At Naytal, we strive to explain things in a clear, easy to read format to give you better knowledge and understanding of your healthcare. We’ve tried to do the same with our legal wording, however official terminology sometimes can’t be avoided. If anything is unclear or doesn't make sense we are always here to help at email@example.com
We take your privacy very seriously and are committed to protecting your personal data. This Privacy Notice details how we, Naytal Ltd of 63/66 Fifth Floor Suite 23, Hatton Garden, London EC1N 8LE (we, us) collect, use and process personal data if you are a client booking consultations on our website (our website).
We may update this Privacy Notice from time to time at our discretion and in particular to reflect any changes in applicable laws or our business practices. Where we make significant changes, we will notify you if we have your email address. Otherwise, you are responsible for regularly reviewing this Privacy Notice so that you are aware of any changes to it.
We are the data controller of the personal data you provide to us on our website. If you have any questions on this Privacy Notice or otherwise relating to how we process your personal data you can contact us at firstname.lastname@example.org
What personal data do we collect?
The sorts of data we collect fall into the following categories:
- Contact Data includes data such as your email address, telephone number;
- Identity Data includes data such as first name, last name, date of birth and if you are a practitioner, details about your experience and employment history;
- Transaction Data includes details of your booking, consultations and any cancellations;
- Technical Data includes data such as internet protocol (IP) address, your login data, browser type and version, cookies, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website and any communications we may send to you.
- Usage Data includes information about how you use our website such as information about your visit to our website, including the full Uniform Resource Locators (URL) clickstream to and through, pages you viewed or searches you made, page response times, download errors, length of visit, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.
- Marketing Data includes your preferences in receiving marketing from us.
We do not store any financial information for you: all payments are made through our third party payment provider, currently Stripe.
We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as it does not directly or indirectly identify you. Examples of this include the number of bookings per service, or the age range of our users. We look at this data as a collective group, rather than on an individual basis. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we will treat the combined data as personal data which will be used in accordance with this Privacy Notice.
We do not knowingly collect personal data of children. Please do not provide personal data to us unless you are at least 18 years old.
You will need to provide background medical information to the practitioners on Naytal in advance of your booking to support the practitioners’ understanding of what you need from the consultation. This is not stored or saved by us.
Although our website hosts your consultation, we are not party to the consultation, we do not view it, record it or otherwise save any information shared by you in the consultation.
However, we keep a record of the bookings you make and consultations you have to enable you to access and use our website.
Personal data you provide to us
From time to time you may provide personal data to us. This may be because:
- You access and interact with our website;
- You apply to be a practitioner on our website;
- You create an account on our website to book consultations;
- You sign up for our mailing list;
- You otherwise contact us including with queries, comments or complaints.
All personal data that you provide to us must be true, complete and accurate.
When you contact us by email or post, we may keep a record of the correspondence.
Personal data we automatically collect about you
When you use our website, we may automatically collect and store information about your Technical Data and Usage Data for the purposes of research and analysis.
Some of this information is collected using cookies and similar tracking technologies. If you want to find out more about the types of cookies we use, why, and how you can control them, please see our Cookies Policy.
Personal data we receive from others
We may also receive personal data about you from our third party service providers, including our payment service providers and our analytic service providers.
Given the nature of our website, if you are a client, then we may receive personal data about you from a practitioner.
Legal basis for processing your personal data
We will only use your personal data where we have a lawful basis to do so. The lawful purposes that we rely on under this Privacy Notice are:
- consent (where you choose to provide it);
- performance of a contract with you;
- compliance with legal requirements; and
- legitimate interests. When we refer to legitimate interests we mean our legitimate business interests in the normal running of our business which do not materially impact your rights, freedom or interests.
We will collect data to support the following purposes and activities:
- To consider whether to register you as a client. We collect contact and identity data to fulfil the performance of a contract with you.
- To consider whether to register you as a practitioner, and then (if we agree) to register you as a practitioner. We collect contact and identity data to fulfil the performance of a contract with you.
- To manage your account including managing payments. We collect contact, identity and transaction data to fulfil the performance of a contract with you and to check legitimate interests (fraud-checking).
- To manage our relationship with you such as notifying you about changes to our terms or this Privacy Notice. We collect contact and identity data to fulfil the performance of a contract with you as is necessary to comply with legal obligation, and to check legitimate interests (fraud-checking).
- To administer and protect our business and this website (including improving and fixing our service, analysis, testing, system maintenance, support, reporting and hosting of data). We will collect technical data to comply with necessary legal obligations, and to check legitimate interests (fraud-checking).
- To deliver relevant website content and advertisements to you and measure and understand the effectiveness of the advertising we serve to you. We will collect contact, identity, usage, marketing and technical data which are necessary for our legitimate interests (to analyse how customers use our website and manage our business accordingly).
- To use data analytics to improve our website, products/services, marketing, customer relationships and experiences. We will collect technical and usage data necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy).
- To send marketing communications, including emails. We will collect contact and marketing data if you choose to provide consent, or where it is part of our legitimate interests, where you book a consultation and do not opt out of receiving marketing communications.
Who do we share your data with?
Given the nature of our website, if you are a practitioner then elements of your Identity Data will be available on our website for clients to review and consider.
Where you make a booking with a practitioner, we will share elements of your Identity and Contact Data with your chosen practitioner.
For our legitimate interests, we may share any of personal data with our service providers, sub-contractors, consultants and agents that we may appoint to perform functions on our behalf and in accordance with our instructions, including IT service providers, group companies, accountants, auditors and lawyers. We shall provide our service providers, sub-contractors, consultants and agents only with such of your personal data as they need to provide the service for us and if we stop using their services, we shall request that they delete your personal data or make it anonymous within their systems.
If we need to use your personal data to comply with any legal obligations, demands or requirements, for example, as part of anti-money laundering processes or to protect a third party’s rights, property, or safety then in doing so, we may share your personal data with third party authorities and regulatory organisations and agencies.
If we choose to merge, sell assets, consolidate or restructure, finance, or sell all or a portion of our business by or into another company then the new owners may use your personal data in the same way that we do as set out in this Privacy Notice.
We may share your personal data with other companies in our group to the extent necessary for our general business operations, subject to putting in place adequate safeguards to ensure its confidentiality and security.
Where we hold and process your personal data
Some or all of your personal data may be stored or transferred outside of the United Kingdom for any reason, including for example, if our email server is located in a country outside the United Kingdom or if any of our service providers are based outside of the United Kingdom.
Where your personal data is transferred outside the United Kingdom, it will only be transferred to countries that have been identified as providing adequate protection for personal data or to a third party where we have approved transfer mechanisms in place to protect your personal data.
We shall process your personal data in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage. In particular, access is restricted to employees who need to know your personal data, and we use appropriate password protection and appropriate strong encryption electronic measures within our electronic data management systems.
However, unfortunately, because of the nature of electronic storage, we cannot promise that your personal data or any other data you provide to us will always remain secure. If there is a security breach, we will do all that we can as soon as we can to stop the breach and minimise the loss of any data.
You may consent to receive marketing email messages from us about our website and our services,. You can choose to no longer receive marketing emails from us by contacting us, making the change in your account or clicking unsubscribe from a marketing email. Please note that it may take us a few days to update our records to reflect your request.
If you ask us to remove you from our marketing list, we shall keep a record of your name and email address to ensure that we do not send to you marketing information. If you still have an account with us, we shall continue to email you in relation to your account only.
You have a number of rights under applicable data protection legislation. Some of these rights are complex, and not all of the details have been included below. Further information can be found here
- Right of access: You have the right to obtain from us a copy of the personal data that we hold for you, or you can view this information within your account.
- Right to rectification: You can require us to correct errors in the personal data that we process for you if it is inaccurate, incomplete or out of date.
- Right to portability: You can request that we transfer your personal data to another service provider if you initially provided consent for us to use the personal data or where we used the personal data to perform a contract with you.
- Right to restrict or object to processing: In certain circumstances, you have the right to require that we restrict the processing of your personal information. If you believe our processing impacts on your fundamental rights and freedoms. However, we may demonstrate that we have legitimate grounds to process your personal data not withstanding your rights and freedoms.
- Right to be forgotten: You also have the right at any time to require that we delete the personal data that we hold for you, where it is no longer necessary for us to hold it. However, whilst we respect your right to be forgotten, we may still retain your personal data in accordance with applicable laws and when we respond to your request we shall notify you of any specific legal reasons that we have to retain your personal data
- Right to stop receiving marketing information: You can ask us to stop sending you information about our services, but please note we shall continue to contact you in relation to any matters relating to your account, if you have one.
We reserve the right to charge an administrative fee if your request in relation to your rights is manifestly unfounded or excessive, and we may ask for identification from you before we can fully respond to your request.
If you have any complaints in relation to this Privacy Notice or otherwise in relation to our processing of your personal data, please tell us. We shall review and investigate your complaint and try to get back to you within a reasonable time. You do also have the right to contact the Information Commissioner, see www.ico.org.uk or if you are based outside of the United Kingdom, please contact your local regulatory authority.
Retention of personal data
Subject to the provisions of this Privacy Notice, we will retain personal data in accordance with applicable laws.
We may also be required to retain personal data for a particular period of time to comply with legal, auditory or statutory requirements. To determine the appropriate retention period for personal data, we consider the type of the personal data, the potential risk of harm from unauthorised use or disclosure of the personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means.
Where we have no legal basis for continuing to process your personal data, we shall either delete or anonymise it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
For the avoidance of doubt, we may use anonymous data, such as usage data for research or statistical purposes indefinitely without further notice to you.
Our website may contain links to third party websites, plug-ins and applications. We are not responsible for the content of such third party content, or their privacy statement. If you provide any information to the third party, then you should check the third party website to find the applicable Privacy Notice.