get in contact with us or register as a patient with a hospital where Mr Adam Sierakowski has admitting rights, you will be asked to complete a registration form.
We will communicate with you by your preferred method (by telephone, SMS, email, and/or post). If we contact you using the telephone number(s) which you have provided, and you are not available which results in the call being directed to a voicemail and/or answering service, we may leave a voice message.
In accordance with the preferences you have communicated to us, we may need to contact you to:
- ensure that we provide you with updates and/or reminders regarding your appointment
- provide you with your medical information (including test results and other clinical updates) and/or invoicing information;
- respond to email enquiries;
- respond to telephone enquiries;
- invite you to access your personal file on Box, via email